Home IoT and the cybersecurity revenue opportunity for broadband Service providers

by Vikram Venkatasubramanian

2023 has begun her swan song and we are now firmly in the post-pandemic era with multiple macro and micro trends happening at the same time and converging as forcing functions for those of us who are in the cybersecurity space. Let me itemize a few of the biggest ones:

We have a tricky geo-political environment where adversaries are in open warfare and new threats emerging.
The pandemic has left us with new social trends such as the movement of people and jobs out of big cities and the emergence of remote work and hybrid work models.
There is an explosion in the number of home IoT devices including wearables and embedded devices like connected pacemakers.
We have had a technological equivalent of an F5 tornado with the emergence and commoditization of artificial intelligence.
The strongest level of public awareness around privacy issues as a result of multiple high profile cases against big tech companies.

There are strong positives and strong negatives that we will all see as a society as a result of each of these but let me focus on just the impacts to the realm of cybersecurity both in terms of threats and where we see great opportunity.

Remote and hybrid work has been fundamentally powered by broadband and tools that leverage the presence of broadband in homes. Knowledge workers have realized the benefits of lower costs in smaller towns and cities around the US. Employers have become eager to offer this flexibility as a work-life balance benefit since knowledge workers are ever more in demand especially in the realms of technology, AI, robotics and drug development to name a few. While the migration out of big cities is indeed slowing, hybrid work definitely seems to be here to stay.

The Remote Work Opportunity

Broadband providers are no strangers to constant, daily, high volume attacks from Russia and China on their subscriber’s homes. Thousands of homes have been hacked and devices such as cameras, routers and other home IoT devices have been converted into botnets and broadband providers have been battling these for some time already. But as the attack surface of the connected home continues to increase in terms of apps, devices and internet connected services that people use for their daily lives, enterprises have no option but to view the connected home as a nebulous extension of their corporate network. This has already become an issue of focus for security leaders at enterprises. HP Wolf Security report released in March 2023, identified that 36% of enterprise security leaders are concerned about employees unsecured home networks and privacy threats are the biggest security concern.

The bad guys haven’t been waiting for research reports and data to emerge on market trends. They have already acted and continue to act in very impactful ways – the impact affects our daily lives and the lives of our families. In December 2022, cybersecurity company LastPass, that makes a commercial password manager, got breached. The vector of attack? Well, you guessed it - a home IoT device, specifically, a music system in the home of an employee who was working remote. Once inside the home network, they were able to access the employee’s corporate laptop (moving laterally in a home network which has no segmentation policies or internal firewalls is very easy) and enter the corporate network! And just like THAT, the worlds of enterprise cybersecurity, consumer cybersecurity and broadband all collided!

But wait, what was THAT sound the collision made? It sounds more like the knock of opportunity than a doomsday bell. Let me rephrase what we have identified in this article so far:

Consumers want the work-life balance in their lifestyles
Consumers demand privacy and security
The enterprises that hire them are eager to offer them this perk
The risks are REAL and already being exploited by threat actors
The glue that connects them all today is the broadband service provider!

The stage is set and the situation is ripe for a win-win opportunity for broadband providers. The average US home today has 20 connected devices and the US smart home market is projected to grow 10.2% through 2027. The average home today has more compute, storage and networking power than an average enterprise did even a decade ago but the cyber posture of homes has stayed constant.

**Broadband Providers Are Enablers Of The Remote Work Economy**

Broadband providers have their eye on the BEAD

BEAD funding for rural broadband providers has increased the incentive to get unserved and underserved communities onto high speed broadband. But let us be realistic, the allocation that any one broadband provider will receive is still not fully clear. Further, once the connectivity is enabled, broadband service providers are still left with the question as to where revenue growth is going to come from once all the fiber has been laid with BEAD money. Value added services and differentiation are going to be key to the long term strategic plans. Everyhome that comes online, irrespective of their geographic location, gets moved to the very frontline of America’s cyber borders with the connectivity. The ARPU growth opportunity and the differentiation in the realm of cybersecurity is independent of the BEAD opportunity and can be acted on now. This is not anew concept to the industry. Several rural broadband companies have seen this exact same trend in the physical security market and already offer solutions around physical home security. This is but a natural extension of that very same model in to smart home cybersecurity and privacy.

Disrupting Broadband By Delivering Trust And Not Just Connectivity

We need the home internet consumer at the center of this problem since the solutions envisioned need to address their privacy concerns, their security concerns as well as not compromise their internet experience. Cybersecurity needs to be comprehensive across all devices, apps and services they use in the home and adaptable to all of those changing e.g. they may change apps, employers, devices, their home routers and even their homes. There is a huge opportunity in being a trusted security vendor to the home user of the next decade especially since this opportunity for the broadband service provider is not limited to ONLY the areas they cover with fiber, nor is it limited to only subscribers of their broadband service! The ARPU growth opportunity for the first time is not bound by the length of the fiber coverage and allows broadband providers to compete with lower cost services in their region.

Here at Nandi Security, we saw this trend coming several years back and invested in products and business models to enable broadband providers to enable cybersecurity revenue streams with no CAPEX to reduce risk. We continue to invest in expanding the cybersecurity capabilities of our products for broadband service providers to add additional value homes and small businesses inside and outside their current areas of coverage by being the trusted provider of connectivity.