IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
We’ve published a number of articles exploring the trends – in terms of physical security, cybersecurity and a blend of the two – that will emerge or intensify during 2019.
Below we’ve curated some of the most fascinating – in some cases, alarming – forecasts, added some new predictions and interspersed these expert insights with responses we received from the security industry via Twitter.
Johan Paulsson, CTO, Axis Communications
“The number of connected devices means potential vulnerabilities and insecure end-points are growing exponentially”
Progress in AI differs from industry to industry. While in the physical security sector AI is not commonplace, machine or deep learning technology is increasingly used to deploy smart video analytics tools. Use of such technology will increase in 2019, which will not only have a significant impact on improving firms’ security, but also help them derive intelligent insights from the data collected.
Cloud computing is now firmly established, with most organisations making use of it at some level. However, as the use of Internet of Things (IoT) devices grows, so does the amount of data generated that requires storage.
The rise of edge computing is putting more data processing at the ‘edge’ of the network, close to where the data is collected by a video camera or access control device. This can significantly reduce bandwidth and storage demands, and the data can be anonymised and encrypted before it is transferred to secure data centres.
Cyber-attacks are becoming more sophisticated and the number of connected devices means that potential vulnerabilities and insecure end-points are growing exponentially. To combat the threat, supply chain security must be prioritised in 2019.
Working smarter means working sustainably, and this should be something all businesses aim to achieve in 2019. For example, in a smart city, an environmental sensor could trigger a video or thermal camera to quickly identify fires or spillages, prompting alerts to create a more rapid and effective response.
“In 2019 we’ll see more law enforcement organisations using video analytics with facial recognition”
Video content analytics is moving beyond old-fashioned detective work. Video content analytics software that incorporates artificial intelligence (AI) and deep learning technology is now valuable for much more than after-the-fact investigations. AI is making it possible for businesses and law enforcement to make proactive data driven decisions to increase operational efficiencies, as well as giving them the ability to recognize and prevent potential issues before they arise.
Facial recognition is big development that is here to stay. In 2019 we’ll see more law enforcement organisations using video analytics with facial recognition to solve incidents much faster and retailers immediately identify shoplifters. As it proliferates throughout our world, and the technology becomes more readily available, we expect significant adoption in 2019.
As video continues to gain popularity, the need to conserve bandwidth is driving asurge in cloud migration and edge computing. This opens up the possibility for advanced video content analytics that process data collected from cameras and devices.
In 2019, we anticipate a continued migration to cloud computing and edge processing and as a result, we’ll see AI-backed video content analytics become much more widely adopted in many industries such as transportation, higher education, healthcare, retail and more.
Businesses in 2019 align security strategy to business objectives, destroy the security silos, embrace neurodiversity, make security risk a business risk, take the talking spoon off the techies, reconnect with the information, reprogram thinking to respect and value their staff
“High on CISOs’ 2019 wish list: trusted computing in untrusted spaces”
The security industry is built on the basic assumption that there are certain fundamental protections computers promise, such as the belief that basic processing elements (like kernel memory) are safe. The 2018 chip flaw disclosures by Intel and others rattled this basic understanding, exposing a massive memory attack surface and bringing attention to an often-overlooked security risk: the processing layer.
It’s not that memory attacks haven’t existed up to this point, but they haven’t previously been exposed this broadly. What 2018 brought to the forefront, 2019 is unlikely to eliminate.
We will see a steady drumbeat of these pervasive, foundation-rattling flaws continue to emerge, forcing enterprises to rethink long-held security assumptions and seek out solutions that will get out in front of the problem, rather than waiting for the next flaw to drop.
The chip flaws announced in 2018 may have been the most pervasive examples of memory attack surface vulnerabilities we’ve seen to date, but it certainly won’t be the last. High on CISOs’ 2019 wish list: trusted computing in untrusted spaces.
“2019 will have at least one major attack against an OT network that will cause the industry to look at itself and figure out how to redesign in a secure manner”
‘OT’ is operational technology: basically the guts of what runs a lot of oil, gas, and energy companies when it comes to extraction, generation, and/or distribution. Most companies that have OT networks have snubbed their nose at technologies designed to secure IT networks because OT networks are ‘special’. They rely much more heavily on uptime and latency and leverage unique technologies that traditional security tools may disrupt, so they segregate these networks and only layer in minimal security. Most of the investment is put into monitoring tools: not for security monitoring but for performance monitoring.
The reality, however, is that modern OT networks run very similarly to traditional IT networks but with fewer users and typically much older technology. I think that is the big secret they are trying to hide by not implementing thorough security: modern tools won’t help much with the older technology and they don’t want to force the vendors to update or to invest in another IT network where the costs could skyrocket.
Because of this conundrum, I think that 2019 will have at least one major attack against an OT network that will cause the industry to look at itself and figure out how to redesign in a secure manner.
Unfortunately, when it comes to #CCTV I’d have to say more of the same … apart from a rapid increase in uptake of Dashcams & BWV
Now if the question had been, what would we ideally like to see in 2019, that really would be one heck of a thread ?
SecureAuth, an Identity Security Automation platform
“Mean time to detection will fall and more breaches that are greater than 100 days old, perhaps even longer, coming to light”
All verticals are under attack. In fact, it is more about the attack surface than the vertical. Anyone with a portal presence or Office 365 deployed is a prime target and the impacts are the same: loss of revenue and damage to brand reputation.
Also, machine learning will be weaponised. As these intelligence platforms are becoming increasingly relied upon to automate informed decision making based on information profiles, it would seem remiss for security experts and teams not to consider these platforms themselves becoming the next attack vector. If a sophisticated attacker could find methods to inject confusion or misleading indicators into the information pools used for decision making, it could make it possible to hide amongst the injected noise.
According to recent reports, cyber attackers accessed the Marriott International guest reservation database as early as 2014. In general, it takes roughly 100 days from the time a breach occurs to evidence of the attack being detected. As organisations adopt machine learning based advanced analytics and security orchestration and automation (SOAR) technology, the mean time to detection will fall and more breaches that are greater than 100 days old, perhaps even longer, coming to light. In 2019, organisations will get better at identifying them.
Professional development for front line security personnel; the ever expanding use of drones in security applications and an increase in SeMS throughout the industry.
Dr Adrian Nish, head of threat intelligence, BAE Systems
“We anticipate attackers will shift to targeting banking systems that allow real-time settlement of funds”
Given the record number of cyber heists in 2018, it is likely bank networks will continue to be in the crosshairs of financially motivated threat groups in 2019. Many attacks over recent years have focused on international interbank payment systems. These have a major disadvantage for criminals though, in that there is a delay of 24-48 hours before the funds are settled and available to be moved.
This time window allows the authorities time to catch up following an attack and freeze the funds. In 2019 we anticipate attackers will shift to targeting systems that allow real-time settlement of funds – meaning that money can be moved through a network of accounts more quickly and ultimately laundered successfully. This will present a challenge for the community in terms of the speed of response and international co-operation.
Big fines under GDPR?
Artificial Intelligence and the rise of the machines?
C-suite finally realising that security is a vital part of doing business?
Or what about security finally becoming a proper profession with an established core body of knowledge and a proper career path?
“State-sponsored cyber-attacks on critical infrastructure will proliferate”
Hackers will unleash multi-pronged, AI/machine-learning powered cyberattacks – triggering breaches in humanoid systems alongside blockchain ecosystems and other autonomous systems.
State-sponsored cyber-attacks on critical infrastructure will proliferate. Operational technologies like PCI, HMI, Control and Workflow Systems will be high on cybercriminals’ bucket lists. Threat actors are developing new attack methods featuring complex malware to accomplish tasks such as passive asset discovery and control instruction hijacking.
State or corporate-sponsored espionagewill be driven by trade disputes. Following North Korean, Chinese and Russian state-sponsored attacks in 2018 other countries will launch or ramp up their own attacks to demonstrate their political power and meet proxy objectives.
A catastrophic cyber attack on a part of the UK critical infrastructure leading to a realisation (I hope) that all connected devices need to be properly and securely managed. It’s the realisation that’s the big thing, not the attack ?
“New privacy safeguards will be put into place due to consumers becoming exhausted by breaches and abuse of their personal data”
There will be a big battle by organisations to keep intellectual property out of the hands of nation-state sponsored hackers. International espionage has always presented a way for nation-states to acquire new technology, but as opportunities for legitimate access dwindle, there will be a real incentive to acquire it by nefarious means.
Biometric identification (including facial recognition software) will be exploited to steal our identities, thereby raising the question of what really defines an identity.
If AI is about reproducing cognition, does cybersecurity AI really exist? How will attackers capitalise on a slowdown of AI funding? When we trust in algorithms and analytics to successfully pilot automobiles, provide insight into healthcare decisions and alert security professionals to potential data loss incidents, how far should trust in AI go?
New privacy safeguards will be put into place due to consumers becoming exhausted by breaches and abuse of their personal data.
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Security trends to exploit – or defend against – in 2019Several security experts identify the trends - in terms of physical security, cybersecurity and a blend of the two - that will emerge or intensify during 2019.
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
Related Topics
Opening security to new opportunities as video surveillance goes beyond its borders
“Access control is shifting towards a consumer-centric approach” – Key takeaways from the Access Control Summit 2023
Video surveillance tech on the rise in luxury homes
Johan Paulsson, CTO, Axis Communications
Trevor Matz, CEO, BriefCam
Ellison Anne Williams, CEO, Enveil
Johnathan Couch, senior VP, strategy, Threatquotient
Dr Adrian Nish, head of threat intelligence, BAE Systems
CYFIRMA, cyber-threat intelligence firm
From the 