The rate at which technology is evolving in the security industry is nothing short of astounding.
With the influx of artificial intelligence (AI) and true data analytics, we can now take disparate information across an entire organization to not only provide optimal security but also operational efficiencies, business intelligence and better use of employees and resources. And that is just the tip of the iceberg of this technology movement moving across the industry.
But with this kind of technology and connectivity also comes great responsibility, and that includes proper cybersecurity, data protection and processes and procedures to ensure the overall health and security of all systems within an ecosystem.
One should look no further than this year’s Global Security Exchange (GSX) conference education program to see how much these topics – AI, cybersecurity and proper data use and protection – are dominating the dialogue around the industry.
AI and Data Analytics
AI is certainly a buzzword within security, and not surprisingly is the top theme across the 200-plus sessions bringing security professionals together Sept. 23-25 in Orlando, Fla., at the Orange County Convention Center, to talk about its capabilities and provide use cases, success stories and experiential data on where it’s having the greatest impact.
“We are moving beyond just talking about it from a theoretical perspective because everyone's using it in some form or fashion, or trying to apply it into what they’re doing today,” says Jon Harris, head of Ecosystem Partnerships at HiveWatch, who is speaking at the session, “How to Navigate the Proper Usage of AI/ML and Emerging Tech in Security Operations,” on Monday, from 11:15 a.m.-12:15 p.m.
The panel also features Ben Patience, director, Physical Security – EMEA; Dylan Hauer, CPP, Badging & Security Technology supervisor at Fairview Health Services; and Jon Polly, PSP, chief solutions officer at ProTecht Solutions Partners.
As Harris points out, each speaker offers a unique perspective representing key stakeholders within the security industry, as the panel is made up of a great mix of end users, consultants, systems integrators and solution/product providers, similar to who will be in the audience.
“If you're an end user, a technology provider, or an access control or video company, or a salesperson who wants to know how to talk about AI, I think there are pieces and parts here for everybody,” Harris explains. “So, there are going to be concepts and components and educational value for wherever you sit in the industry, whatever part of it you reside in. We really want to dig into the full spectrum from simple automation to AI that we haven't even realized yet.”
The panelists will discuss the role AI and machine learning (ML) capabilities plays in decision-making, appropriate ways that manufacturers can talk about capabilities (without overstating its capabilities), and the questions that security practitioners should ask before deciding on technology investments around AI/ML.
“If you’re choosing a solution and in the midst of this [GSX] show floor and someone says, ‘We’ve got AI,’ – buyer beware,” says Harris, noting it is important to ask how the AI or ML is being used and what it is being used for, especially when the definition of AI can be different with each person you talk to.
“What is the use case?” he says. “So [the session] is about weaving in the definition of what AI is and understanding what it isn't. Also, what to look for when you're seeking out a solution and what to avoid as well.”
Asked for one key takeaway, he says, “For a lot of folks, it’s a binary conversation – do I use AI, do I not? But don’t be afraid of this topic – this is an ever-changing technology solution set, so don't stop educating yourself on this technology because we are just beginning to see both its power and capabilities.”
Jordan Hill, head of Product at HiveWatch -- who is speaking with Harris, Adam Groom, co-founder at StratorSoft, and Jonathan Perillo, CPP, PSP, PCI, senior manager, Corporate Security at Munich Re America Services on the session, “Building a Data Strategy Framework for Security Leaders,” --is equally excited for AI’s current and future potential.
“We've had an explosion in capability, in the sheer horsepower of what AI can do and every single value driver now is in the last mile of the user experience,” says Hill. “And for the application as a security professional, you need to understand how to evaluate these tools more than knowing what tool to use, because those tools most likely have not been invented yet and will be invented over at the next year, two years.
“As a security practitioner, you need to know what good enough is and know how to invest the technology in an intelligent way.”
Looking closer at the use of data, Hill says the session will help attendees to better understand tactical steps to creating data use cases related to business goals, identify specific metrics and insights valued by internal and external stakeholders, as well as data sources and their role in storytelling across the business.
“It takes a lot of effort, especially when you have multiple different physical security systems that you're ingesting, for example, to be able to wrangle that data and put it in the clean format,” says Hill. “And when you don't have solutions to normalize and make all the data the same and interoperable, the juice ends up feeling like it's not worth the squeeze. That's a big value that we provide at Hivewatch is normalizing that data, eliminating the noise, and making it easier to think and have those strategic conversations.”
Harris adds, “If you're not a data-informed security professional, you're missing out on the opportunity to have a greater level of impact.”
Importance of Cybersecurity
Before AI dominated the security landscape, it can be argued that the topic of cybersecurity held that position for nearly a decade, evolving to the point where it is not unusual for it to be brought up in any conversation about security, whether it’s physical or logical. And AI is also a key player in cyberwarfare and the arsenal of bad actors, both here and abroad, making for a constantly evolving threat landscape.
Because of the importance of cybersecurity and protecting data, nearly 20 U.S. states have enacted some form of data privacy legislation, although federal legislation for the time being has been shelved temporarily as lawmakers figure out how to fix some of the major issues that several organizations, including SIA and ASIS, brought to legislators’ attention earlier this year.
“Each state has its own privacy regulations in terms of how they protect data, which makes it very challenging because it's really not that uniform in my opinion in terms of regulatory bodies that have come down saying we have to do it this way and this is how we protect data,” notes Min Kyriannis, CEO and Co-Founder at AMYNA Systems.
Kyriannis is speaking on the session, “The Battle for the Best Cybersecurity Standards: Navigating Regulations Worldwide,” on Monday, from 3:15-4:15 p.m., with Bhavesh Patel, Senior Director of Security Service & Technology at Sanofi; Steven Kenny, Manager – Architecture & Engineering Program, EMEA at Axis Communications, and Wayne Dorris, Program Manager – Cybersecurity at Axis Communications.
“One of the key things I’ve always talked about is the enforcement of these policies and what happens if someone fails to comply,” Kyriannis continues. “We need to think about that in the longer term because it's great that we have these policies, or recommendations as I like to call them, because if you're not enforcing them, it's really not a policy until we start putting fines out or holding companies accountable for data loss.”
She says now the onus is on the companies themselves to ensure that they are protected and are following these regulations.
“Europe is doing a pretty good job because there are fines that are instituted If there is a breach or there’s a compromise, but I have yet to see something similar in the United States, although there have been some recent cases,” says Kyriannis, referring to the recent $2.9 million fine against U.S. security camera company Verkada by the U.S. Federal Trade Commission following allegations of a string of cybersecurity failures that led to multiple breaches of the company's network and video storage platforms.
As the number of cyberattacks continue to grow each year, including major cyber events like SolarWinds, Mirai, and Notpetya making headlines and slowing down industry, Kyriannis points out it’s important to continually develop and implement new cybersecurity standards and regulations to prevent and mitigate future attacks.
During the session, Kyriannis says attendees will learn about the different global cybersecurity standards that have recently passed and those that are still in legislation, including those in the U.S. and the European Union – looking closely as key differences – and what they mean for security professionals and companies operating globally.
“With my past experience dealing with critical infrastructure, cybersecurity, and also some of the cybersecurity trends, we will talk about how regulations that’ve been coming out are becoming more stringent, in addition to the [cyber] wars that are happening overseas,” she explains.
“We must think about what the next phase of attacks are going to be globally, if we ever do come into that kind of tragedy. I think it's critically important that we look at it from a different lens in terms of how I would say bad threat actors or those operating behind the scenes. And I think this is where we have to take a look at some of the regulations and regulatory bodies out there and how to make it stronger.”
Kyriannis hopes attendees will leave with the ability to recognize cybersecurity risks within their own organizations and understand how to recognize if the products they are deploying comply with the correct regulation requirements for their region, and then how to fix potential issues that may arise if not compliant.
“It’s not just looking at cybersecurity, but you also have to think about privacy and how you are protecting the data,” she asserts, noting that researchers expect there to be 40 billion IoT devices on the network by 2025.
“My key takeaway for the session is really about when you're setting the system, designing a system, installing a system, how do you mitigate that risk and take the way the liability that you yourself have by touching that system? What do I need to do to ensure the protection of those I'm working with while also protecting myself at the same time?”
Kyriannis is also excited by what is happening in the cyber-threat mitigation space, noting that her company recently launched a product it has been working on for some time that can “detect anomalies immediately – not just inbound but also outbound traffic – and be able to figure out where it's coming from … essentially pick out the needle in a haystack,” she explains. “So, detect, mitigate and remediate in real time, as quickly as seconds. And there's no learning curve.”
