Against a backdrop of uncertain economic conditions and geopolitical unrest, 2023 nears its end. But it isn’t all bad news. The Security Industry Association’s latest Security Market Index finds that over 83% of respondents have a positive view of the industry’s current condition. What’s more, more than three-quarters of those surveyed expect business to improve in the next three months.
With this optimistic outlook in mind, here are 10 predictions for the future of cyber-physical security in 2024:
1. Increased global conflict will bring more focus on physical security systems, and how resilient they are to tampering and failures. With a number of high-profile geo-political conflicts dominating news headlines heading into 2024, it is not hard to imagine a world where our wars are fought online. Where cybercriminals use out-of-date firmware and unsecured passwords on an IoT end-point device to cripple critical infrastructure and deny service of critical security systems.
That is why CEOs and entity leaders can no longer assume the security of their security devices when managed manually and should opt for automated and agentless solutions to detect risky devices before they pose a real threat.
2. AI will bring more focus on integrity of video evidence.
Today, video analytics and AI are advancing the role of surveillance beyond streaming and recoding for review to provide enhanced business intelligence and threat detection in real time. Conversely, these technological advancements, coupled with new cybersecurity threats, have muddied the waters when it comes to guaranteeing the integrity of video and data records.
Organisations can overcome this challenge with automated video service assurance solutions that ensure organisations can meet compliance mandates for security video/data retention and chain-of-custody requirements.
3. Integrators will offer more managed services focused on automating manual processes including periodic maintenance and cyber hygiene.
The benefits of integrators offering managed services are two-fold. For integrators, it is an opportunity to generate recurring revenue in a market currently struggling to address an ever-increasing number of connected devices. For end users, it is a way to proactively address cybersecurity concerns without increasing headcount or relying solely on internal resources.
4. Physical security management will be tasked with how to contribute to their company’s sustainability efforts, bringing a focus on measuring and reducing truckrolls to fix problems.
Many integrators still rely on a dated service model wherein the end-user finds a problem, calls the integrator to roll a truck, and then the integrator arrives to perform service onsite. This model is not only time and cost ineffective, but does not align with the sustainability goals of modern consumers and enterprises.
IoT device maintenance services for cybersecurity, such as firmware updates, password rotations, and certificate management, can, and should, be accomplished remotely in 2024 – if not for the environment than for the bottom line.
5. Increased cyber-attacks on security systems (increase in volume and velocity), impacting how security systems function.
By the end of 2024, there are projected to be more than 207 billion IoT connected devices worldwide – many of these security end point devices. Once breached, physical security systems can enable many other forms of attack on an organisation, including planting ransomware, launching DDoS attacks, exfiltrating sensitive data, and potentially putting control of security systems in the hands of cyber criminals. From there, it’s not hard to imagine the devastation an offline surveillance or access control system could cause.
6. Increased scrutiny of C-level execs in how they manage physical security as part of their overall attack surface.
Analysts at the research firm Gartner predict that by 2024, 75% of CEOs will be held personally liable for cyber-physical security incidents that occur within their organisation. By assigning liability to an individual, the thinking goes, there will be an increased budget and focus on cyber-physical security from the top down.
While Europe already has the General Data Protection Regulation (GDPR) in place to mandate privacy and security compliance, expect to see the U.S follow suit with many directives impacting executives and boards directly.
7. Physical security leaders will be central to efforts to form IoT committees that bring together leaders of the lines of business that operate IoT systems.
Physical security teams and the devices they manage are frequent targets for cyber threats. Despite segmented network beliefs, vulnerabilities develop over time, exposing entire networks to threat actors. To address this, leaders can either maintain the status quo, recruit new skills, or break internal silos for efficiency.
Collaboration with internal teams proves to be the most economical, effective choice, as forming alliances with other departments (IT, facilities, logistics, etc.) fosters resilience to attacks through enhanced collaboration.
8. Procurement and physical security teams will work more closely together, as the long-lived nature of physical security devices is creating a major security risk.
In a world where device data such as deployment dates, warranty expiration, or end-of-life status is readily available to security teams (or should be), the connection between security and procurement becomes inherent. This partnership facilitates better planning and a decrease in device vulnerabilities.
What’s more, procurement teams are now invited to impose specific requirements back on suppliers, such as mandating a software bill of materials (SBOM) or verifying the implementation of acceptable cybersecurity practices by the supplier.
9. Drones will re-emerge as an enterprise security threat as that technology advances and becomes more mainstream.
Drones may be known for their ability to carry out devastating physical attacks, but their status as a ‘flying computer in the sky’ makes them a prime target for cyberattacks. As the number of drones registered in the U.S nears one million, organisations deploying drones for disaster management, mapping, and other beneficial uses will need to consider strong identity management/authentication controls for their new thousand-dollar asset.
10. Theft of video surveillance data will be used by criminals to thwart biometric systems.
2023 saw an astonishing rise in the frequency and quality of deepfakes, again another example of how AI is changing the imperative for video integrity. The technology is changing so quickly, in fact, that attackers can now inject the deepfake directly into the video stream, bypassing some liveness checks provided by biometric systems. To this end, ensuring the security of video surveillance systems and integrity of the data they produce will be paramount in 2024.
