Medical robots that conduct hospital rounds. Smart contracts that execute themselves. Digital twins that solve manufacturing problems. Emerging technology has been driving innovation across all sectors, changing the way businesses operate and serve their customers. Cybersecurity in emerging industries, however, doesn’t always keep up with the pace of these changes — and organizations need to know the risks before fully embracing these technology advancements.
Figuring out how to integrate cybersecurity into emerging technologies is a challenge, but the momentum to design more secure products is growing across various industries. Let’s look at some of the top emerging technology sectors and how cybersecurity plays a role.
Four Top Emerging Sectors to Watch
Digital transformation drives demand for emerging technologies in numerous industries, but fintech, medtech, the internet of things (IoT), and cloud computing are some of the top sectors to watch. Here’s why.
Financial technology, or fintech, refers to the combination of technology such as software, cloud computing, and big data, and innovative business models to deliver financing, banking, payment processing, and other financial services. The fintech market had a record number of investment deals in 2021 ($115 billion globally), in what consulting company KPMG described as a “remarkable year.” The blockchain and cryptocurrency areas are especially robust, and even mainstream institutions such as Mastercard are moving into the crypto space.
Medical technology, or medtech, is a rapidly growing part in the healthcare sector that uses technology to improve health and healthcare delivery. Medtech includes anything from software and connected healthcare devices and appliances. Venture capitalist investments in medtech grew 67% in the last five years, according to consultancy Deloitte. The market is just beginning to show its potential, however — 94% of the medtech companies are yet to bring in revenues.
IoT is growing by leaps and bounds. The number of connected home device shipments alone is expected to grow past 1.4 billion in 2025. Another market segment, Industrial IoT (or IIoT), is expected to reach nearly $478 billion by 2027. And these are just two examples of the booming IoT industry.
The cloud computing market has experienced explosive growth as well, especially as businesses had to accelerate their digital transformation initiatives due to the pandemic. Although some of the trends that drove cloud technology adoption, such as remote work, may be losing momentum with many companies, other developments, such as cloud-enabled industrial solutions, 5G, big data, and machine learning continue to drive the cloud computing market growth.
Biggest Cybersecurity Risks and Challenges in Emerging Industries
As the majority of cybercrimes are financially motivated and fintech companies deal with financial assets, these companies are highly enticing to threat actors. Integrating best practices specific to the FinTech industry may help prevent or mitigate some threats. Some of the top threats the fintech sector faces include:
- Data breaches: In the United States, the financial sector saw the highest number of data compromises in 2021, according to the Identity Theft Resource Center. Data breaches are a double whammy for fintech. Cybercriminals target fintech companies because these organizations have access to large volumes of sensitive data, but the threat actors also use data available on the dark web to impersonate consumers and perpetrate fraud against the companies.
- Malware attacks: In addition to going after consumers, threat actors often target the fintech companies directly with malware. Increasingly, they’re using the supply chain, launching malware attacks through software updates or compromised partners.
- Web application attacks: Basic web applications attacks are the biggest pattern seen in financial sector data breaches, according to Verizon’s latest Data Breach Investigations Report. Typically, cybercriminals use compromised credentials to perpetrate these attacks.
ECRI, a nonprofit focused on healthcare safety and quality, ranks cybersecurity attacks as the top healthcare technology hazard. Cybersecurity incidents, ECRI notes, “can disrupt patient care, posing a real threat of physical harm.” Major risks and challenges impacting medtech include:
- Ransomware attacks: Hospitals have been pummeled with ransomware attacks in the last couple of years. These attacks can disable access to medtech devices that are critical to patient care.
- Data privacy: Medtech companies handle a growing volume of sensitive data, which creates privacy challenges. Compliance with regulations such as the European Union’s General Data Protection Program (GDRP) and the U.S. Health Insurance Portability and Accountability Act (HIPAA) adds to those challenges.
- Complex, interconnected environment: The healthcare sector has inherent risks due to the complicated, interconnected, and heterogenous nature of its environment. This environment leads to challenges such as interoperability — the ability to share health data among organizations — that increase the attack surface due to the medtech’s connectivity.
Cyberattacks on smart devices are growing at a rapid pace. In the first half of 2021, for example, researchers observed 1.51 million breaches on IoT devices — more than double the number in 2020. Challenges and risks that impact IoT cybersecurity include:
- Limited functionality: Unlike computers, IoT devices are designed with specific, narrow functionality, and they have limited real estate for additional functions such as cybersecurity. Consequently, IoT devices are more vulnerable to threats.
- Device vulnerabilities: Another challenge related to the device design is the difficulty of managing vulnerabilities. Often times, the devices’ firmware or software can’t be updated. Even if security patches are available, pushing them to the devices at scale is a huge challenge because the device makers don’t have the same update mechanisms as computer manufacturers.
- Unsecure interfaces: IoT devices transmit a lot of sensitive data, yet authentication and transmission protocols are often weak and unsecure. The vulnerabilities can stem from variety of interfaces connected to the devices, including the cloud, application programming interface (APIs), and mobile devices.
Although cloud computing is much more mature than the other emerging industries listed here and cloud adoption is now mainstream, cloud security remains a big challenge. A 2022 survey found that public cloud incidents were up 10% in the past year, and more than a quarter of surveyed organizations experienced an incident.
Many of the medtech and fintech risks — such as malware attacks and data privacy — apply to the cloud. Additional cloud threats and risks include:
- Misconfigurations: The result of human error or negligence, cloud misconfigurations are the culprit behind a large number of cloud security incidents and breaches. Common misconfigurations include open or unrestricted ports, weak authentication (such as default passwords), and disabled logging.
- Shadow IT: Since many cloud applications and services are outside the organization’s control, security teams often lack visibility into their security risks and threats.
- Unsecured APIs: Cloud-based solutions often rely on third-party services and APIs are a popular tool for creating integrations and interoperability. However, many APIs have vulnerabilities, such as misconfigured authentication protocols.
How to Integrate Cybersecurity into Emerging Technologies
Although these four emerging technologies are different, they share many of the same best practices for integrating cybersecurity. These strategies can help improve cybersecurity:
- Implementing zero trust security: A growing approach across all sectors, zero trust models are designed with the assumption that no connection request can be implicitly trusted, regardless of where it originates. Zero trust security requires dynamically authenticating, authorizing, and validating users and devices before they connect to resources.
- Adopting a DevSecOps model: Another growing trend in the technology sector, DevSecOps integrates security into the software development cycle. In this model, DevOps work closely with security and other teams to create applications that are secure by design. Common tactics include dynamic application security testing, vulnerability management, and automation.
- Using artificial intelligence (AI), machine learning, and deep learning: AI and its subsets, machine learning and deep learning, are themselves emerging technologies that can solve cybersecurity challenges that humans can’t. For example, machine learning algorithms can quickly process large amounts of data to detect patterns and anomalies. The algorithms learn from past experiences, which means they continuously improve.
Examples of Companies Practicing Good Cybersecurity
Learning from other organizations’ cybersecurity successes is a good way to explore how to integrate cybersecurity into emerging technologies. Here are three companies that are doing things right:
- Salesforce: The popular SaaS platform launched a bug bounty program in 2015 for incentivizing ethical hackers to find vulnerabilities in its software. Salesforce paid more than $2.8 million in bug bounty in 2021 alone.
- Becton, Dickinson and Company (BD): The global medical technology company was the first Common Vulnerability and Exposures (CVE) Numbering Authority authorized by the CVE Program in the medtech industry. This authorization enabled BD to assign CVE identification numbers to new vulnerabilities discovered in the company’s products. Organizations typically use CVE databases to help them prioritize their vulnerability risks.
- Mastercard: In an example of a company focused on improving cybersecurity for its customers, the financial giant recently opened a cybersecurity fintech innovation lab in Israel. The lab’s focus is currently on areas such as API security, ransomware, and vulnerability management.
All these four emerging technologies are evolving. The evolution can be a disadvantage from the cybersecurity perspective, since the constant changes in technologies continuously introduce new risks and challenges. However, this evolution is also an opportunity for these emerging industries — to find new ways to embed cybersecurity into their product design.
Let us know if you liked the post. That’s the only way we can improve.