IoT Connectivity and Cybersecurity – Common Challenges in APAC
Diversity in the scope, aims and challenges for IoT deployments exist in every use case and vertical – but the Asia-Pacific region brings its own unique factors from social, economic, and technological sides that all impact connectivity choices.
In Telenor IoT´s Asian IoT Megatrends report, we explore the drivers and differentiating factors of IoT deployment in APAC, as well as examples of customer success stories from key verticals.
IoT Connectivity is a sum greater than the parts
No other region has such diversity and influence in the following areas:
- Megacities versus remote communities – Many individual islands make up nations such as Indonesia, Thailand, and Vietnam, alongside the large number of megacities in the region with highly focused populations, with energy and transport needs. One single connectivity technology cannot possibly fit all the local nuance and requirements to dominate the IoT space.
- National government backed technologies/initiatives – The clearest example is the China push towards NB-IoT which heavily influences the overall APAC view (see technology shares below), but examples also include the move towards 6G. Whilst 5G networks are still rolling out in some markets, Singapore has launched a Future Communications Connectivity Lab to research and develop 6G technology. South Korea is the region’s leader on 6G (having pushed strongly for 5G adoption previously), aiming to commercialize services by 2030, whilst discussing partnerships with countries such as United States, Finland, and Indonesia around 5G, 6G, and the metaverse. Local governments can also influence connectivity through smart city initiatives – for example where the Seoul Metropolitan Government is deploying a 421-kilometre long LoRa-based trunk network as part of a public IoT network.
- The early market needs of new and managed connectivity – Whilst long term solutions such as NB-IoT or LTE-M may pick up pace now, initial IoT projects occurred in regions without good incumbent connectivity solutions to displace, and with enterprises short on IoT deployment and management experience. Solutions such as LoRa therefore makes an attractive proposition to first-time IoT-deploying enterprises, especially when combined with a managed connectivity service as vendors could be independent from Telecom Network Operators. However, the cost sensitive nature of Asia-Pacific markets means pre-built solutions (e.g. LTE-M) is likely to growing quickly once established.
These factors continue to shape the IoT connectivity picture in APAC – where China drives NB-IoT to be the most popular LPWAN connectivity overall, and LoRa is the most popular unlicensed LPWAN network. With the sunsetting of 2G and 3G in many markets, enterprises are increasingly looking towards higher bandwidth IoT solutions that embrace 5G and LTE-M – a big factor in the 22% growth in cellular IoT module revenue expected from 2021 ($1.9 billion) to 2026 ($2.4 billion) in the Asia-Pacific region, compared to a 1% drop in the Rest of the World.
Managed connectivity also remains a go-to solution for enterprises in the region to ensure reliable and stable networks - where network connectivity services are outsourced to a service provider, typically composed of aspects such as service agreements, hardware, and network support. This service provides benefits such as reduced network integration complexity, reliable uptime, and potential cost savings in acquiring both hardware and talent.
APAC IoT future connectivity choices
“What type of connectivity is being/will be used for your IoT solutions?” (‘Select all that apply’, normalised to 100%)
Source: Omdia
In fact, APAC enterprises are more heavily reliant than usual on their partners in supporting their IoT deployments overall. Whilst “Lack of Internal IoT Experience” only ranks as the #8 biggest challenge to IoT deployment in the Rest of the World, this is the #4 challenge in APAC – almost equal with the top three challenges of “Ensuring data, network, and device security”, “Ensuring data privacy or governance”, and “Complexity of integrating with business processes/OT”.
Security and privacy are top of mind for IoT
Cybersecurity concerns – both real and perceived – will always slow IoT adoption. This heightened through the pandemic as huge workloads and processes were digitalized and shifted to the internet, but the unprepared nature created challenges (e.g. poor patch management, careless users) which make information easy targets for malicious actors. Indeed, increased remote working may push more businesses to consider zero trust as an option, despite potential issues in terms of accessibility and ease of use.
Ultimately, IoT security vulnerabilities and stolen information risk major damage to an enterprise’s business operations. Recent attacks have only raised these concerns:
- 2021 witnessed a record number of data breaches and APAC was the most targeted region, suffering over 26% of all cyberattacks globally according to IBM’s “Cost of a Data Breach 2021” report.
- In Q1 2022, Indonesia alone suffered more than 11 million attacks, reflecting a 22% increase from the previous year, according to Kaspersky. Kaspersky also claims to have blocked a total of 11,260,643 phishing links across APAC, with the majority of them traced to attackers in Vietnam, Indonesia, and Malaysia.
- IoT technologies have also fallen victim to cyberattacks in previous years; for example, the infamous Mirai Botnet in September 2016, where IoT devices such as network routers, medical devices, and home appliances were infected and turned into “zombies” (remotely controlled bots) used to collectively launch distributed denial of service (DDoS) attacks. Indeed, numerous variants spawned from Mirai’s original source code such as Satori, Katana, Okiru, and Masuta, each having their own destructive natures. Recent large-scale ransomware attacks also include an eye clinic in Singapore, web hosting services in Malaysia, and insurance companies across Thailand, Malaysia, Hong Kong, and the Philippines.
Enterprises are therefore wary of the digital technologies they implement. Tensions around security are keenly felt in Asia-Pacific, amid major tussles between countries such as China, India, Indonesia, and Pakistan – meaning cybersecurity is always a priority for any IoT deployment in the region.
According to Omdia’s survey, security concerns remain one of the biggest pain points for enterprises in their IoT implementation journey, where 30% of respondents in APAC indicated that ensuring data, network, and device security are important to them. Security therefore needs to be forefront of new vendor solutions and enterprise projects to create a level of confidence for enterprises to utilize their offerings.
APAC IoT cybersecurity concerns
“What are your greatest concerns on IoT security?” (% of enterprises ranking as top concern)
Source: Omdia Enterprise IoT Survey
As with sustainability, the introduction/revamping of regulations and policies on cybersecurity is also driving change. For example:
- Singapore has introduced the Cybersecurity Labelling Scheme to improve IoT device security general cyber hygiene, encouraging device manufacturers to be more security oriented. The scheme was initially aimed at Wi-Fi routers and smart home hubs but soon expanded to devices such as smart door locks, smart lights, and smart printers.
- The Korea Internet & Security Agency (KISA) released guidelines that emphasizes privacy-by-design principles to IoT device manufacturers; also including tips on personal information protection, such as conducting data breach risk checks before launching new services.
- Japan’s Ministry of Economy, Trade and Industry (METI) has introduced an international standard to facilitate development and maintenance of IoT services/products, based on the country’s IoT Safety/Security Guidelines. In addition, Japan also launched a campaign to hack its citizen’s IoT devices to measure security levels.
Beyond data security, enterprises also require secure data privacy and governance. Data from a single endpoint may not carry significant weight, but data received from multiple sources likely means the creation of a database holding sensitive information. Omdia expects service providers to establish effective governance to safeguard these data and to not openly share this information with other parties with the purpose of gaining profits.
In all cases, no matter which vertical or use case, it’s the provision of secure, trusted, and stable IoT and connectivity technology that make the backbone of any IoT solution.
