According to the World Economic Forum, the number of connected devices exceeded 50 billion last year. By 2022, 1 trillion networked sensors will be embedded in the world around us; by 2042, that number may reach 45 trillion. It may seem obvious, but experts predict that the Internet of Things—the network of physical objects embedded with technologies—will soon be able to arrive at rapid, accurate decisions about almost everything. Yet as people grow increasingly connected to and reliant upon the internet to increase their resilience, prosperity, and innovation, we’ve found that our new tools come with unprecedented risks as well as extraordinary opportunities.
Moreover, our reliance on the IoT hasn’t been simply increasing. Due to the consequences of the ongoing pandemic—which spurred a tremendous increase in remote work and learning activities, a greater reliance on social media to cope with social distancing, and an upsurge in tech consumption at home for both professional and personal endeavors—our usage of technology can now truly be characterized by explosive development. Abrupt growth in internet consumption correlates with the first surge of coronavirus lockdown measures in early 2020—in the US alone, internet consumption, when compared to January of that year, increased by 26% in March 2020. Given social distancing imperatives, internet traffic was 25-30% higher than usual, while VPN usage was up five-fold globally. Verizon reported that web traffic usage is up 27%, VPN by 49%, video by 36%, and online gaming by 115%. As a result, smartphone, laptop, and desktop usage have also skyrocketed, with a recent study showing that 72% of millennials use their phones more during the pandemic.
Fortunately, the internet—designed to scale, after all—is holding up, though network providers and businesses are ramping up infrastructure at record rates. “COVID-19 has certainly accelerated the digital transformation efforts of many enterprises,” ThousandEyes product marketing director Archana Kesavan notes. “It’s been a forcing function for them to go ahead and do it, rather than proceed gradually. Something like SD-WAN rollout might not be top of mind, but anything around employees or remote workers or staff usage [is] definitely picking up.”
With that said, the real issue isn’t matching infrastructure to (internet) usage. It’s making sure to match it safely.
“Such rapid evolution comes at a cost. More specifically, a “security” cost … We’ve already seen multiple well-publicized security breaches. As autonomous [systems] increase in number, we expect these attacks to rise in the coming years.” -Marc Llanes, Atos Senior Expert
New Norms, New Pace, New Challenges
That’s especially true, since it’s most likely we won’t let go of these newfound (for many people) digitalization habits and opportunities even as we shift from pandemic response to recovery. More than a year in, these practices have undeniably formulated society’s “new normal” in professional and personal arenas. The behaviors we’ve picked up during the pandemic—ranging from social safety precautions like social distancing, hand-washing, mask-wearing, etc., to more efficient or effective work protocols such as remote working, hybrid work models, or new digital tools—are here to stay, at least to some extent and for an undecided timeframe. Still, these new ways bring their own array of challenges.
Indranil Roy of Deloitte Consulting points out that some habits are beneficial: most employees can work remotely without a significant drop in productivity or quality, and many—especially those with long commutes—appreciate their newfound flexibility. Yet a lack of face-to-face interaction may also hurt coworker communications and relationships, communal brainstorming, work-life boundaries, and mental wellbeing. Perhaps even more disconcerting and urgent, however, is the list of IoT security risks, including security upgrades, data security and storage concerns, personal and public safety risks—hacked cars, surveillance systems, hospital devices, etc.—and privacy issues.
While the IoT is indeed a tool for transformation, the explosive usage of technology propelled by the pandemic has opened doors to many vulnerabilities to go with the opportunities regarding the “new kid on the block” of the internet. Higher interconnection, a larger attack surface, and heterogeneous communication protocols innately come with greater risks, and those are compounded by a growing number of users with poor awareness of security risk, weak security devices, and fewer cutting-edge tools to combat evolved attacks.
“IoT devices have the potential to greatly improve our wellbeing … [they] will be more plentiful and will serve [to] monitor everyday health and diagnose and in some cases remotely manage illnesses without the need for intrusive surgery. However, they will also pose a much greater threat in terms of privacy and cybersecurity. More and more private data will be generated, collected, and used.” -Alexa Raad, The Techsequences Podcast
Evolving IoT Risks, During and Post-Pandemic
What’s more, not all of these challenges are obvious—a more tech-reliant world brings a plethora of subtle changes, too. The Pew Research Center revealed a few after a survey of over 900 innovators, developers, business leaders, activists, and researchers, asking them to envision life in 2025 in the wake of the global pandemic’s outbreak and our new “tele-everything” world. Along with the added benefits of flexible work arrangements, social and racial equity reforms, and technology enhancements with the IoT—to enable smarter, safer, and more productive lives—many respondents also warned of worsening economic inequality between the highly connected and those who have less digital access, enhanced Big Tech power that may further erode user privacy and autonomy, and a growing spread of misinformation and digital propaganda.
As new norms of the pandemic last and linger, experts also caution against heightened threats of criminal activity, hacks, and other cyber-attacks, as well as an increase in surveillance, isolation, and technological uncertainty and manipulation. In the words of Barry Chudakov, founder and principal of Sertain Research, “much of this accelerated sophistication is outstanding and useful. But we pick up and use our devices and, as it were, live our lives eyes wide shut … Our tools are so ergonomic, so easy to use, so quick to respond that we are seduced by the slick way they reorganize our thinking, our behavior, and our lives.” That said, increased technology usage demands greater security on all fronts—protection for the devices themselves, data, and our own physical and mental wellbeing. “The more device-dependent we become,” Chudakov warns, “the more incumbent it is upon all users to fully understand the tool logic and business model of the tool they pick up and use.”
Luckily, there are steps that can be taken. On a purely technical front, according to Cybersecurity Magazine, the biggest challenges to deploying secure and scalable IoT networks are: securing the infrastructure on which the IoT networks are based in compliance with the current standards (4G/5G/LoRaWAN networks); ensuring data trust by verifying the integrity of the payload; and managing the trusted node’s lifecycle. As such, network security company Tehtris believes that businesses can no longer rely on a decentralized risk approach due to the complications of the IoT—complications that include the sheer volume and variety of the data, most of which is held and accessed by third parties. Instead, they suggest an umbrella-level cyber risk paradigm that addresses risks at all levels. Arthur Fontaine, solution manager at RSA Security, agrees that IoT security is no longer solely a question of device management: “[The IoT] effectively has a domino effect across the entire risk landscape, including cybersecurity, third-party risk, compliance, and business resiliency.”
As digital transformation accelerates and IoT technology matures, Fontaine argues that businesses must acknowledge and manage not only the initial rollout of rapidly emerging IoT devices but also this wider domino effect of risk across organizations. He points out five areas that are critical for end-to-end security: visibility (ensuring each endpoint can be discovered, identified, and classified); constant risk assessments (checking on the volatile IoT risk profile, shifting regulations, and outcomes of the assessments); data protection (protecting sensitive data with the same significance as securing the devices themselves); access protection (authenticating all users to strengthen the overall operational integrity of a connected environment); and monitoring via analytics (applying analytics and machine learning techniques to help security teams profile devises, baseline normal behavior, and detect and alert anomalous activities).
Since the internet is hardly a secure environment to begin with—the IoT even less so—it’s understandable that the growing usage of technology is paralleled by growing risks. Thanks to exponential growth, there are many more tools and simply so much “more internet” at our disposal, which also means there are growing opportunities and tools for troublemakers—a greater danger since our usage of technology perpetually exceeds our knowledge of cybersecurity and self-protection. Still, while we can’t eliminate risk completely, being aware of vulnerabilities and investing in proper risk mitigation strategies can make a world of difference.
Editor’s note: For additional IoT resources, find out about ISACA’s IoT Fundamentals certificate.