The Expanding Attack Surface: IoT, 5G, and Remote Work

– Gareth Shaw, MD Pera Prometheus

As a security consultant working with UK businesses, particularly in the defence industry, I’ve seen how technology is transforming the way we do business operations at a staggering pace. The rise of the Internet of Things (IoT), 5G networks, and remote work has revolutionised operations but also opened new doors for cybercriminals. According to the Cyber Security Breaches Survey 2025, 43% of UK businesses faced a cyber-attack in the past year, with medium and large firms, including those in the defence sector, facing a 70–74% chance of being targeted. For the UK defence industry, where sensitive data and national security are at stake, these threats are critical. Along with the new advanced technology, the ways of working are changing. With the rising trends of remote working and utilisation of IoT devices connected by fast networks, businesses need to adapt their security stance accordingly.

Below, I’ll explain IoT, 5G, and remote work, detail recent UK cyber incidents related to these technologies, outline government actions to counter threats, and provide a practical checklist to strengthen your security resilience.

What is the Internet of Things (IoT)

The IoT refers to devices connected to the internet, enabling data exchange. Think of smart thermostats adjusting office temperatures, security cameras sending motion alerts to your phone, or sensors monitoring supply chains. In the defence industry, IoT includes connected drones, environmental sensors, or secure communication systems. These devices boost efficiency but expand your “attack surface”, increasing the potential entry points for hackers to exploit.

The National Cyber Security Centre (NCSC) warns that IoT devices often have weak security, like default passwords or outdated firmware, making them vulnerable. A hacked smart camera, for instance, could allow attackers to spy on sensitive areas or breach your network. The more IoT devices you use, the greater the risk, especially in defence, where a single breach could compromise critical operations.

5G Connectivity Risks

5G, the fifth-generation mobile network, delivers ultra-fast speeds and supports millions of connected devices, powering remote work and IoT ecosystems. For UK businesses, 5G enables seamless video calls, real-time IoT analytics, manufacturing processes and cloud operations. In the defence sector, it supports secure communications, autonomous systems, and battlefield sensors. However, its complexity creates new vulnerabilities.

The NCSC’s 5G security guidance highlights that 5G’s ability to connect vast numbers of devices amplifies the attack surface. Hackers can exploit weaknesses in 5G infrastructure and intercept data. The increased connectivity also heightens the risk of supply chain attacks, where attackers target industry partners with less-secure components, like IoT devices, connected via 5G.

Remote Work: A Growing Vulnerability

Remote and hybrid work have transformed how we operate, but they’ve also introduced significant risks. Employees working from home often use personal devices and are potentially susceptible to unsecured Wi-Fi, or misconfigured cloud tools. This exposes the devices to the world wide web and one misstep from the employee could compromise the business’ operational network by malicious actors. The NCSC Annual Review 2024 reported 430 cyber incidents in the UK, with 89 deemed nationally significant. Phishing emails, which trick users into sharing credentials or clicking malicious links, remain the top threat, causing 85% of breaches according to Cyber Security Breaches Survey 2025. For the defence industry, where remote access to classified systems is common, these vulnerabilities are particularly concerning.

People: Your Greatest Risk and Best Defence

Your employees are the main users of all the technologies and they can be both your biggest vulnerability and your strongest asset. Human error, like clicking a phishing link or using a weak password, causes most breaches. The Cyber Security Breaches Survey 2025 notes that only 27% of businesses have a board member responsible for cybersecurity, down from 38% in 2021. This highlights a leadership gap, yet well-trained staff can stop threats early.

Training employees to spot phishing attacks, use strong passwords (like three random words, as recommended by the NCSC’s Cyber Aware campaign) and report incidents is crucial. In the defence industry, where a single mistake can have national security implications, fostering a supportive information and cyber security culture is non-negotiable.

Recent UK Cyber Incidents

To understand the real-world impact, let’s examine three notable UK cyber incidents from 2023–2025 related to IoT, 5G, and remote work, detailing what happened, how it happened, and how it was addressed.

1. British Library Ransomware Attack (2023)
   
   
   • What Happened: The Rhysida ransomware group encrypted the British Library’s systems, stealing 600GB of data, including staff and user information.
     
   
   
   • What Happened: The Rhysida ransomware group encrypted the British Library’s systems, stealing 600GB of data, including staff and user information.
     
   
   
   • How It Happened: Attackers likely exploited a remote worker’s credentials, possibly via a phishing email, and targeted a legacy server lacking multi-factor authentication (MFA). The attack leveraged remote access vulnerabilities.
     
   
   
   • Response: The library rebuilt systems with NCSC support and implemented MFA and privileged access management. They also launched staff training to prevent phishing.

2. Southern Water IoT Breach (2024)
   
   
   • What Happened: Southern Water, a UK utility provider, faced a breach affecting 5–10% of its customer base, with personal data of customers and employees stolen.
   
   
   • How It Happened: Hackers exploited an IoT-connected water monitoring system with outdated firmware, gaining access to servers during an investigation of suspicious activity.
   
   
   
   • Response: Southern Water notified affected individuals, updated IoT device firmware, and implemented NCSC-recommended monitoring tools. They also conducted a full security audit to prevent future breaches.
   
   

3. NHS Trust IoT Breach (2024)
   
   
   
   • What Happened: An NHS Trust faced a data breach when hackers accessed patient records through compromised IoT medical devices affecting thousands of patients.
   
   
   • How It Happened: Attackers exploited outdated firmware in IoT-enabled medical equipment, such as connected diagnostic machines, to infiltrate the Trust’s network, exacerbated by increased remote working practices post-COVID.
   
   
   • Response: The Trust updated device firmware, implemented Samsung Knox E-FOTA for automated updates, and partnered with Vodafone to deploy endpoint detection and response systems. Staff were trained on secure device management to prevent future breaches.
   
   
   
   These incidents highlight the risks associated with IoT, 5G, and remote work. The defence sector in particular has to be extra mindful, as it gravitates towards remote working practices, where breaches can have severe consequences.

UK Government Actions to Counter Cyber Threats

The UK government, through the NCSC and legislative measures, is actively addressing the growing cyber threat landscape, as outlined in the National Cyber Strategy 2022 and the Cyber Security and Resilience Bill policy statement. Key actions include:

• Strengthening Regulation: The Cyber Security and Resilience Bill, announced in the 2025 policy statement, expands incident reporting requirements for critical sectors like healthcare, energy, and digital services. It mandates simultaneous reporting to regulators and the NCSC to improve threat visibility and response. 

• Enhancing NCSC Capabilities: The NCSC, part of GCHQ, acts as the UK’s computer security incident response team (CSIRT) and single point of contact (SPOC) for cyber incidents. In 2024, it managed 430 incidents, issuing 12,000 alerts via its Early Warning service and 542 bespoke notifications to organisations according to NCSC Annual Review 2024.

• Promoting Cyber Essentials: The government is driving adoption of the NCSC’s Cyber Essentials scheme, which reduces cyber insurance claims by 92% for compliant businesses. It includes basic protections like MFA and software updates.

• Government Cyber Coordination: As per the National Cyber Strategy 2022, a new Government Cyber Coordination Centre (GCCC) and Vulnerability Reporting Service (VRS) enable cross-government incident management and vulnerability reduction.

• Encouraging Conformance: In 2025, the IASME Defence Cyber Certificate (DCC) was introduced. This certificate aligns with the Cyber Security Model (DefStan 05-138) issue 4. Defence suppliers are being encouraged to certify with this scheme as a demonstration of conformance as well as simplifying engagements with MOD and Defence Primes/partners.

These measures aim to bolster UK cyber resilience, particularly for critical national infrastructure (CNI) and the defence sector.

Actionable steps for businesses

Despite the increasing attack surface, businesses can still prevent most of the attacks by taking few preventive actions. I’ve streamlined a practical checklist to address the most critical aspects of IoT security, 5G cyber threats, and remote work risks. Here are some important actionable steps to strengthen your cyber resilience, aligned with NCSC guidance:

• Maintain an Asset Register, i.e. a list all IoT devices (e.g., sensors, cameras) and change default passwords to prevent breaches.
• Encrypt remote connections with Virtual Private Networks (VPNs) to secure home Wi-Fi, addressing vulnerabilities.
• Make multi-factor authentication (MFA) a requirement for all logins (where feasible), a cornerstone of the NCSC’s Cyber Essentials scheme, to enhance access security.
• Update software, including IoT firmware, promptly to fix vulnerabilities.
• Conduct quarterly training sessions on spotting phishing and securing devices, using NCSC’s Cyber Aware resources to build staff awareness.
• Develop an incident response plan, specifying who to notify and how to contain breaches, following the NCSC’s incident management guidance.
• Partner with cybersecurity consultants like Pera Prometheus to refine and strengthen your cybersecurity strategy.

Act Now to Stay Ahead

The expanding attack surface from IoT, 5G, and remote work presents significant challenges, but proactive measures and government support can keep your business secure. By securing devices, enforcing safe access, updating software, training staff, and preparing for incidents, you can build a strong security fortress. Don’t wait for a breach to act. Seek expert support if required. Investing in security now can save your business a lot more down the line. 

Stay Safe, Stay Secure