Security

How can you increase connections without increasing threats?

With quantum-safe networks that take transformation and trust further

As networks carve out connections to facilitate more use cases, defense by design will be required to ensure networks remain resilient to new, sophisticated and more aggressive attacks.

Businesses are becoming increasingly vulnerable to cyber dangers as they become more digitally connected. Combine the growing complexity of critical cloud and network infrastructures, the adoption of remote work models and the greater use of mobile devices. Add this to highly integrated supply chains, and, after all, the errors caused by human interaction and the threat exposures businesses face become critical. The threat landscape is further expanded by advancements in technology, such as the proliferation of APIs and ubiquitous AI. All these rapidly evolving technologies require appropriate defense against attacks.

Securing those complex systems of technologies, processes, and people is a constant challenge. Threat actors are using the very same technologies, including AI and quantum computing, to evolve and refine their tactics, techniques, and procedures to launch ever more sophisticated and aggressive attacks. A holistic approach to cyber security and cyber resilience is needed to address these challenges and ensure business continuity in the face of cyberattacks. Such an approach covers all stages of the cybersecurity lifecycle, from risk assessment to incident handling, and relies not only on deploying security technologies but also considers the human factor and the potential weaknesses of processes. Security by design, applying zero trust principles, and automated enhanced detection and response mechanisms are fundamental elements of a cybersecurity framework. Continuous elevation of security maturity and continuous improvement of the security framework are needed to keep pace with the ever-evolving threat landscape.

“Threat actors are using the very same technologies, including AI and quantum computing, to evolve and refine their tactics, techniques, and procedures to launch ever more sophisticated and aggressive attacks.”

90%

Botnets were responsible for 90% of complex, multi-vector DDoS attacks in 2023, as reported by Nokia's Threat Intelligence Report. Larger and more potent botnets being used by state actors and incorporated into geopolitical conflicts are turning DDoS attacks into "weaponized" attacks.

60%

According to Nokia's Threat Intelligence Report, IoT bots are responsible for 60% of attacks in telecom mobile networks.

$4.5 million

The global average cost of a data breach in 2023 is $4.5 million and has increased by 15% in the past three years, according to the Cost of Data Breach, 2023 report by IBM.

Service providers

Get the insights

Zero trust is the basis for security.

The number of threats is increasing significantly, especially with the billions of devices and many subnetworks from different sources. Also, software and microservices supplies by third parties and from open source cannot be trusted. Open interfaces allow for more flexibility but also open more attack vectors to the system. From perimeter-based security to an identity- and context-based “never trust, always verify” security model.

AI helps defend security but can also open new threats.

AI/ML-enabled automated system operation and orchestration, as well as AI-assisted software development, are both thought to improve security because they cut down on human mistakes that can lead to security breaches. According to the World Economic Forum, human error accounts for 95% of cybersecurity issues. AI-based security, including AI-assisted monitoring for the detection of malicious anomaly behavior and an automated response to attacks, is becoming indispensable in combating emerging threats. There are significant advantages for effective cyber security, but there are also new challenges in securing AI-based systems, notably safety-critical systems, and coping with emerging AI-powered threats.

Quantum computing may break today’s encryption in the future.

Quantum computing is often mentioned in relation to security because future large-scale quantum computers will be able to break today’s encryption standards. Quantum-resistant encryption algorithms, currently being standardized by NIST, are needed not only to protect data in the future quantum era but also to protect today's data against “harvest now, decrypt later” attacks, i.e., protecting current data encrypted with today’s standards from future unauthorized decryption. Quantum technologies not only have the potential to break today’s encryption but can also significantly contribute to the security of communication networks through the use of quantum physics-based keys. To minimize future business interruptions, manage the quantum cybersecurity threat with quantum networking and a crypto-agile methodology.

Security automation and analytics are essential for the resilience of critical infrastructure.

The 6G world will bring holographic telepresence, autonomously collaborating robot systems, massive digital twinning, the digital transformation of our workplaces and even enhanced personal health monitoring. It is obvious that security and privacy will be of the utmost importance. With billions more connected devices and sensors, as well as millions of subnetworks running in untrusted domains, we can expect an increase in the number and variety of threats. In those complex environments, security automation and analytics will be critical to keeping up with the dynamics of the ever-changing threat landscape. Security automation accelerates threat detection, improves incident response, and consequently enhances overall security operations efficiency. Security analytics offers proactive security measures such as recognizing abnormalities in traffic and behavior before a problem arises.

Priorities

Adapt a risk-based approach, resulting in a holistic cybersecurity framework that is adapted to the specific needs of your system and is compliant with applicable regulations and industry best practices.
Build your security architecture based on foundational security principles such as security-by-design, defense-in-depth, and zero trust.
Create cyber-resilience across your supply chains.
Embrace quantum-safe and AI/ML-safe networking and encryption.
Develop security capabilities in strategic areas, enabling the offer of services with security as a differentiator.
Play a leadership role in security standardization.

Enterprises

Get the insights

Attack surfaces are expanding as technology infrastructures become more complex and distributed.

The security perimeter of corporate networks continues to expand as more people work remotely, more infrastructure, data, and applications are migrated to the cloud, more SaaS services are deployed, and more sensitive data is exposed via APIs. This more dynamic, complex environment broadens the attack surface and challenges security operations. The traditional perimeter-focused security model, assuming that all activities within the perimeter are trusted, is no longer capable of managing these challenges and must be replaced with a holistic identity- and context-based "Never trust, always verify" Zero Trust security model. In response to the increasing complexity of digital systems and the scarcity of security capabilities, security operations must be simplified and automated. This includes automated asset discovery and AI-based monitoring solutions for better security visibility.

Efficient and effective security relies on constant innovation

The state of cybersecurity is continuously evolving, with new technologies emerging and being adopted to enhance threat detection, analyze large volumes of data for anomalies, and automate security processes. Security innovations that make use of those emerging technologies and are well integrated into an end-to-end security platform will enhance the security posture, providing sophisticated tools and methods to better protect organizations from an ever-evolving threat landscape. Cloud security platforms, Zero Trust Architecture (ZTA), Secure Access Service Edge (SASE), Quantum Cryptography, and Behavioral Biometrics are some of the approaches and technologies to be considered in a holistic security strategy.

The human element is often the weakest link in the security chain.

It's imperative for security leaders to pivot towards a human-centric focus to establish an effective cybersecurity program. Human-centric security recognizes that technology alone cannot mitigate all security risks and that a holistic approach encompassing the human element is essential to building a robust cybersecurity posture. Organizations may greatly improve their security measures by studying and addressing human behaviors, resulting in a more resilient and safe environment.

The convergence of physical and cyber security allows for a more comprehensive security view of cyber-physical systems.

Cyber-physical systems, such as OT systems, connect the physical and digital worlds via sensors and actuators that perceive the environment and influence physical processes. These systems face the possibility of physical and/or digital system components being attacked, compromising the overall system. Spoofing temperature sensors, resulting in overheating and damage to industrial machinery, is one example of a hybrid assault, as is the ability to evade and hack physical access control, allowing unauthorized entry to restricted areas such as server rooms. Only security risk management that integrates physical and cyber security gives the in-depth awareness of the complex threat environment of cyber-physical systems essential to minimize hybrid assaults and boost an enterprise's overall security posture.

Priorities

Follow a risk-based approach to define a holistic cybersecurity framework that is designed to manage the identified risks of your system and that ensures compliance with vertical-specific regulations and industry best practices.
Implement a Zero Trust Architecture to ensure strict access control and minimize the risks of an expanding security perimeter.
Ease of deployment and ease of use are essential for the acceptance of security mechanisms.
Invest in education and awareness programs to foster a human-centric security culture.
Integrate physical and cyber security for a holistic security view of your systems.
Adopt advanced security technologies like quantum cryptography or behavioral biometrics as part of your security strategy.

What’s next

Nokia is embracing these principles in our business. We are adapting to the increased threats within an ever-changing technology environment, assisting companies in delivering advanced, hyperconnected experiences. We’ll help you understand what is needed to evolve your IT, operations and network infrastructure to fully address your security challenges.