Imarc Group emphasises that more and more people are working remotely since Covid hit the world and that this has presented companies with new challenges at a time when cyber attacks are increasing sharply. Preventing data breaches and ensuring business continuity has become an increasingly high priority in organisations worldwide.
Video surveillance manufacturers were first
Of the electronic physical security sectors, video surveillance manufacturers were the first to push for increased cyber security. This after some large high-profile cyber attacks occurred in the 2010s, where the network intrusion began with the hacking of connected video surveillance equipment and came to cause serious damage. Attention to cyber attacks intensified when the US government, citing national security, banned a number of Chinese companies from government and infrastructure-sensitive installations, including well-known video surveillance equipment manufacturers Hikvision and Dahua, but also Huawei.
Focus on cyber threats after excommunication
The ban is filed under the John McCain National Defense Authorization Act (NDAA) and restricts the use, procurement or sale of certain brands of surveillance equipment to or for federal agencies. Government agencies are not only prohibited from purchasing equipment from these manufacturers, but also from doing business with contractors who use surveillance technology from the blacklisted companies. The law also stipulates that all essential components of a video surveillance system manufactured by these manufacturers are also prohibited.
Cyber security – a means of competition
The blacklisting prompted many US and European video surveillance manufacturers to become NDAA compliant. In addition, the video surveillance companies have worked increasingly to increase security, not least via far-reaching collaborations with IT security companies that can contribute to product development that addresses the need for cyber security. Having certification according to existing cyber security standards has become customary. Cyber security has simply become a means of competition in the video surveillance market.
The industry has woken up
In the area of access control, the issue of cyber security has not been highlighted in the same way. This may have its explanation in the fact that the access control area was significantly later when it comes to connected systems. But now things are starting to happen, not least within the EU, where member states are required to implement measures to live up to the NIS2 directive’s requirements for cyber security of communication in technical systems, for example for ID management or access control.
Suppliers drive development
The industry’s suppliers are starting to drive cyber security issues more and more. The French manufacturer of readers, Stid Security, is one of the actors who, in debate articles and in panel discussions, is pushing for the industry to accelerate the development towards more secure technology solutions for access control and to live up to the NIS requirements. Genetec, the world’s fastest growing provider of access control software, has also been a major driver for the access control industry to take the cyber threat seriously. Recently, the Canadian company went out and warned about cyber-attacks that can be initiated via, for example, old and poorly protected access control systems.
“Many organisations work with access systems that go back ten years or more. While these legacy systems still work to allow employees to log in and out, it is likely that these systems use technologies that are extremely vulnerable to modern cyber threats,” said Christian Morin, Vice President of Product Engineering and Chief Security Officer at Genetec Inc.
“Older systems were not built to handle today’s threats. When evaluating a new access system or upgrading an existing system, make sure that cyber security is a key component of the selection criteria for suppliers, he further suggests.
Multi-factor authentication
Another security trend, related to the access control market, is that more and more small and medium-sized companies are starting to use multi-factor authentication, which for example is based on biometrics, key fob, password and personal identification number (PIN) to verify an individual’s identity. With these combined solutions, access can limit access to buildings for staff on site and visitors, increasing physical security.
Other growth factors
Imarc Group also highlights some niche businesses that may have special access protection purposes, such as healthcare companies that use physical and electronic access control systems to prevent unauthorised disclosure of protected health information (PHI) and ensure the integrity of patient data.
The increasing threat of terrorism and geopolitical unrest are also growth driving factors for the market. In more and more countries, access protection is being strengthened at military locations and national borders. This in turn drives the demand for role-based access control to monitor applicant entry into restricted areas to maintain a secure location.
Finally, Imarc Group sees generally the increasing need for security and control for industry, schools, commercial buildings and even in private homes as major growth factors.