Cyber MoU Amid the Internet of Things
As the IoT grows exponentially, so too do the threat of cyber attacks. Here’s your memo of understanding on the latest trends and implications.
Physical security has historically been characterized by analog devices such as panel-based access control systems, video cameras linked to virtual data rooms (VDRs) and alarm systems connected to a central station. However, new technologies leveraging the Internet, including the Internet of Things (IoT), bring a host of benefits and higher rates of market penetration.
Unfortunately, these benefits are accompanied by new security vulnerabilities that must be addressed in order to protect businesses and consumers. As such, systems integrators must grow and evolve their businesses and capabilities to meet today’s standards and customer needs.
IoT Benefits & Risks
The IoT continues to grow rapidly and have dramatic impacts on both the physical and cybersecurity landscape. As individuals and businesses look for more efficiencies in everyday life and commerce, they have increasingly utilized interconnected sensors, machines, and data. These tools, all connected via the Internet, make up the IoT, with more than 24 billion physical devices expected to be interconnected by 2050, according to Ericsson.
Each time a household connects their alarm system or thermostat to the Internet for monitoring or control, they expand the IoT. Similarly, a trucking company or school that switches from traditional video security to interconnected, remotely monitored video surveillance, expands the IoT. Each of these additions amplifies the number of interconnected devices, along with the attack surface susceptible to hacker infiltration.
Cyber protections for even the simplest devices and systems have become critical to defending against security incidents such as ransomware, hostile takeovers or unwanted entry into a broader network. The increased need for cyber protection of physical security IoT devices is driving the intersection of physical and cyber security capabilities.
A recent example of an IoT attack involved the Cloud-based video surveillance company, Verkada. In 2021, attackers were able to infiltrate Verkada’s network and control more than 150,000 cameras mounted in factories, hospitals, schools, prisons, and other sites, accessing live feeds through these interconnected devices. The ability to control physical devices through the IoT demonstrates the critical importance of properly managing the intersection of cyber and physical security.
IoT devices are particularly vulnerable to network attacks such as data thefts, phishing attacks, spoofing and denial of service (DoS) attacks. These can lead to other cybersecurity threats such as ransomware attacks, which are a risk to organizations of all types and sizes. Ransomware attacks can have devastating impacts on their targets, with most ransomware attacks abuse known vulnerabilities in unpatched systems.
Vendors Vie for New Capabilities
Large corporations have taken significant steps toward digitizing their portfolios through acquisitions of and investments into companies leveraging the IoT through video surveillance technology, access control systems and related software solutions.
One example of a market-leading company that has upgraded its suite of security offerings is Motorola (NYSE: MSI). The firm announced the acquisition of seven businesses during 2022, including the $388 million purchase of London-based Ava Security in March, a Cloud-native artificial intelligence (AI)-enabled video security platform designed to protect people and assets with real-time visibility and insights.
As a platform driven as much by physical cameras as by Cloud and software technology, the intersection of physical and cybersecurity could not be more prominent. Cybersecurity is at the forefront of Ava’s offerings, with the company touting their full compliance and cybersecurity protections including secure remote access, automatic software updates, and end-to-end encryption of customers’ data and metadata. The intersection and integration of physical and cybersecurity seen in acquisitions by industry leader Motorola is a strong indicator of the positive direction the physical security market could be headed.
Honeywell (Nasdaq: HON) announced several acquisitions and venture capital (VC) investments during 2022 centered around technology-enabled business operations, requiring adaptive and comprehensive cyber defenses. The company participated in the $75 million Series C investment round of RapidSOS in August 2022 showing Honeywell’s interest in the 911 response space, connecting the IoT to first responders through a software platform.
As lifesaving emergency data is increasingly relied upon by first responders, the security of this data becomes paramount. Any disruption to the flow of data could delay or inhibit the ability of first responders to locate, respond to and triage life-threatening events across the country.
Honeywell has also developed its own cybersecurity capabilities, through the Honeywell Forge for Cybersecurity, to provide industrial cybersecurity software and solutions to its clients. This is a vendor-neutral platform, supporting strengthened operational technology (OT) cyber defenses regardless of the control system being used by the customer. Honeywell has recognized that, as businesses move to digitally connect operations across systems and geographies, having site- or system-specific cybersecurity strategies is no longer practical or secure.
The company has capitalized on this opportunity to deepen its client relationships, further advising customers on their cybersecurity strategy and then either relying on trusted partners to provide systems and services, or utilizing Honeywell’s arsenal of products and services to best suit the client’s needs. This not only helps customers stay ahead of the evolving threat landscape but has provided Honeywell with a fast-growing, high-margin, recurring revenue stream that will likely provide benefits to the bottom line well into the future.
Transaction Activity Impact
The rapid digitization of the security space has helped fuel a boom in transaction activity across both the physical and cybersecurity landscape. Mergers and acquisitions (M&A) in the security solutions and cybersecurity markets have continued to defy the slowdown seen in the overall M&A market through the end of 2022 and beginning of 2023.
In the security solutions sector, 181 transactions were announced or completed in full year 2022, only slightly trailing the record volume in 2021 (194 transactions), according to Capstone Partners’ January 2022 Security Solutions Market Update. While the broader M&A market has cooled from 2021’s frenzy, the security solutions sector has exhibited no signs of slowing, with strategic and sponsor-backed businesses competing for quality assets to fortify margins and keep up with demand for mission-critical products and services.
M&A activity in the cybersecurity space reached record levels in 2022, with 447 deals announced or completed, marking an increase of 9% compared to 2021, according to Capstone Partners. M&A has remained a significant component to growth, as enterprise players across a wide variety of sub-segments remained highly acquisitive with intentions to broaden service offerings and strengthen core capabilities to meet increasing customer demands for comprehensive platforms.
Security Elevates to Board Level
The digitization of our world, the resulting increase in vulnerabilities and billions in losses attributable to cybersecurity breaches, has caused board directors and shareholders to take notice. Chief security officers (CSOs) now hold a prominent role within their organizations interacting at the most senior levels. Moreover, publicity surrounding recent security breaches at Microsoft (Nasdaq: MSFT), Toyota (TSE: 7203) and others have forced organizations to move security requirements to the forefront of budgeting and planning discussions.
Organizations increasingly hire dedicated security leaders and advisors to test defenses, review the protection of assets and audit security policies. With the costs of successful attacks continuing to increase, spending on comprehensive cybersecurity protections for all assets is expected to rise, creating entry points for new players and potential share of wallet expansion for existing players.
Global spending on cybersecurity solutions and services is expected to eventually top $1.5 trillion, up from the $150 billion spent in 2021, according to McKinsey, providing ample opportunity for traditional physical security players to to participate in the fast-growing market.
The partnership among physical security providers and cybersecurity providers is just beginning, with decades of expected growth on the horizon. Participants in the security solutions sector that view the current environment as an opportunity instead of a threat, will be positioned to realize ample growth opportunities, increased client interaction and stronger client relationships.
Thomas McConnell is a Managing Director at Capstone Partners, an investment bank, where he focuses on M&A and raising capital for cybersecurity and physical security companies in the middle market. Capstone associates Patrick Hashmall, Daniel Konst and Sam Musler also contributed.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.