The 11th annual AT&T Cybersecurity Insights Report has been released today. Entitled Securing the Edge, it contains important insight into how organisations globally are architecting and securing edge initiatives, as well as some guidance on security essentials at the edge.
“We are seeing organisations moving away from centralised computing models to decentralised ones, like edge, and this has meant operations are transitioning from “lights on” monolithic applications to “thing enabled” computing experiences that are fully democratised. This has significant security implications, one major one being that a proactive security stance will best serve those that are innovating at the edge,” the report said.
When it comes to perceived cyberthreats at the edge, more than two-thirds of respondents rated the likelihood of compromise and the impact of compromise a four on a scale of one to five (highest). Ransomware and sniffing attacks are top attack concerns across all segments.
To secure the edge, the top cybersecurity controls organisations would deploy consisted of Intrusion/threat detection, device authentication and data leakage monitoring, with SASE and Zero Trust approaches leading depending on the use case. Perhaps surprisingly, when it comes to edge environments – patching, which is typically touted as one of the most important security controls, ranked the lowest. Though the report cautions: “Many stakeholders in 5G and edge are using open source software, a known target for attackers. But because the software is embedded, dependencies aren’t always apparent. As a result, enterprises may want to prioritise the design of a clear process for receiving notifications about vulnerabilities or patches.
“Patching isn’t always an option. But when patching is an option, stakeholders should patch software in the infrastructure as quickly as possible. Yet they won’t always know the threat source, especially of zero-day attacks. The reality of this situation may be one reason why patching is the lowest ranked control.”
Though edge may mean different things to different organisations, it is here to stay and in some cases, much further along than one might think. It will likely take on a hybrid network model that requires a mix of traditional and next-gen security controls and because of the number of access points, devices, sensors and data on distributed networks, a shared responsibility model will be more important than ever before.