Solutions for 5G Network Security Threats

With the support of artificial intelligence technology and the full deployment of 5G construction, the popularization of the industrial Internet has been accelerated. The widespread application of new technologies including cloud computing, mobile Internet, Internet of Things/Internet of Vehicles, big data, blockchain, cloud storage, artificial intelligence/face recognition/autonomous driving has rapidly brought new changes to the Internet world and become a key driving force for corporate growth and transformation.

[[275310]]

According to IDC statistics, global digital information will show an astonishing growth in the next few years, and the total amount is expected to increase 44 times by 2020. Another survey shows that 90% of the world's data was generated in the past two years. Every day, sensors, mobile devices, online transactions and social networks in every corner of the world generate trillions of bytes of data. Currently, there are 30 billion connected devices, and by 2020, there will be 50 billion connected devices.

While new technologies bring about changes, new risks also come with them. When the insurance industry introduces new technologies such as artificial intelligence for underwriting and claims, it must consider the risks and responses brought about by possible errors. Currently, 5G is opening up a new era of mobile communication development and accelerating the digital transformation of the economy and society. At the same time, 5G networks generate new trust models, new service models, a constantly changing threat environment, and increased privacy issues, which pose new challenges and demands on security.

5G networks have put forward higher requirements for security. The application scenarios of the Internet of Everything, diversified terminal forms and access technologies, mobile edge computing technologies, and network slicing technologies will give rise to new security issues. It is necessary to improve network security in the 5G context from the aspects of confidentiality, privacy protection, protection against fake base stations, network security, integrity, and authentication types.

The basis for building a network risk model is empirical data. Traditional insurers usually rely on official data providers when building risk models. For example, natural disaster insurance can seek data support from the National Earthquake Bureau and the Meteorological Bureau; but obviously, there is no official data source that can support network risk assessment. In addition, network risks are dynamic and changing, and they change with the update of network technology. Therefore, the collection of network risk data must also be real-time and dynamic, which is different from the relatively static data of traditional risk models, and the quantity and processing difficulty of the former are much greater than the latter.

Unlike natural risks, cyber risks come not only from external events, but also from internal behavior. According to a 2014 IBM survey, 95% of cyber crimes involve employee behavior errors, such as accidentally losing mobile devices that store important information, weak account password security, and even internal employees deliberately stealing and spreading company confidential data. Naturally, the quality of corresponding risk management is also related to the security of network information. The quantification and data collection of risk control quality and behavioral risks have become another difficult problem.

Cybersecurity risk data is the basis for insurance institutions to carry out cyber insurance business. In this regard, insurance institutions can obtain this data in the following three ways: Continuously accumulate data and experience through business development; extract or reversely obtain corresponding data through cybersecurity construction based on their own needs. Some insurance institutions promote the development of external business through their own first-hand cybersecurity experience; seek relevant data from third parties such as professional consulting companies and security vendors to enrich their own databases.

In the absence of more valid data, insurance institutions can establish an assessment system based on the risk management maturity model to conduct pre-underwriting safety assessments on customers. Through the assessments, they can understand the customer's safety investment and the continuity and effectiveness of safety management, evaluate the degree of consistency between the customer's safety needs and existing products, and possible flexible product pricing.

Different customer groups have different needs due to industry factors, development factors, and regulatory requirements. Cybersecurity risks are numerous and constantly changing. Therefore, insurance institutions need to carefully and deeply understand the cybersecurity threats and cybersecurity needs of their target customer groups to avoid the situation where the security risk coverage of products does not meet the needs. At the same time, insurance institutions need to keep track of changes in cybersecurity risks so that products can be adaptively adjusted according to changes in cybersecurity risks, quickly follow up and meet market needs.

Since foreign insurance institutions started this business earlier and the market competition is fierce, they tend to provide more services related to network security in their business activities to increase the added value of their products. These methods include: cooperating with well-known network security manufacturers, providing corresponding security consultation and underwriting assessment before customers purchase products; providing security emergency services and underwriting loss assessment after purchase; and even promoting some products and services of network security manufacturers. Insurance institutions seek to become professional institutions that are very familiar with a specific network security field. In this way, they can provide customers with professional network security construction consultation in the corresponding field and increase customer stickiness.

In the past social and media publicity activities in the cybersecurity market, government agencies, consulting agencies, security vendors and network service providers constituted the four main players in cybersecurity publicity. As a provider of cybersecurity insurance, insurance institutions also need to actively participate in it, on the one hand to make all members of society more concerned about and understand cybersecurity risks, on the other hand, it is also conducive to promoting and expanding the commercial market.

Cybersecurity insurance is a feasible risk transfer strategy mechanism. In my country, this market sector is still in the initial stage of exploration. With the continuous progress of cybersecurity construction, some institutions have accepted and recognized this security strategy and gradually started to implement or prepare to implement this strategy to further improve the enterprise information security management system. On the one hand, many domestic insurance institutions have tried the waters, hoping to occupy a commercial share in this blue ocean market. On the other hand, institutional users also expect that this mechanism will help reduce the regulatory pressure and business security pressure faced by institutions. The subsequent development of cybersecurity insurance will continue to be observed.