5G’s Backbone at Risk: Insecure IoT Devices Undermine Network Security

As the Internet of Things (IoT) increasingly relies on 5G infrastructure, the proliferation of poorly secured devices poses a growing threat to the integrity of 5G networks.

With 13.8 billion active IoT connections already in place—and a projected 25 billion by 2025—network security is no longer optional. Yet, according to the GSM Association (GSMA), manufacturers frequently overlook robust security in device design, leaving operators exposed to cyberattacks that could ripple through the entire telecom ecosystem.

As 5G expands, the attack surface enlarges dramatically. Telecommunications service providers (CSPs), cloud, and cable operators must therefore adopt a proactive stance to protect their infrastructure. The GSMA’s annual security review highlights eight key threat areas, with Device & IoT security topping the list.

• Device & IoT
• Cloud security
• Securing 5G
• Signaling and interconnect
• Supply chain
• Software & virtualization
• Cyber & operational security
• Security skills shortage

The linkage between corporate and telecom networks presents a prime attack vector, especially as organizations tap into 5G for high‑speed connectivity. GSMA recommends a suite of security protocols for CSPs, with privileged access management (PAM) emerging as a cornerstone strategy.

PAM vs. IAM

Identity and Access Management (IAM) offers broad coverage across all users, while PAM zeroes in on high‑privilege accounts—those most attractive to attackers. By limiting administrative permissions to only what is essential, PAM reduces the likelihood of credential misuse and lateral movement.

Best Practices for CSPs

1. Define a Robust PAM Policy – Establish clear procedures for provisioning, monitoring, and revoking access. Include password complexity, multi‑factor authentication, and expiration rules.
2. Centralize IAM and PAM – Deploy a single, auditable platform for managing all privileges, ensuring no orphaned or dormant accounts persist.
3. Apply Least Privilege Rigorously – Even privileged users should receive only the minimal rights required for their tasks; avoid granting blanket administrative access.
4. Segment Networks and Enforce Zero Trust – Separate critical systems into isolated zones, and require verification for every inter‑segment interaction.
5. Promote Secure Password Habits – Educate staff on the importance of strong, unique credentials and enforce MFA across all services.

By tightening internal controls, CSPs lay the groundwork for a resilient IoT ecosystem. Secure networks protect not only the service provider but also the millions of edge devices that depend on them.