Expert Speak
The Tech Trends Affecting the Security Sector in 2023
Written by Johan Paulsson, CTO at Axis Communications
The fact that technology has become pervasive in our personal and work lives is not news. This is largely due to the benefits that new technologies bring to businesses and citizens around the world in delivering new, more effective, and increasingly efficient services. However, the depth of technology’s integration into our lives, advances in its capabilities, and heightened awareness of its implications in society are also greater than ever and continue to accelerate.
Given this, many of the broad macro trends around the globe – spanning geopolitical issues, economic uncertainty, environmental concerns, and human rights – have implications for all technology sectors, the security industry included. Ours is a sector making use of increasingly intelligent technology, one inherently involved in collecting sensitive data, and as impacted by geopolitical issues affecting international trade as any. Yet we’re still resolute in our view that our innovations will create a smarter, safer world.
These are the six key technology trends that we believe will affect the security sector in 2023.
A move towards actionable insights
The increasing application of AI and machine learning have seen a focus on the opportunity for advanced analytics in recent years. Moving forward, the shift in focus will move from the analytics themselves, to the actionable insights they deliver in specific use cases. It’s less about telling you something is wrong, and more about helping you decide what action to take.
A key driver for employing analytics to deliver actionable insights is the huge increase in data being generated by surveillance cameras, along with other sensors integrated into a solution. The data (and metadata) being created would be impossible for human operators to interpret and act upon quickly enough, even with huge and costly increases in resources.
The use of analytics can drive real-time actions which support safety, security, and operational efficiency. From prompts to call emergency services in the case of incidents to redirecting traffic in cities to alleviate jams to redeploying staff in busy retail outlets, to saving energy in buildings through more efficient lighting and heating, analytics are recommending, prompting, and even starting to take the actions that support human operators.
Beyond ‘live’ actionable insights, analytics can support forensic analysis post-incident. Again, given the vast amount of data being created by surveillance cameras, finding the relevant views of a scene can take significant time. This can hinder investigations and reduce the likelihood of suspects being found. Assisted search addresses this issue, helping operators quickly find individuals and objects of interest among hours of footage.
Finally, proposed actions promoted by analytics are increasingly forward-looking. Downtime in industrial sites and factories can be costly. A combination of sensors allows intelligent analytics to propose preventative maintenance ahead of outright failure.
“From analytics to action” will become a mantra for 2023.
Use case-defined hybrid architectures
As we’ve highlighted in previous technology trends posts, it’s now commonly accepted that a hybrid technology architecture is best-suited for security systems, mixing on-premise servers, cloud-based computing, and powerful edge devices. No one architecture fits all scenarios, however. But here lies the solution: first assess what needs to be addressed in your specific use case, and then define the hybrid solution that will meet your needs. A number of factors need to be considered.
Undoubtedly the advantages of advanced analytics embedded in surveillance cameras on the edge of the network are clear to see. Analysis of the highest-quality images the instant they are captured gives organisations the best chance to react in real time. Equally, the data generated by surveillance cameras is now useful beyond the real-time view. Analysis of trends over time can deliver insights leading to operational efficiencies. This analysis often demands the processing power found in on-premise servers or the cloud.
And of course, there are the requirements – often define by regulation – around data privacy and storage that vary from country to country and region-to-region. These can define the difference between on-premise storage and the use of the cloud. What’s essential is not to tie yourself to a single architecture. Remain open, and give yourself the flexibility to create the hybrid architecture best suited to your specific needs.
The emergence of cybersecurity sub-trends
The importance of cybersecurity is also highlighted through the requirement to remain compliant. For instance, the proposed European Commission’s Cyber Resilience Act will place greater demands on producers of hardware and software across all sectors to ensure the cybersecurity of their products, through fewer vulnerabilities at launch, and better cybersecurity management throughout the products’ lifecycles. The security and surveillance sector will, of course, be included.
The Act demonstrates both the importance and the complexity of cybersecurity. No longer can it be seen as one subject, but rather as several interlinked areas. Some of these are well-established, but others are emerging. In the video surveillance sector, cybersecurity measures that ensure the authenticity and safety of data as it is captured and transferred from the camera to the cloud to the server will be essential to maintain trust in its value.
We will see a more proactive approach by technology vendors in identifying vulnerabilities, with ‘bug bounty’ programs becoming commonplace to incentivize external parties. And customers will expect transparency regarding the cybersecurity of security solutions, with a Software Bill of Materials becoming standard in assessing software security and risk management.
Beyond security
One of the most significant trends for the security sector, and with it an equally-significant opportunity, is the move beyond security. Surveillance cameras have become powerful sensors. The quality of video information they capture, in all conditions, has increased year-on-year for decades. Today, through advanced analytics, they also create metadata – information about the video data – which adds another layer of detail and value.
This of course improves and enhances their ability to support safety and operational efficiency use cases in addition to security. The opportunity now exists to combine the data created by surveillance cameras with that from other sensors – monitoring temperature, noise, air and water quality, vibration, weather, and more – creating an advanced data-driven sensory network.
We’re already seeing some use of such networks in industrial environments through the monitoring of processes and supporting proactive maintenance. But the use cases in which this network could be applied are limited only by our imaginations, but without a doubt, they can help improve almost every aspect of our lives, including our safety.
Sustainability always, climate change at the forefront
Sustainability has been featured in several of our annual technology trends predictions, and we see no less of a need to maintain momentum behind sustainability initiatives in their broadest sense over the coming year. Ensuring that organizations continue to measure and improve the environmental, societal, and business governance practices of their businesses will be essential in respecting people, being trusted business partners, innovating responsibly, and protecting our planet. All these aspects will come under increasing scrutiny from customers of security and safety solutions.
However, given the extreme conditions of the past year, we do expect a more acute focus specifically on addressing climate change in 2023. It’s clear that we are not yet doing enough to stop the acceleration of global warming, and every sector will be expected to double its efforts. For Axis, a key step has been committing to the Science-Based Targets Initiative (SBTi) which will see us setting targets for reducing emissions, not only in our own business but through our entire value chain. And this is a key point. While organisations might make great efforts to reduce emissions from their own operations, these can be undermined if their upstream and downstream value chains are not aligned with the same targets.
For technology companies, however, scrutiny of their own business operations will be just one side of the climate change coin. They will also be expected to demonstrate how their products and services support the sustainability goals of their own customers, creating efficiencies that also help those organizations reduce emissions.
An increased regulatory focus
Inevitably, given its pervasiveness and power, the technology sector as a whole and specific technologies are coming under more regulatory and policymaker scrutiny. We still believe that the focus should always be on the regulation of the use cases for the technology, not the technology itself, and will always comply with local, regional, and international regulations. But it can be a complicated picture.
The European Commission is one of the most active in looking to regulate technology in an ongoing effort to protect the privacy and rights of citizens. Its proposed AI Act, part of the Commission’s European AI Strategy, aims to assign specific risk categories to uses of AI and would be the first legal framework on AI. Like the Commission’s AI Liability Directive, the AI Act will no doubt be the subject of much debate before it becomes law.
But whether in relation to AI, demands around cybersecurity, data privacy, curbing the influence of ‘big tech’, or establishing tech sovereignty, it’s clear that technology companies in the security sector will increasingly need to adhere to more stringent regulations. In broad terms, this should be welcomed as ensuring business transparency and ethical practice continue to be critical.
The greatest opportunity for our sector continues to be in aligning continued commercial success with our responsibility to address the critical issues facing the planet and our population. As ever, we’re optimistic that the combination of our human inventiveness, advances in technology, and ethical business practices can be combined to make the world a better place.
In business, impermanence is the only certainty. An example is how organizations addressed the COVID-19 pandemic. Within a few weeks, many developed a plan to run their businesses remotely.
More than three-quarters of organizations worldwide don’t have an IT incident response plan in place because most believe they have little risk of becoming a cyberattack statistic. Unfortunately, that’s still likely to happen.
According to africanews, in the past year, Kenya has experienced a concerning rise in cyberattacks, with a remarkable 860 million incidents documented in 2022.
As wisely expressed by Benjamin Franklin, “By failing to prepare, you’re preparing to fail.” Let’s explore a strategic incident response plan for your organization.
Create a Backup
Business networks are complex and large, and oftentimes, a network outage results in financial and reputational repercussions, including disgruntled clients. It’s imperative to create a backup of critical data and systems that you can’t run your business without, and store it in a safe location. When the inevitable breach occurs, your business will be able to recover as quickly as possible.
Never Say Never
While a workforce continuity plan might seem unimportant and nonurgent, the pandemic prompted IT departments worldwide to quickly realize the importance of being able to rapidly change the way their organizations conducted business.
Here are a few steps to help you draft a business continuity plan to address the next disruption:
- Form a team with representatives from each department and understand their workflow.
- Identify critical business functions and find a way to prioritize them.
- Assess the risks for every process in your organization and record them.
- Develop a risk mitigation strategy to protect your critical business functions from those risks.
- Document the entire procedure and keep it up to date.
Train Your Employees
A common hurdle with an incident response plan is ensuring that employees take the plan seriously. To deter the mindset that the plan is “less urgent,” educate employees about its importance and the repercussions that can result from cyber threats and cyber incidents. It’s vital to conduct regular training sessions to address hardware failures, software glitches, network outages, and security breaches so that you efficiently mitigate a cybersecurity incident.
What Doesn’t Kill You Makes You Stronger
Understand the points of failure in your previous incidents and find a way to rectify them. Single points of failure should be addressed by establishing a backup, not just in terms of network and systems but also in terms of staff allocation. Relying on a single person, especially when it comes to a critical network, is not a great idea. Delegate a second person to reach out and provide assistance in case of an incident.
While incident response might seem insignificant in the larger scheme of things, when a disaster hits, it could potentially devastate your business. Take some time to prioritize incident management and make it part of your organization’s culture by creating a backup, training your employees, drafting a workplace continuity plan, and learning from your past incidents. Learn more about IT incident management for your business.
According to a survey by Statista, typically, global enterprises dedicate a minimum of 12% of their IT expenditure to information security measures. While larger companies can afford to spend a lot on building a robust cybersecurity strategy, smaller businesses cannot. So, let’s explore some affordable cybersecurity strategies for small businesses that may cost less but have a greater impact.
Train your employees
An article from Forbes found that, annually, 34% of businesses worldwide encounter incidents involving insider attacks. Whether intentional or unintentional, employees tend to be the reason for most data breaches. Per the same article, phishing emails account for 67% of accidental insider attacks.
Phishing attacks mostly instil a sense of urgency in the victim, making it harder for them to think clearly before making a decision. For example, employees may click an email announcement about a bonus that actually came from a malicious outsider impersonating your company’s CEO.
To avoid such mistakes, it’s imperative to train employees on the types of phishing attacks and the ways to identify them. Even going as far as sending a mock phishing email occasionally to test their instincts and educate them can go a long way.
Assess your vulnerabilities
One of the most important cybersecurity strategies is to assess all your risk points by periodically reviewing all your business processes. Pay more attention to teams that deal with a lot of customer data. For instance, sales and marketing teams may handle customer data on a day-to-day basis, so they are at high risk of leaking or mishandling data. Assess their daily activities, create a record of all the risk points, and find ways to mitigate them.
Encrypt your data
Encrypting your data can be an effective method to protect it in case of data leaks. Let’s say a hacker gets hold of your company’s data, but it’s encrypted. Unless the hacker gets the encryption key from you, they cannot access your company’s data. This adds another layer of protection in addition to the everyday cybersecurity best practices that you should be following in your company. So make it a point to encrypt all your data, especially sensitive and critical data.
Limit access to critical data
Not everyone requires access to all data. Try to limit access to critical and sensitive data to fewer employees by basing access on work duties or requiring approval for access, making it a multi-step process to access it. Additionally, periodically review who has access to what data to ensure there aren’t any misallocations of access.
Secure your Wi-Fi
A secure network will reduce the chances of a hack or unauthorized access to your sensitive data. So switch your Wi-Fi to WPA2 or later, as it offers more security. Your business might already be using it, but it’s best to be sure. Additionally, change the name of your SSID and have a strong pre-shared key to keep your Wi-Fi safe from hackers.
Prevent physical theft
Through April 2023, there were 3,785 robberies in London, and 1,765 were of mobile phones. This highlights how important it is to secure your physical assets, as they might contain critical and sensitive information about your organization.
Here are some ways to protect your physical assets, such as PCs, laptops, scanners, and printers:
- Restrict unauthorized access to assets.
- Install a physical tracker on all devices to track down lost items.
- Enable remote wiping of data to erase information if a device is lost.
Cybersecurity strategies are seldom drafted with affordability in mind. However, it is crucial to consider them from a financial perspective, as small businesses are also increasingly susceptible to cyberattacks. These tips can help you take the first step toward creating a secure IT environment. Learn more about cybersecurity solutions for your business.
Written by Lev Matveev, SearchInform Founder and Chairman of the Board of Directors
75% of information security experts consider insider threats more dangerous than hacker attacks. This is proven by the SearchInform survey conducted annually. Insider threats include data loss, fraud, theft, kickbacks, business on the side, etc. These are serious risks for any business, resulting in major financial losses, reputational damage and fines from law enforcement agencies. Nevertheless, many companies still do not ensure reliable protection against insider threats.
The reasons are the following:
- Hardware and software for data protection are costly
- The market lacks data security experts
- SMEs cannot compete with large enterprises to engage professionals.
According to our 2022 survey, one-third of companies recognize an acute shortage of information security experts and cannot ensure protection in-house. Therefore, in 2019 we decided to launch a managed security service based on our protection solutions, which gives the opportunity to use them without hiring security specialists.
The SearchInform service provides protection against data breaches, internal fraud, document forgery and other violations by employees. It solves the tasks of monitoring employee working hours, compliance with legal and regulatory requirements, and many more.
We take on all tasks that are usually handled by in-house security staff. Our experts install and maintain security software, customize security policies for effective control, constantly monitor the situation in the company, detect incidents and investigate them. The client receives detailed and visual reports, as well as emergency alerts if it is required to take urgent measures and prevent an incident.
Availing the service, the client does not need to hire a security expert and therefore does not need to spend on social benefits, vacations or sick leaves. The client’s business remains protected if a security employee resigns or takes an unpaid leave. At the same time, our analyst has diverse work experience, knows the solutions well and has all the necessary competencies to work with them. Since we are unacquainted with the client’s employees, our expert will be impartial and will not take anyone’s side. All this allows the clients to save time and money.
When do companies really need MSS?
According to our observations, the service is the best choice for companies with 30-500 employees and without an in-house IS department. When the staff number increases, top managers can no longer control everything and face a high risk of incidents.
Here are a few common situations when you should choose managed security service.
- A company does not have internal security officers or lacks the budget to form a security department. Our service was originated to make data security more affordable. It significantly reduces the company’s costs, as there is no need to purchase software licenses, hardware, or hire a full-time information security officer.
- Full-scale protection is required immediately. Companies often turn to managed security services after an incident has already occurred. It becomes clear that to prevent this in future, it is necessary to implement special security software, purchase additional equipment, and hire a data security officer. These steps will take a lot of time. The service will start protecting your business within 1-2 days.
- A company is not sure that the purchase of security systems will pay off eventually. Our service is an opportunity to test them in real conditions and assess whether they are worth purchasing in each specific case. One first month of the service is free.
- A company wants to conduct a security audit and get a complete picture of the corporate security. The service allows you to quickly find out what data is stored, where exactly it is stored and whether there are access rights violations. As far as the first month, our expert detects cases of corporate fraud, document forgery and other violations, as well as cases of idleness, business on the side or work for competitors.
- For compliance with regulatory requirements. More and more regulations are being adopted or waiting to be adopted. SAMA, GDPR, and DCC incentivize companies to take measures to ensure data security. Some regulations, such as the UAE Information Security Regulation issued by the United Arab Emirates Telecommunications and Digital Technology Authority, even stipulate the use of DLP as a means of preventing data loss. To avoid the risk of hefty fines or lawsuits for non-compliance, you can use our managed security service.
I believe that outsourced data security should soon become as widespread as outsourced accounting or IT services. It is just a matter of time.
SearchInform offers a free trial version for one month!
During this month, clients can assess whether the service really meets their needs. According to our experience, 100% of companies discover some kind of problems during the trial, ranging from the idleness of their employees to corporate fraud and confidential data leakage. 70% of companies that request a free trial continue to work with us.
Request a free trial of the service for one month!
Contact us for more information:
Email: uae@searchinform.com
Office Address: 10C-15, I-Rise Tower, Hessa Street, Barsha Heights, Dubai, UAE.
– Sponsored Content
Don’t Brush It Off – Plan Your Incident Response Now
COP28: AI Can Be Leveraged to Deliver Actionable Insights
COP28: Fortinet is Committed to Innovating for a Safer Internet
Databases Are the Black Boxes for Most Organisations
ManageEngine Intros Enhanced SIEM with Dual-Layered System for Better Precision in Threat Detection
MBUZZ to Distribute Toshiba’s High-Capacity Surveillance and Enterprise Storage Solutions
Egyptian e-Payment Giant Fawry Denies Reports of Cyberattack
HakTrak to Show Off its Latest Cybersecurity Solutions at the Black Hat MEA 2023 in Riyadh
CyberKnight Takes Stage at Black Hat Middle East 2023 with Cutting-Edge Zero Trust Security Portfolio
Databases Are the Black Boxes for Most Organisations
#GITEXGLOBAL2023 – Interview with Mohamad Abdallah of Sonicwall
#GITEXGlobal2023 – Interview with Sertan Selcuk of OPSWAT
#GITEXGlobal2023 – Interview with Abdul Rehman Tariq Butt of SolarWinds
#GITEXGlobal2023 – Interview with Bashar Bashaireh of Cloudflare
#GITEXGlobal2023 – Interview with John Shier of Sophos
-
Cyber Security1 week agoDatabases Are the Black Boxes for Most Organisations
-
News1 week agoProofpoint Appoints Sumit Dhawan as Chief Executive Officer
-
Cyber Security1 week agoCybersecurity on a Budget: Affordable Cybersecurity Strategies for Small Businesses
-
Cyber Security1 week agoManageEngine Intros Enhanced SIEM with Dual-Layered System for Better Precision in Threat Detection
-
Cloud1 week agoGoogle Clarifies the Cause of Missing Google Drive Files
-
Interviews4 days agoCOP28: AI Can Be Leveraged to Deliver Actionable Insights
-
Interviews4 days agoCOP28: Fortinet is Committed to Innovating for a Safer Internet
-
Expert Speak4 days agoDon’t Brush It Off – Plan Your Incident Response Now