Are we making sure that the development of smart and connected environments does not turn into a headache of cyberthreats and vulnerabilities?
The number of Internet of Things (IoT) devices worldwide is forecast to almost double from 15.1 billion in 2023 to more than 30 billion IoT devices in 2030, according to Statista.com. Steps are being made in the direction of “smart cities”, where extensive use of information and communications technology (ICT) to monitor energy, utilities, and transportation infrastructure would lead to cost savings, reduction of environmental impact, and faster fault resolution. We are becoming increasingly connected, digitised, and we claim we are trying to use technology responsibly.
But there are also worrisome trends, cyberthreats, and challenges on the rise. International geopolitical tensions are driving nation states to increasingly use cyberspace as their battleground, with less than legal digital tools to gain advantage over their adversaries. Data theft is fuelling a fraud epidemic, in the UK, for example, fraud now accounts for 40 per cent of all crime, with three-quarters of adults targeted in 2022 either by phone, in person, or online, according to the NCA. Criminal behaviour is becoming increasingly normalised among younger generations and according to Europol, dark web sites are no longer just a place to trade in stolen data and hacking tools but also knowledge on how to avoid detection and how to make attacks more effective, as well as offering how-to manuals on fraud campaigns, money laundering, child sexual exploitation, phishing, malware, and much more.
There is not much indication that IoT security is keeping pace with IoT growth. Any internet-connected device or system, from the most frivolous to the supremely practical, from those for our personal efficiency or enjoyment, to those enhancing the efficiency of infrastructure, energy management, health care, utilities, and other public services, has implications for security and privacy. However, the security and privacy sides have commonly been an afterthought.
Our growing dependence internet-connected tech has outpaced our ability to keep our devices and data safe and secure. In the absence of proper security precautions, the rapidly expanding nexus of devices, objects, applications, and services that constantly connect and communicate with each other is also greatly expanding our attack surface, the sum of all exposure points that malicious actors can exploit for cyberattacks. Right now, it is still possible to do your shopping and banking in the real world rather than online and we still have the option in many cases of avoiding unnecessary or unsafe connectivity. But with the current trends of digitalisation, for how much longer? And is the desire for digitalisation taking the security aspect into account?
Now would be a good time to take stock of our systems and decide whether they come outfitted with security by design or merely as an afterthought, if data is protected by default at rest and in motion, and if operations are robust and comprehensive. If, on the other hand we decide to leave security up to the ecosystem itself, hoping it will somehow regulate and fix itself, there could be serious frustration ahead.
T: 053 9146600