What will be the biggest surprise for security in 2024?
Editor Introduction
As the new year dawns, it's a good time for the security industry to look ahead to 2024. We asked this week's Expert Panel Roundtable: What will be the biggest surprise for security in the year ahead?
One of the biggest surprises for the security industry in 2024 will be consolidation. Due to economic pressures, organisations will be looking to find ways to minimise costs while still maximising efficiency for all areas of business. In the security industry, this will require teams to look closely at their spending and prioritise tools that serve various needs of their team. This means that software providers will need to prove their value and be able to showcase the multiple problems they can solve with their single solution. Platforms that help make critical connections between disparate pieces of data, centralise intelligence, have strong integration capabilities, and have cross-functional implications within a business will have the most success. These systems of record serve as the backbone for business processes and as a single source for storing and maintaining data – the shift to this type of technology could be surprising in years to come.
While AI regulation may not be a surprise to the security industry or the technology industry at large, the degree of regulatory scrutiny will surprise some. As AI development continues to accelerate, governments will look to address public concerns and impose requirements and obligations upon developers and users. From the EU’s recently ratified AI Act to President Biden’s recent executive order, mandates to promote AI's safety and responsible use are becoming increasingly more common. Moving forward, it will become vital for organisations to maintain a positive reputation amongst end users and the general public by prioritising compliance, ethical development, and the use of innovative technologies. In the security industry, this should not come as a surprise, as we have a responsibility to maintain compliance with such regulatory frameworks. It’s up to us, alongside integrators, and partners, to ensure necessary steps are taken to ensure misuse of our solutions – AI and otherwise – can be avoided.
End users are going to be more receptive to trying new technologies (we’ve already seen it happen with the rise of artificial intelligence and ChatGPT) and exploring ways to use technology in new and innovative ways. While we’ve already seen this as a trend, we will continue to witness the rising use of software to extract additional value from connected devices independent of the hardware being used. Ultimately, I’m calling it now: This will be the year that we break away from the “same old” solutions and embrace a more technological shift as larger organisations that were once very averse to exploring new technology are now willing to have these important conversations. The industry will be forced to catch up to the innovation seen by other industries as we continue to see big players (cough, Amazon/Apple, cough) enter the space.
While many industry professionals spent 2023 shocked at how rapidly AI-based tools were being released, I expect 2024 to be the year we witness these tools make waves in physical security applications across verticals. Of course, as far as accessibility and real-world utility are concerned, AI is still in its infancy. However, now that we can observe the ways AI technologies have evolved, it will become important that our industry continues to watch out for the benefits AI-enabled solutions offer, as well as the inherent threats the technology poses, as end users begin to deploy them in the year(s) ahead. While it's true that AI has proven itself to be a breeding ground for innovation, humanity has a long history of manipulating technologies toward destructive ends, which is a possibility we need to pay close attention to, as an industry. I believe this is true for cybersecurity and physical security professionals alike.
I don’t think anything will be a “surprise” as such; instead, we will see a continuation of the trend towards companies prioritising the implementation or enhancement of cybersecurity, resiliency of systems, organisational system integrations, recruitment and retention of skilled staff and data (having the right information available to the right people at the right times). The 2024 Gallagher Security Industry Trends Report speaks to what’s most important to organisations in the year ahead. The results show the fundamental importance organisations are placing on their cybersecurity efforts. They are prioritising the need to transition from basic defenses to more innovative solutions which protect the longevity of their operations from the ever-evolving threats. The need to build a strong foundation is a clear priority for organisations heading into 2024.
We are used to hearing about cybersecurity failures in healthcare: data breaches impacting millions of patients, and cyberattacks that interfere with patient care. Looking ahead to 2024, I think many will be surprised to see the profound positive impact that cybersecurity – specifically identity security – can have in the healthcare sector. Adopting identity protocols that incorporate biometrics and just-in-time authorisation can allow for better patient experiences while maintaining privacy. For example, a patient’s health records could follow them from provider to provider across different networks, cutting down on the time spent filling out paperwork at each visit and reducing clinical errors. It could also allow patients’ medical histories to be accessed more easily following an accident or in a case where a patient may be unable to share their info themselves. Beyond just protecting our data, identity security has the potential to make our healthcare experiences more seamless.
In 2024, the most significant cybersecurity surprise will be the widespread recognition that Chief Information Security Officers (CISOs) are primarily risk advisors, not risk owners. This distinction contrasts with some companies' previous perceptions and the operational reality. With cybersecurity concerns such as data center vulnerability, cloud vulnerability, and ransomware attacks still being a top concern for business leaders in 2024, this distinction is important to keep in mind to ensure the success of corporate security. Business systems are managed by business owners, whose performance is measured based on the system's effectiveness. Historically, some companies have incorrectly assumed that the CISO is responsible for authorising or mitigating some of the risks associated with these business systems. This is a misconception. The business owner, likely the individual who has approved the business continuity plan or is most affected by operational disruptions, also bears the responsibility of deciding how to address each risk. While CISOs can identify and propose mitigation strategies for business risks related to cybersecurity, they do not and should not accept or authorise the mitigation of risks for systems outside their ownership.
In 2023, NIST published the latest draft standards for post-quantum cryptography (PQC), serving as the inflection point to alert businesses that the transition to quantum-resistant cryptographic algorithms needs to be the priority. However, over half of organisations haven’t begun to take action or are even considering how to prepare for the impact of quantum computing. In the coming year, leaders may be surprised to discover that the post-quantum era has already arrived for some. We are already seeing the banking industry, for instance, test and deploy quantum-resistant solutions successfully. If companies have not begun PQC preparation, pioneers will soon learn that they are already behind. The transition to PQC strategies will not happen overnight and it will take significant time and effort for organisations to develop and execute their PQC strategies. Teams need to begin transitions in 2024 to secure data and minimise the damage to the organisation from a critical threat.
With distributed Artificial Intelligence (AI), the effectiveness of video surveillance will make a giant leap by distributing AI tasks between smart devices and VSaaS cloud servers. Smart video cameras with embedded AI enable fast and accurate assessment of visual events to fully automate deterrence reactions to trespassing and loitering. The characteristics of these intrusions and the corresponding deterrence events are shaping our understanding of when it is important to engage humans and when it is needless. An 80% reduction (or more) in the labour cost to monitor cameras is achievable when we train AI to automate a significant portion of the monitoring. Proper distribution of AI tasks between smart cameras and VSaaS servers automates the deterrence of unwanted intrusions and focuses operators on threats and safety concerns that require immediate intervention and possibly police dispatch. The results are lower monitoring costs for the service provider and property owner, driving higher market adoption.
Editor Summary
In 2024, the security industry can look forward to greater regulation of artificial intelligence (AI), the rising use of new technologies, greater emphasis on cybersecurity, and an emerging need for post-quantum cryptography (PQC), among other factors. Our Expert Panelists provide a varied list of possibilities for 2024, and long-time observers of the industry (like us) will be watching eagerly as new security developments unfold in the new year.
- Related links
- Axis Communications CCTV software
- Axis Communications Network video recorders (NVRs)
- Axis Communications Video signal devices & accessories
- Event Network video recorders (NVRs)
- Control Software CCTV software
- Detection Software CCTV software
- Real Time / Event Network video recorders (NVRs)
- Drawing Software CCTV software
- IP Surveillance Software CCTV software
- Real Time / Timelapse / Event Network video recorders (NVRs)
- Adapter Video signal devices & accessories
- Management Software CCTV software
- Monitoring Software CCTV software
- Surveillance Software CCTV software
- Video Detector Video signal devices & accessories
- Video Line Enhancer Video signal devices & accessories
- Video loss alarm unit Video signal devices & accessories
- Video Signal Generator Video signal devices & accessories
- Related categories
- CCTV software
- Network video recorders (NVRs)
- Video signal devices & accessories