What Will Be The Biggest Surprise For Security In 2024?

One of the biggest surprises for the security industry in 2024 will be consolidation. Due to economic pressures, organizations will be looking to find ways to minimize costs while still maximizing efficiency for all areas of business. In the security industry, this will require teams to look closely at their spending and prioritize tools that serve various needs of their team. This means that software providers will need to prove their value and be able to showcase the multiple problems they can solve with their single solution. Platforms that help make critical connections between disparate pieces of data, centralize intelligence, have strong integration capabilities, and have cross-functional implications within a business will have the most success. These systems of record serve as the backbone for business processes and as a single source for storing and maintaining data – the shift to this type of technology could be surprising in years to come.

While AI regulation may not be a surprise to the security industry or the technology industry at large, the degree of regulatory scrutiny will surprise some. As AI development continues to accelerate, governments will look to address public concerns and impose requirements and obligations upon developers and users. From the EU’s recently ratified AI Act to President Biden’s recent executive order, mandates to promote AI's safety and responsible use are becoming increasingly more common. Moving forward, it will become vital for organizations to maintain a positive reputation amongst end users and the general public by prioritizing compliance, ethical development, and the use of innovative technologies. In the security industry, this should not come as a surprise, as we have a responsibility to maintain compliance with such regulatory frameworks. It’s up to us, alongside integrators, and partners, to ensure necessary steps are taken to ensure misuse of our solutions – AI and otherwise – can be avoided. 

End users are going to be more receptive to trying new technologies (we’ve already seen it happen with the rise of artificial intelligence and ChatGPT) and exploring ways to use technology in new and innovative ways. While we’ve already seen this as a trend, we will continue to witness the rising use of software to extract additional value from connected devices independent of the hardware being used. Ultimately, I’m calling it now: This will be the year that we break away from the “same old” solutions and embrace a more technological shift as larger organizations that were once very averse to exploring new technology are now willing to have these important conversations. The industry will be forced to catch up to the innovation seen by other industries as we continue to see big players (cough, Amazon/Apple, cough) enter the space. 

While many industry professionals spent 2023 shocked at how rapidly AI-based tools were being released, I expect 2024 to be the year we witness these tools make waves in physical security applications across verticals. Of course, as far as accessibility and real-world utility are concerned, AI is still in its infancy. However, now that we can observe the ways AI technologies have evolved, it will become important that our industry continues to watch out for the benefits AI-enabled solutions offer, as well as the inherent threats the technology poses, as end users begin to deploy them in the year(s) ahead. While it's true that AI has proven itself to be a breeding ground for innovation, humanity has a long history of manipulating technologies toward destructive ends, which is a possibility we need to pay close attention to, as an industry. I believe this is true for cybersecurity and physical security professionals alike.

I don’t think anything will be a “surprise” as such; instead, we will see a continuation of the trend towards companies prioritizing the implementation or enhancement of cybersecurity, resiliency of systems, organizational system integrations, recruitment and retention of skilled staff, and data (having the right information available to the right people at the right times). The 2024 Gallagher Security Industry Trends Report speaks to what’s most important to organizations in the year ahead. The results show the fundamental importance organizations are placing on their cybersecurity efforts. They are prioritizing the need to transition from basic defenses to more innovative solutions which protect the longevity of their operations from the ever-evolving threats. The need to build a strong foundation is a clear priority for organizations heading into 2024. 

We are used to hearing about cybersecurity failures in healthcare: data breaches impacting millions of patients, and cyberattacks that interfere with patient care. Looking ahead to 2024, I think many will be surprised to see the profound positive impact that cybersecurity – specifically identity security – can have in the healthcare sector. Adopting identity protocols that incorporate biometrics and just-in-time authorization can allow for better patient experiences while maintaining privacy. For example, a patient’s health records could follow them from provider to provider across different networks, cutting down on the time spent filling out paperwork at each visit and reducing clinical errors. It could also allow patients’ medical histories to be accessed more easily following an accident or in a case where a patient may be unable to share their info themselves. Beyond just protecting our data, identity security has the potential to make our healthcare experiences more seamless.

In 2024, the most significant cybersecurity surprise will be the widespread recognition that Chief Information Security Officers (CISOs) are primarily risk advisors, not risk owners. This distinction contrasts with some companies' previous perceptions and the operational reality. With cybersecurity concerns such as data center vulnerability, cloud vulnerability, and ransomware attacks still being a top concern for business leaders in 2024, this distinction is important to keep in mind to ensure the success of corporate security. Business systems are managed by business owners, whose performance is measured based on the system's effectiveness. Historically, some companies have incorrectly assumed that the CISO is responsible for authorizing or mitigating some of the risks associated with these business systems. This is a misconception. The business owner, likely the individual who has approved the business continuity plan or is most affected by operational disruptions, also bears the responsibility of deciding how to address each risk. While CISOs can identify and propose mitigation strategies for business risks related to cybersecurity, they do not and should not accept or authorize the mitigation of risks for systems outside their ownership.

In 2023, NIST published the latest draft standards for post-quantum cryptography (PQC), serving as the inflection point to alert businesses that the transition to quantum-resistant cryptographic algorithms needs to be the priority. However, over half of organizations haven’t begun to take action or are even considering how to prepare for the impact of quantum computing. In the coming year, leaders may be surprised to discover that the post-quantum era has already arrived for some. We are already seeing the banking industry, for instance, test and deploy quantum-resistant solutions successfully. If companies have not begun PQC preparation, pioneers will soon learn that they are already behind. The transition to PQC strategies will not happen overnight and it will take significant time and effort for organizations to develop and execute their PQC strategies. Teams need to begin transitions in 2024 to secure data and minimize the damage to the organization from a critical threat.

With distributed Artificial Intelligence (AI), the effectiveness of video surveillance will make a giant leap by distributing AI tasks between smart devices and VSaaS cloud servers. Smart video cameras with embedded AI enable fast and accurate assessment of visual events to fully automate deterrence reactions to trespassing and loitering. The characteristics of these intrusions and the corresponding deterrence events are shaping our understanding of when it is important to engage humans and when it is needless. An 80% reduction (or more) in the labor cost to monitor cameras is achievable when we train AI to automate a significant portion of the monitoring. Proper distribution of AI tasks between smart cameras and VSaaS servers automates the deterrence of unwanted intrusions and focuses operators on threats and safety concerns that require immediate intervention and possibly police dispatch. The results are lower monitoring costs for the service provider and property owner, driving higher market adoption.