When it comes to the Internet of Things (IoT), there can be a fine line between risks and rewards, particularly on the hardware, data, software, and connectivity. Smart devices and the technology that encompasses IoT make up a world with a promising future. Yet, it can be scary and invasive if the implementation, management, and security are not done properly. Thus, knowing how to navigate this growing field is necessary to protect our information, privacy, and identity.
Creativity, innovation, and humanity are at the core of IoT development with different sectors and use cases working side-by-side to ensure interconnectedness. Network equipment vendors, connectivity service providers, systems integrators, device manufacturers, software/hardware/analytics vendors, and industrial internet companies, among others, contribute to IoT solutions deployment.
Investing in the infrastructure for the long term is strategic to define the next era of the enterprise. It will not only be about quick wins where you drive change quickly and deliver some benefits but consider an investment that would enable the IoT to scale economically.
As years pass by, IoT has been developing into a mature industry with attractive opportunities, driven by the spread of mobile devices, powerful analytical tools, and the ever-increasing speed of connectivity like fixed-line, cellular, and Wi-Fi. The future appears to be both bright and unpredictable, as the space presents a complex risk-reward scenario.
According to an Emerging Tech Research report, the IoT space hit $14 billion in total VC exit value in 2020, with funding increased sharply in connectivity devices, energy and utilities, and connected commercial real estate. Moreover, IoT security is emerging as an outstanding opportunity, with its market forecasted to grow at a 16% CAGR over the next four years.
The power of IoT
Did you know that IoT devices are used to send up to 65 billion WhatsApp messages a day, along with more than 300 billion emails? Regardless of the distance between sender and recipient, the relay and communication process is often seamless. Furthermore, according to the GSMA, the global IoT market will be worth $900 billion by 2025, almost three times what it was valued in 2019.
This shows how IoT can unleash what they call a big bang of smart device connectivity where a wired galaxy of devices conveys an endless array of data. In parallel, IoT offers tremendous automation, intelligence, scale, and efficiencies across the enterprise by leveraging cloud, data analytics, robotics, and machine learning.
As we evolve into a highly-networked society more than ever, enterprises need to address the advance of IoT as a business evolution and not simply as a cool tech innovation. Without a doubt, IoT will essentially transform the way we interact with technology, requiring new levels of awareness and responsibility, as well as support and governance to understand and accept the appropriate level of risks. This landscape combines data, cloud, connectivity, analytics, and technology to create a smart environment where objects – from home sensors to autonomous vehicles – can improve functionality and interaction.
In the Middle East, we can look at different countries and how their IoT initiatives are being executed. These include the United Arab Emirates (UAE), Saudi Arabia, Oman, and Egypt. In the UAE, one of the fastest-growing IoT sectors is fleet management, centered around GPS tracking and transport. These two leading nations have their own IoT regulatory framework in place to keep IoT services coordinated, coherent, safe, and secure for all.
The UAE Vision 2021 national agenda includes IoT for smart device implementation where Dubai, the most prominent smart Emirate, has three focus IoT markets namely smart life, smart economy, and smart tourism. In addition, the Dubai IoT strategy seeks to build the world’s most advanced IoT ecosystem in the world’s smartest city, covering six domains: governance, management, acceleration, deployment, monetization, and security.
In general, IoT adoption in KSA is also expected to grow in the near future assuming that by 2023, 82% of medium and large organizations in the Kingdom will probably have adopted an IoT solution for their business. A CITC survey also demonstrated that IoT deployments include more than 32 different use cases, with CCTV representing the highest deployment (87%) among companies, followed by fleet management (51%) and staff identification (45%). In terms of IoT spending, KSA’s manufacturing sector is expected to constitute more than 20% of the total, primarily driven by 5G and industrial IoT. Saudi telecom operators are also expanding their portfolio of IoT services offerings while partnerships between global and local IoT service providers in the country continue to grow.
The telecommunications regulatory authority (TRA) of Oman has also opened public consultations on its proposed IoT security regulatory framework and IoT security standard. These are created in response to the increasing use of IoT technologies throughout Oman and aiming to create a more secure national IoT environment.
The national telecom regulatory authority (NTRA) has also issued a regulatory framework that would facilitate IoT service operations in Egypt. The step comes in line with the Egypt Vision 2030 national strategy, focused on achieving digital transformation in different state sectors and supporting the national plans for building smart cities such as the new administrative capital.
Security must be embedded
Concerns around digital security are a constant and inevitable source of concern for modern businesses, especially with the current massive amounts of confidential data, intellectual property, and competitive intelligence among its network.
Middle Eastern companies have actually experienced security breaches that cost more than 5 million dirhams ($1.3 million) in a five-year span. Hackers invaded system perimeters and stole sensitive information from corporate databases and customer data, leading to a decrease in customer confidence and loss of new business opportunities.
For enterprise IoT, the key to understanding and managing IoT complexity and risk as they proliferate within and beyond is mapping the level of complexity across the three cyber IoT dimensions: devices, ecosystems, and use cases, while having a solid protect, detect and respond strategy.
It should be kept in mind that devices need to be consistently secure, at the same time that data needs to be protected as it travels and gets stored in the public or private cloud. When it comes to the use case, where a device is being deployed, how it is being deployed, and by whom are crucial factors to be known. For example, accessing confidential data in your phone through an unsecured public network would open up possibilities for hacking and manipulation.
Whether it is obtaining sensitive data or personal financial details, the threat landscape for cybercriminals is becoming wider and more alluring as IoT and 5G become mainstream. Not only can they access devices in volume, but they can also extract, steal, and expose sensitive data at much faster rates.
With the size and scale of the IoT, cybersecurity cannot be manually interpreted anymore. It requires advanced automation and purpose-built artificial intelligence to keep pace with malicious cyber activity. Businesses must take a strategic approach to adopt and secure IoT sooner than later to progress further ahead.
On the other hand, telcos provide proper and reliable security mechanisms to adopt an IoT security-based approach. No longer simply provisioners of bandwidth and internet access, GSMA stated that communication networks must have identification and authentication of the entities involved in the IoT service; access control to the different entities that need to be connected; data protection to guarantee the security and privacy of the information; and processes and mechanisms to guarantee the availability of network resources and protect them against attack.
Given IoT’s complexities, a holistic approach to understanding risks and a detailed analysis of the IoT cybersecurity framework should be a norm to mitigate risks and prepare for possible vulnerabilities.