2023 has begun her swan song and we are now firmly in the post-pandemic era with multiple macro and micro trends happening at the same time and converging as forcing functions for those of us who are in the cybersecurity space. Let me itemize a few of the biggest ones:
- We have a tricky geo-political environment where adversaries are in open warfare and new threats emerging.
- The pandemic has left us with new social trends such as the movement of people and jobs out of big cities and the emergence of remote work and hybrid work models.
- There is an explosion in the number of home IoT devices including wearables and embedded devices like connected pacemakers.
- We have had a technological equivalent of an F5 tornado with the emergence and commoditization of artificial intelligence.
- The strongest level of public awareness around privacy issues as a result of multiple high profile cases against big tech companies.
There are strong positives and strong negatives that we will all see as a society as a result of each of these but let me focus on just the impacts to the realm of cybersecurity both in terms of threats and where we see great opportunity.
Remote and hybrid work has been fundamentally powered by broadband and tools that leverage the presence of broadband in homes. Knowledge workers have realized the benefits of lower costs in smaller towns and cities around the US. Employers have become eager to offer this flexibility as a work-life balance benefit since knowledge workers are ever more in demand especially in the realms of technology, AI, robotics and drug development to name a few. While the migration out of big cities is indeed slowing, hybrid work definitely seems to be here to stay.
The Remote Work Opportunity
Broadband providers are no strangers to constant, daily, high volume attacks from Russia and China on their subscriber’s homes. Thousands of homes have been hacked and devices such as cameras, routers and other home IoT devices have been converted into botnets and broadband providers have been battling these for some time already. But as the attack surface of the connected home continues to increase in terms of apps, devices and internet connected services that people use for their daily lives, enterprises have no option but to view the connected home as a nebulous extension of their corporate network. This has already become an issue of focus for security leaders at enterprises. HP Wolf Security report released in March 2023, identified that 36% of enterprise security leaders are concerned about employees unsecured home networks and privacy threats are the biggest security concern.
The bad guys haven’t been waiting for research reports and data to emerge on market trends. They have already acted and continue to act in very impactful ways – the impact affects our daily lives and the lives of our families. In December 2022, cybersecurity company LastPass, that makes a commercial password manager, got breached. The vector of attack? Well, you guessed it - a home IoT device, specifically, a music system in the home of an employee who was working remote. Once inside the home network, they were able to access the employee’s corporate laptop (moving laterally in a home network which has no segmentation policies or internal firewalls is very easy) and enter the corporate network! And just like THAT, the worlds of enterprise cybersecurity, consumer cybersecurity and broadband all collided!
But wait, what was THAT sound the collision made? It sounds more like the knock of opportunity than a doomsday bell. Let me rephrase what we have identified in this article so far:
- Consumers want the work-life balance in their lifestyles
- Consumers demand privacy and security
- The enterprises that hire them are eager to offer them this perk
- The risks are REAL and already being exploited by threat actors
- The glue that connects them all today is the broadband service provider!
The stage is set and the situation is ripe for a win-win opportunity for broadband providers. The average US home today has 20 connected devices and the US smart home market is projected to grow 10.2% through 2027. The average home today has more compute, storage and networking power than an average enterprise did even a decade ago but the cyber posture of homes has stayed constant.