For the past few years, I’ve been compiling a year-end list of the most significant events, incidents, trends, and developments in security in the previous 12 months. For the end of 2022, I decided to enlist help from colleagues around the world. I put together a preliminary list of 22 items (to match 2022), and my fellow contributors added, deleted, modified, and organized the list from there. We ended up with a top 22 divided into six broad categories. Our panel also weighed in on what these 22 items mean for your security program in 2023.
Thanks to the following professionals for contributing, listed in alphabetical order:
Adriaan Bosch, (Former) Head of Loss Prevention, PEP, Johannesburg, South Africa
Michael Brzozowski, CPP, PSP, Director Security Operations, CIBC, Toronto, Canada
Antoinette King, Founder, Credo Cyber Consulting, New York, New York, USA
Rick Mounfield, Director, Optimal Risk Group, London, UK
Lisa Oliveri, CPP, PCI, Director of Global Risk Management, Security and Operations, National Democratic Institute, Washington, DC, USA
Kevin Palacios, Board Member, International Foundation of Protection Officers, Quito, Ecuador
Eddie Sorrells, CPP, PSP, PCI, COO/General Counsel, DSI Security Services, Dothan, AL, USA
Jeff Slotnick, CPP, PSP, President, Setracon, Seattle, WA, USA
Harold Wax, CPP, PCI, Director, Global Security, Pepsico, Toronto, Canada
Top 22 Trends
- Ukraine War: Fallout of the war has cascading effects throughout the world, including food shortages, displacement of citizens, shifts in oil supply, inflation spikes, supply chain impacts, and security resources devoted to the region
- The China Syndrome: Chinese activities cause a wave of disruption: Western governments continue to indict Chinese nationals for espionage against companies such as Apple, GE Aviation, Monsanto, and Hydro Quebec. U.S. bans certain Chinese security technology. Other issues include Chinese threatening hostilities in Taiwan and Beijing’s response to Western companies prohibiting purchase of items from Chinese provinces in which ethnic minorities are abused
- Social Media Weaponization: Social media continues to be used to spread misinformation and disinformation, promote violence, and sow discontent. Libs of TikTok and Jane’s Revenge inspire kinetic violence. Elon Musk’s takeover of Twitter reopens the platform for extremists such as white supremacist Andrew Anglin
Evolving Threat Vectors
- Crypto Fraud: The implosion of FTX combines a Madoff-like megafraud with public concerns about the longevity and sustainability of cryptocurrency
- Ransomware: Ransomware attacks multiply and become more diverse, including one that takes down Costa Rica’s Ministry of Finance and Social Security Fund
- Insider Threat: Insider threats also multiply and become more diverse, due to the continued fallout from hybrid work, inflation, job losses, Covid, etc.
- Runaway jury awards appear in negligent security cases. In perhaps the most staggering example, Charter Communications was found liable for $7 billion in punitive damages in connection with the stabbing death of an 83-year-old woman in her home by a Charter employee
- Cannabis: The federal/state duality on cannabis legality creates an array of security issues
- The Cloud: Migration to the cloud soars, as does leveraging of security and nonsecurity data to drive business decisions and generate revenue/gain efficiencies
- AI: The good includes security tools that adapt and learn. The bad includes shockingly realistic deepfakes and other forms of fraud
- The security labor shortage leads to automation, including increasing use of drones, robotics, and video analytics
- IAM: Identity and access management, which combines physical and cyber access control and identity, surges
- Zero Trust: The Zero Trust model, which assumes every user, request, node, and endpoint are a threat, gains widespread adoption
Crime and Crime Prevention
- U.S.-Mexico Border: Border crisis begets other crises, including fentanyl and displaced persons
- Violence: Continued violence in the U.S. includes notable shootings at a Buffalo supermarket, Uvalde school, and Walmart store—the latter by a manager
- Public safety: As U.S. (and global) communities grapple with police shortages, many turn to private security to take on public safety functions
- ORC: With fewer police resources and stores implementing hands-off policies, organized retail crime and mass shoplifting events surge
- Inflation: Inflation and recession boost many types of crime globally
Professional Issues, Events, and Trends
- Resilience: “Resilience,” after Covid, finds a place in corporate structures
- Convergence: New ASIS research shows an uptick in physical/cybersecurity convergence since 2019
- DE&I: The profession and industry sees growing efforts to boost diversity, equity, and inclusion
- Wellness: Mental health issues, both by security personnel and by the people they have to deal with, spur a new recognition of the importance of physical and mental wellness
What do these trends mean for security in 2023?
Michael Brzozowski: Re the Walmart shooting, I am interested to see how the litigation around active assailant training will impact how organizations approach violence in the workplace, especially since the resulting lawsuit in this case was launched by employees.
With regards to DEI, efforts in our industry have been very encouraging, and they need to be celebrated more
One additional thought that I think will play in 2023 is the future of work/remote work/flexibility. It appears that most organizations are attempting to bring employees back into offices. Last month’s announcement by Snap to mandate in-office work 4 days a week, and the Canadian Federal Government's mandate of 2-3 day in-office work weeks have received plenty of pushback, even as more and more organizations follow this trend. How will this change the risk landscape for organizations?
Rick Mounfield: Each year the range of threats is growing and diversifying; the excellent global insights in this blog post support that irrefutably. No one can know everything, and so it's vital that networks grow, and professionals are willing to help each other out. We must promote altruism and acknowledge help when we receive it. The advance of video conferencing makes this possible globally. We should seek diverse advice and consider radical ideas. In 2023, no security professional can afford to have a fixed mindset. I am encouraged by the speed with which this group rallied when Mike Gips called. To quote Chief Constable Lucy D’Orsi…. Dare to share!
Lisa Oliveri: For 2023, NGOs and other organizations operating overseas will have to adjust to the expansion of wrongful detention as a means of political detention. In fact, in July 2022 the U.S. State Department added a new risk indicator (“D” for detention) in travel advisories to warn of the risk of unlawful detention by a foreign government.
Kevin Palacios: From a Latin American perspective, I would add that government corruption is as widespread as ever, which we as citizens and organizations will have to grapple with in 2023. Not just in Latin America, but globally, as evidenced by the European Parliament scandal known as Qatargate. And arrests and accusations are pushing right up to the end of the year, as is the case with the Buenos Aires security minister Sergio Berni.
Eddie Sorrells: The troubling trend of high security-related verdicts may cause providers to be more diligent in selecting the type of work they service and making sure they have solid training policies and post procedures that can be defended post-incident. As more security companies enter the cannabis space, I fully expect that many will be looking for guidelines and standards to serve as beacons in this unique sector. ASIS International is expected to lead the way in this department with relevant best practices and real-time information through its Cannabis Security Community. The rapid evolution of technological advancement in security will continue, and providers who don't embrace a blended approach of personnel and technology, are at great risk of being left behind in the coming years.
Harold Wax: I suspect we are going to see an increase in active-employment and post-employment insider threats (whether that be sabotage, criminality, or violence) as businesses struggle to navigate the labor shortages, fierce competition for skilled professionals, and general dissatisfaction due to return to office mandates, and layoffs. Hiring practices, especially typical pre-employment screening thresholds, have taken a backseat for businesses to keep the “rubber on the road” which is resulting in more and more incidents attributed to individuals who normally would have not been allowed in the front door.
We are seeing major urban police departments advise businesses that unless someone is dying or running around with a firearm, don’t expect to see them proactively due to staffing shortages, increased call volumes, and general unwillingness to get involved in prevention activities that could lead to negative perceptions, bad press, or prosecution. Public/Private Partnerships that were abundant and successful pre-covid have fallen by the wayside due to budget shortfalls, workforce redistribution and changes in priorities and leadership. I suspect businesses are going to rely more and more on private security and risk mitigation resources, as well as local private sector intelligence sharing to get the job done.
Michael Gips, JD, CPP, CSyP, CAE, is the Principal of Global Insights in Professional Security, a consultancy focusing on security thought leadership, content, strategy, research, insights, and influence within the profession. Reach him on LinkedIn.