The Internet of Things (IoT) has undeniably transformed the business landscape, fuelling the rapid transfer of information and data worldwide. Its widespread popularity has contributed to industry-wide growth, especially in the Asia-Pacific (APAC) region, which, according to Fortune Business Insights, is expected to reach over US$3 trillion by 2030, with a CAGR of 30.1%.
But while IoT enables operational efficiency and connectivity at scale, it also brings serious cybersecurity implications. The more devices an organisation uses, the more endpoints it creates — each a potential gateway for threat actors to breach networks and disrupt essential services. These risks are heightened in sectors reliant on uninterrupted device communication. If systems go down due to an attack, vital information could be lost.
From high-profile breaches to everyday vulnerabilities
We’ve seen the consequences of such vulnerabilities before, like the SingHealth cyberattack, which exposed the data of 1.5 million patients and remains one of the region’s most high-profile cybersecurity incidents. It highlighted the devastating consequences of insecure systems, especially in sectors like healthcare, where downtime can have life-changing implications for patients.
Beyond operational impact, downtime costs the world’s largest organisations an estimated US$400 billion annually, according to a report by Oxford Economics and Splunk based on a survey of 2,000 Global 2000 executives. And with IoT being adopted across nearly every sector, these risks are only growing.
Evolving external threats also present a challenge. Commissioned research by Kaleido Intelligence, conducted in collaboration with Wireless Logic, found that 48% of cellular IoT users list device and environment security among their top five challenges when scaling cellular IoT deployments. This reflects broader regional trends as well: A study by Thales found that 65% of APAC organisations cite generative AI-related threats as their top data security concern, with malware (50%), ransomware (39%), and phishing (37%) being prevalent risks.
So, how can connectivity providers and organisations better mitigate the risks of downtime? And how can they take a more proactive approach to IoT security?
IoT security 101: What are the risks?
Organisations are increasingly integrating IoT devices into critical infrastructure, further expanding the attack surface for threat actors. These devices constantly communicate with servers, often handling sensitive data and running applications and processes that need to be secured. Yet many IoT devices have limited computational resources, making it difficult to implement strong security protocols.
This demonstrates a key pain point: IoT solutions must be secured across every layer of the system. Attackers will exploit any weakness. A single vulnerability — a misconfigured setting or an employee falling for a phishing email — can compromise entire IoT fleets, disrupting vital services and causing widespread downtime and significant data losses across business-critical areas.
What does this mean for connectivity providers?
Connectivity providers must expand their services beyond simply delivering strong connectivity. Customer demands reflect this shift. The Kaleido Intelligence report showed that nearly half of all IoT adopters expect network threat detection and mitigation services to be part of what connectivity providers offer. What’s more, 88% of both adopters and non-adopters now expect providers to offer tools to monitor device traffic metadata. It’s a sign that expectations are rising, and providers must evolve accordingly.
But while providers can bolster defences on their end, organisations must also take ownership of their own security posture.
What should organisations be doing?
To maximise security, organisations must build on the efforts of their connectivity providers through a combination of proactive and reactive strategies.
Proactively, business leaders should strengthen device authentication processes, such as multi-factor authentication (MFA), which is commonly supported by connectivity and security platforms. They should also align with best practices outlined in local frameworks like Singapore’s Cybersecurity Act, which underscores the importance of strong security measures for critical information infrastructure. In addition, organisations should invest in better employee training, especially around threat detection, as one poorly managed phishing attempt can compromise an entire IoT deployment. These measures reduce the risk of unauthorised access and, therefore, downtime.
Reactively, organisations must understand what to do once a threat is identified. Training is crucial here; embedded good habits allow for quicker incident containment, which can be the difference between a bad and a catastrophic scenario. The implementation of digital twins — virtual representations of devices and systems, often incorporated into IoT management platforms — can help staff rehearse their response protocols without real-world consequences, improving overall preparedness.
When both proactive and reactive measures are working in tandem, organisations can effectively build on the work of their connectivity providers, creating a more robust and secure IoT environment.
Security must be strengthened from within
Cyberattacks remain a constant threat, with potentially severe financial, operational, and reputational consequences. While connectivity providers play a role in helping clients manage these risks, organisations must also implement their own layers of internal protection to detect, defend against, and respond to attacks.
As the threat landscape evolves, organisations should remain agile, continuously refining how they prevent and respond to threats. With robust internal frameworks in place, their ability to safeguard connected devices becomes significantly stronger and more resilient against emerging risks.
