By next year, it is estimated that there will be 20.4 billion IoT devices, with businesses accounting for roughly 7.6 billion of them. While these devices are the next wireless innovation to improve productivity in an ever-connected world, they also represent nearly 8 billion opportunities for breaches or attacks.
In fact, 97% of companies believe IoT devices could wreak havoc on their organizations, and with good reason. Security flaws can leave millions of devices vulnerable, creating pathways for cyber criminals to exfiltrate data—or worse. For example, a July 2018 report disclosed that nearly 500 million IoT devices were susceptible to cyberattacks at businesses worldwide because of a decade old web exploit.
A New Attack Environment
In other words, just because these devices are new and innovative doesn’t mean your security is, too. To further complicate matters, 5G networks will begin to roll out in 2020, creating a new atmosphere for mobile network attacks. Hackers will be able to exploit IoT devices and leverage the speed, low latency and high capacity of 5G networks to launch unprecedented volumes of sophisticated attacks, ranging from standard IoT attacks to burst attacks, and even smartphone infections and mobile operating system malware.
So, who is responsible for securing these billions of devices to ensure businesses and consumers alike are protected? Well, right now, nobody. And there’s no clear agreement on what entity is—or should be—held accountable. According to Radware’s 2017-2018 Global Application & Network Security Report, 34% believe the device manufacturer is responsible, 11% believe service providers are, 21% think it falls to the private consumer, and 35% believe business organizations should be liable.
Ownership Is Opportunity
Indeed, no one group is raising its hand to claim ownership of IoT device security. But if service providers want to protect their networks and customers, they should jump at the chance to take the lead here. While service providers technically don’t own the emerging security issues, it is ultimately the operators who are best positioned to deal with and mitigate attack traffic. While many may view this as an operational cost, it is, in actuality, a business opportunity.
In fact, the Japanese government is so concerned about a large scale IoT attack disrupting the 2020 Tokyo Olympics, they just passed a law empowering the government to intentionally identify and hack vulnerable IoT devices. And who is the government asking to secure the list of devices they find vulnerable? Consumers? Businesses? Manufacturers? No, No, and NO. They are asking service providers to secure these devices from attacks.
Think about it: Every device connected to a network is another potential security weakness. And as we’ve written about previously, IoT devices are especially vulnerable because of manufacturers’ priority to maintain low costs, rather than spending more on additional security features. If mobile service providers create a secure environment that satisfies the protection of customer data and devices, they can establish a competitive advantage and reap financial rewards.
From Opportunity to Rewards
This translates to the potential for capturing new revenue streams. If your mobile network is more secure than your competitors’, it stands to reason that their customer attrition becomes your win. And mobile IoT businesses will pay an additional service premium for the knowledge that their IoT devices won’t be compromised and can maintain 100% availability.
What’s more, service providers need to be mindful of history repeating itself. After providers lost the war with Apple and Google to control apps (and their associated revenue), they earned the unfortunate reputation of being “dumb pipes.” Conversely, Apple and Google were heralded for capturing all the value of the explosion of mobile data apps. Apple now sits with twice the valuation as AT&T and Verizon, COMBINED. Now, as we are on the precipice of a similar explosion of IoT apps that enterprises will buy, the question again arises over whether service providers will just sell “dumb pipes” or whether they will get involved in the value chain.
A word to the wise: Don’t be a “dumb” carrier. Be smart. Secure the customer experience and reap the benefits.