By: Wendy Florence, Principal Consultant, Ericsson Middle East and Africa
Mobile data traffic in Middle East and Africa is forecast to increase at a compound annual growth rate (CAGR) of 49% between 2017 and 2023. IoT connections in the Middle East and Africa are expected to grow at a CAGR of 30%, from 35 million to 159 million over the same period, while cumulative 5G-enabled industry digitalization revenues for IoT in the region are predicted to reach USD 242 billion through 2026 [1].
Everything is going mobile, while digital transformation and digitalisation is having a greater impact on all areas of enterprises, business and consumers. Consumer life styles are impacted more and more by the broadening digital footprint – research done by Ericsson ConsumerLab has highlighted how what subscribers do on-line is increasingly affecting the physical world, resulting in personal security impacts and threats [2].
As 5G becomes more ubiquitous, together with the proliferation of the IoT ecosystems, more and more mission critical use cases that impact companies’ survival as well as the offline and physical lives of individuals become pervasive. The attack surface for security breaches is increasing and simultaneously enabling other attack types, while the value of the attack to the attacker is increasing bringing with it the likelihood of more frequent and bigger attacks. The increase in Distributed Denial of Service (DDoS) and ransomware bear testament to this.
The IoT ecosystem is a critical area where security concerns are more and more prevalent. Frost & Sullivan have highlighted that there is not enough focus on IoT security, mainly because the business model for most providers is based on quick deployment to secure market share, rather than on security requirements [3], while Cisco has pointed out that IoT provides a “bold new frontier for attackers and defenders” and that Communication Service Providers (CSPs) are not necessarily aware of what is connected to their networks or of the security weaknesses inherent in some of these devices [4].
This exposes not only the network, but the CSP itself and its own customers and subscribers. It is becoming more and more critical for CSPs to have a complete and integrated security posture and framework in place.
However, security is more often than not, a reactive investment or treated as an add-on – either as a result of a breach or to comply with regulations or to audit requirements – rather than built in from the start. Yet, more and more evidence of the total cost of a security breach is available. In Ponemon’s latest study, the average total cost for a breach in which records are compromised ranged from $1.9 million for incidents with less than 10,000 compromised records to $6.3 million for incidents with more than 50,000 compromised records [5]. Kaspersky has highlighted that the cost of a single cybersecurity breach for a large enterprise is on average $861,000 [6].
In a further study, Ponemon and Centrify recently highlighted that the stock price of companies declined on average 5% immediately after the disclosure of a breach, that 31% of consumers surveyed indicated that they left the company in question after a data breach, that companies had an average revenue loss of $2.67 million where they lost 2% of their customers after a security breach, but this increased to an average of $3.94 million in companies that lost more than 5% of their customers due to a security breach[7].
The cost of a security, data and/or privacy breach for a CSP extends way beyond the cost of the actual breach – while perhaps not generating large revenue streams or return on investment, a robust security posture can save a CSP costs and secure revenues and market share through minimising churn and safeguarding customer satisfaction, not to mention the value of avoiding the risk of life-impacting and/or mission critical breaches.
To survive in an increasingly competitive and mobile environment, it is therefore essential for CSPs to have a strong security and privacy posture, taking technology, processes and people into account. An end-to-end and integrated approach to security and privacy management addressing the entire value chain is required – and this includes devices, data, identity and access management, networks, cloud, infrastructure, IoT, applications, and services [8], not to mention compliance, regulatory and governance requirements. The focus on a comprehensive and holistic security approach, together with end-to-end security and identity for the IoT, is one of the top technology trends driving innovation. The aim of this is to build trust in all dimensions in the digital transformation of the communications industry, including trust in development, deployment and operation; trust in business-critical, mission-critical and privacy-related data; together with insights related to security threats, security status and security vulnerabilities[9].
End-to-end security, enabled and driven by new technologies and greater trust will drive innovation, digitalisation and digital transformation – and CSPs are in a prime position to enable and advance this.
References
- Extract from Ericsson Mobility Report – Middle East & Africa, November 2017
- Ericsson ConsumerLab, “Online Threats go Offline”, February 2017
- Frost & Sullivan, “IoT Security: The Impossible Mission”, ICT Beats, 2016
- Cisco, 2017 Midyear Cybersecurity Report
- Ponemon Institute, 2017 Cost of Data Breach Study, June 2017
- Kaspersky, Measuring the Financial Impact of IT Security on Businesses 2016
- Ponemon Institute & Centrify, The Impact of Data Breaches on Reputation & Share Value, May 2017
- Ericsson White Paper, 284 23-3302, IoT Security, February 2017
- Ericsson Technology Review #02, Technology Trends Driving Innovation – five to watch, 2017, Erik Ekudden, CTO