With promises of limitless opportunities for convenience and efficiency, the internet of things (IoT) is a full-fledged craze in the business world. But what’s often overlooked in this enthusiasm is that the “I” in the IoT is also an internet of shared data and networks. As a result, we are dangerously reliant on public internet connectivity to underpin many of the IoT’s new services, without fully grasping the security implications.
The public internet was never designed to be a secure environment. It was originally conceived as a network with built-in redundancy for academics to share data within a known community, not protect itself from unknown users and malicious actors. Consequently, from a security standpoint, it’s become more of a best-effort network than a best-in-class network needed to ensure the confidentiality, integrity and availability of today’s transactions. This poses a profound systemic risk for countries in the Middle East and Africa, as well as the entire world.
With the IoT poised to enter a crucial growth phase in this region, it’s important to understand the implications of this systemic risk as companies begin work on their 2020 business plans. In fact, according to the GSMA, as of early this year, total IoT connections already numbered 400 million across the Middle East and North Africa, split equally between consumer and industrial uses, and the IoT market in the region was valued at $16 billion. By 2025, though, total IoT connections in the Middle East and North Africa are projected to hit 1.1 billion and reach a market value of $55 billion.
To understand what’s at stake with this rapidly rising market, let’s look at the risks of today’s public internet, the latest growth of the IoT, and one approach to securing network connectivity in this new era.
Systemic risk of public internet
Unlike a targeted threat that jeopardizes one element of a company, a systemic risk can bring an entire operation to a halt and cause total failure. Put simply, many businesses continue to face this systemic risk by relying on the public internet to connect to hosted cloud services and support their adoption of the IoT in pursuit of new opportunities.
Among the many online risks businesses must face, malware and ransomware, data thefts and breaches, and distributed denial of service (DDoS) attacks have all become threats to cloud- and IoT-focused companies relying on the public internet. And the world has now seen even greater cyber-calamities, like cloud-based cryptojacking, cloud ransomware, and DDoS attacks on an unimaginable scale, generating terabit per second volumes of malicious traffic that were previously thought impossible just a few years ago.
Rise of the IoT
At the same time, advancements in miniaturization and mobile technology have accelerated IoT adoption. This explosion of devices able to collect and transmit massive amounts of data poses an additional risk for all those sensitive transactions that need to happen at the speed of business. With everything connected to the public internet potentially vulnerable to being hacked, millions of new IoT devices designed and produced without any meaningful attempt to secure them will become subject to impending compromise.
This growth raises the stakes exponentially for unsecured (and unsecurable) networks and calls into question previous risk acceptance decisions that connected business systems via the public internet. Since the IoT’s entire premise is built upon connectivity, an attack that exploits or compromises this connectivity has the potential to wreak unprecedented havoc.
Private, isolated networks
As businesses explore new opportunities for the IoT, they must acknowledge that the public internet is no longer fit to provide the secure global connectivity that is imperative to fulfill its promise. Instead, the use of a private, isolated network has emerged as an alternative and more practical answer to protecting online transactions in an age when the IoT is creating ever-greater risk. A private network can significantly reduce business risk by connecting devices and processes completely independent from the public internet.
In order to do this, the private network must have four qualities:
- Privacy and isolation from the public internet in order to protect valuable data and assets.
- Connectivity global in scale but flexible enough to address specific vertical market needs.
- High capacity, high speed, and low latency to meet the needs of new use cases.
- Ability to view and manage all members of a network environment.
A future built on security first
The Middle East and Africa are primed for a dynamic growth phase for the IoT and a new era in connectivity – as well as vulnerability. As businesses seize the opportunities of this era, they risk leaving their commercial data exposed to a public internet never intended for that purpose. Ultimately, smart companies that want to conduct business and transact at speed with the highest security and privacy must integrate the use of a private, isolated network to protect their data.
As Senior Vice President and Chief Security and Risk Officer, Phil Celestini leads security and risk management across Syniverse, including adopting new technologies and building industry awareness of critical threats and opportunities arising from such areas as the internet of things, 5G, artificial intelligence, and blockchain. With a career spanning more than 35 years across government, law enforcement, and the military, Phil brings extensive executive leadership experience in security, risk, and compliance. From 1992 to 2018, he served as a Special Agent in the U.S. Federal Bureau of Investigation (FBI), where he was most recently Special Agent in Charge in Washington, D.C., and where he also served as the FBI’s senior representative to the National Security Agency and U.S. Cyber Command among other roles. In addition to his investigative acumen, Phil is an acknowledged expert in cyber and information security. He earned several commendations and community honors as FBI Special Agent, serving in positions of increasing leadership responsibility in numerous field offices, FBI headquarters, and on the National Security and Homeland Security Councils at the White House. Prior to his FBI career, he served as an intelligence operations officer in the U.S. Air Force. He received his bachelor’s degree from the U.S. Air Force Academy and a master’s degree in public safety leadership from Capella University.