As enterprises race to adopt 5G for faster connectivity and massive IoT deployments, security experts warn that the very technology promising efficiency gains is also expanding the attack surface. 5G networks open new vulnerability pathways, from the radio interface to core infrastructure, that cybercriminals are already targeting. Industry analyses caution that many Internet-of-Things (IoT) devices connected via 5G “do not have a good record” of security and often lack basic protections like multi-factor authentication. In short, each new 5G device and private 5G network could be an entry point for an attacker, especially as cyber threats grow more sophisticated.
Emerging 5G Security Threats
Recent research has underscored how fragile modern cellular networks can be. A January 2025 study dubbed RANsacked uncovered over 100 vulnerabilities in LTE and 5G radio-access and core components. The academic team found that with a single packet, an unauthenticated attacker could crash critical network elements city-wide, interrupting service or even hijacking the cellular core. In another demonstration, researchers revealed a so-called Sni5Gect attack that exploits unprotected 5G messages during reconnection. By intercepting these pre-authentication signals, an attacker can crash phones or force them onto legacy 4G networks, which are themselves riddled with known flaws.
These proof-of-concept exploits illustrate real danger. If a hacker causes devices to downgrade to older protocols, they can bypass new security features and gain a foothold. Attackers can even exploit consumer devices; for example, simply passing through a tunnel or disabling aeroplane mode can trigger a reconnect where unencrypted 5G messages are exposed. The implications for business are clear: 5G’s complexity and openness make it a juicy target. Telecom and tech experts report that criminal groups are already shifting focus to these networks. In one industry survey, 65% of security professionals said 5G is a major risk factor in data breaches (due to its increased connectivity). And with new use cases, from smart factories to remote health monitoring, the stakes are rising fast.
Telecom operators are not immune. In mid-2025, French carrier Orange confirmed a cyberattack that disrupted corporate services. Although details were sparse, the incident highlights how critical network providers are in the crosshairs. Similarly, a report by NTT Data and Palo Alto Networks found that 70% of industrial companies experienced a cyberattack on their operational technology (OT) environments in the last year. Nearly one-quarter of those attacks caused operational shutdowns, underscoring that factories, utilities and transportation firms (many of which are rolling out private 5G) are already feeling the heat. In short, the enterprise threat landscape has expanded exponentially alongside 5G adoption.
Protecting Your 5G Infrastructure
Fortifying a 5G-powered network requires a multi-layered approach. First, firms must treat 5G security as foundational rather than an afterthought. Key steps include segmenting networks, enforcing Zero Trust principles, and enhancing visibility into encrypted traffic. For example, next-generation firewalls and mobile core security tools can apply strict access controls and machine learning (ML) to allow only authorised devices and services on the network. Palo Alto’s recent solution for private 5G networks illustrates this approach: it integrates a cloud-managed firewall and ML-based policies so that only “relevant connections, applications and protocols” are permitted.
- Real-time visibility. Use analytics and monitoring to peer inside encrypted 5G streams. Advanced tools can flag anomalies in device behaviour even when payloads are hidden by encryption.
- Device profiling. Employ ML to fingerprint IoT and OT devices. By understanding normal traffic patterns, a system can alert on any unusual activity from a sensor or machine.
- Zero-trust segmentation. Divide the network into small, isolated zones. Ensure that each device, user or application must authenticate and be explicitly allowed before communicating.
- AI-driven threat detection. Implement automated detection and response tools. Modern security platforms can rapidly correlate signals and even quarantine compromised elements in seconds.
Beyond technology, companies should adopt rigorous policies and audits. Regular penetration testing of 5G and IoT systems is vital, as is ensuring firmware and patches for network equipment are up to date. Given the expanded attack surface, firms might also consider outsourcing to managed security providers specialising in 5G and cloud networks. Industry leaders note that encryption, while protective, can “limit deep visibility” into network traffic, so human analysts and advanced sensors must work in tandem. In short, security must be built into the 5G network from day one.
Hiring and Training Cybersecurity Talent
Technology alone is not enough. The talent deficit in cyber defence is acute: Gartner estimates that by 2025, more than half of major cyber incidents will be due to a shortage of skilled personnel or human error. In fact, the Australian Cyber Security Strategy 2023–2030 explicitly acknowledges “a critical shortage of cyber security skills nationwide” and calls for boosting the professional workforce over the next decade. Companies lacking in-house expertise often face longer breaches and higher losses: one report found firms with a severe skills gap suffered 20% larger breach costs (about $5.36M on average) than well-staffed peers.
To stay ahead, businesses should recruit and train for specialised roles in demand. Key hires include: security analysts and engineers to monitor and harden networks; network or cloud security specialists who understand 5G architecture; IoT/OT security experts for industrial deployments; incident responders and digital forensics investigators; and leadership roles like a dedicated Chief Information Security Officer (CISO) to guide strategy. For example, a University of Melbourne program notes that its graduates fill in-demand positions such as Security Analyst, Security Engineer, Security Auditor and even Chief Information Security Officer.
- Security Analyst/Engineer: Detects and responds to threats, configures protective systems.
- Network/Cloud Security Specialist: Designs and secures 5G and hybrid network environments.
- IoT/OT Security Expert: Safeguards connected machinery and sensors on the industrial floor.
- Incident Responder/Forensics Analyst: Investigates breaches and contains damage.
- Security Manager/CISO: Oversees the entire cybersecurity program and ensures compliance.
Businesses may not find all these experts on the bench today, but training pathways can help bridge the gap. Academic programs and professional certificates tailored to 5G-era threats are emerging. For instance, there are online graduate certificate in cybersecurity courses that are designed to prepare professionals for exactly these roles. It draws on leading research to teach network defence, risk management and digital forensics, skills that the industry urgently needs. By investing in such training (or similar programs), companies can upskill existing IT staff and attract new talent with the requisite expertise.
In an interconnected, high-speed 5G world, neglecting security is no longer an option. The era of complacency is over: every edge device and private cellular network is a potential target. CEOs and boards must act now, not only by hardening infrastructure, but also by recruiting specialised cyber talent to master the emerging threats. As one recent report concluded, early investment in detection and skill-building can be the difference between a contained breach and a multi-million dollar disaster. In short, to harness 5G’s promise without peril, companies need both advanced tools and the expert people who know how to wield them.
