In short: AT&T and Ericsson have now teamed up to offer comprehensive IoT security testing and validation through the CTIA's newly unveiled Cybersecurity Certification Program. The goal is to mitigate security concerns that, according to the carrier's internal research, have been expressed by as many as 90-percent of organizations surveyed – coupled with a 'quadrupling' of vulnerability scans over the past two years. To that end, the company says its program will cover just about any IoT device used by a business with Ericsson providing certifications and AT&T Business making certification available through its Professional Services for IoT program. Those services are available as of the announcement.
Background: As noted by the carrier's study and others conducted across various industries, the number of cyber threats continues to grow almost unilaterally across industries where networking and technology are present. That's an issue that will undoubtedly continue compounding as the IoT continues to grow alongside the introduction of next-generation networks that can support a much larger array of devices creating a wider attack surface. AT&T and Ericsson hope to head off the problem in large part before it becomes one, offering services for a wide array of connected devices with the goal of identifying vulnerabilities before they are exploited. For example, that's said to include implementations ranging from streetlights to medical devices. Taking into account recent studies about an increasing number of data breaches in the medical industry as well as ongoing efforts to unify and secure access to medical data via IoT implementations, the latter of those examples is particularly pertinent. Tens of millions of medical records were breached in 2017 via network-based attacks alone and those often contain sensitive information such as social security numbers and more.
Impact: Beyond the current testing being offered, both companies also want to effectively establish 'a common and readily achievable security program' that can be implemented regardless of industry, network, or device. Meanwhile, recent reports from the analysts at Euromonitor International predict that IoT will grow to a $16 trillion market by 2030, bringing benefits to efficiency for businesses and convenience for end users. These types of certification programs are going to play an integral role in ensuring that happens with minimal damage to privacy.