The volume of infected Internet of Things (IoT) devices globally has soared by 100% over the past year, according to new data from Nokia.
The telecoms equipment maker’s Threat Intelligence Report 2020 is compiled from data processed by service providers using its NetGuard Endpoint Security tool.
It revealed that infected IoT devices now comprise nearly a third (32.7%) of the total, up from 16.2% in the 2019 report.
Nokia argued that infection rates for connected devices depend dramatically upon the visibility of the devices on the internet.
“In networks where devices are routinely assigned public facing internet IP addresses, we find a high IoT infection rate. In networks where carrier grade NAT is used, the infection rate is considerably reduced, because the vulnerable devices are not visible to network scanning,” it explained.
“With the introduction of 5G well underway, it is expected that not only the number of IoT devices will increase dramatically, but also the share of IoT devices accessible directly from the internet will increase as well.”
Nokia warned that other aspects of 5G will also present major new security challenges to telcos: specifically Network Function Virtualization (NFV) and Software-defined Networking (SDN).
“For CSPs, it is a major challenge to provide a fully dependable, secure NFV environment. SDN bears the threat that control applications may wreak havoc on a large scale by erroneously or maliciously interacting with a central network controller,” the report explained.
“The network infrastructure of CSPs becomes more accessible to the attackers, so CSPs are increasingly targeted by sophisticated malicious actors.”
New use cases from the 5G subscriber side will also expand the potential attack surface for cyber-criminals, Nokia warned.
Security must therefore be baked into networks from the start, spanning all components of the ecosystem but managed from a central point of control. Automated orchestration and management and predictive security controls will also be key, Nokia said.
The firm will be hoping to differentiate on security as it competes for contracts formerly held by Chinese giant Huawei, which many governments are forcing CSPs to replace.