Digital signage software is breaking out of traditional silos and integrating with other ecosystems, which significantly increases the importance of IT security.
Digital signage software is subject to the same security requirements as other professionally used software solutions. What’s to be avoided are system vulnerabilities in the software code that hackers may use to access programs, steal data, and damage systems.
To prevent software threats, security should be an important part of software development and testing.
In the past, smaller software providers had often underestimated the issue of security, thinking challenges like phishing, DDOS attacks, or attacks on cloud services and the software supply chain were a challenge global providers had to face. However, experience has shown that digital signage platforms with a manageable number of licenses are just as vulnerable as office tools used by millions.
A threat to everyone
Now, software security is a top priority for most major providers, driven both by customer and cybersecurity insurer scrutiny. This is where providers whose tech stacks are based on large service cloud providers like Amazon, Microsoft, and Google have a certain advantage, as their serverless components and container applications are tested by global developer teams.
Signage software in the yearbook
Software is increasingly playing a central role in the entire digital signage ecosystem. For this reason, we have dedicated the special of the invidis Yearbook 2024 entirely to the topic of software: From AI in software to IT security and the new platform economy: Download the invidis Yearbook for free and learn everything about the development of digital signage software.
Other providers rely on alternative operating systems or software integrations. Google, for example, promotes ChromeOS, which allegedly has never been hacked, and Brightsign offers a robust “self-healing” operating system. Cingerine, on the other hand, opts for a software combination similar to that used in security routers.
Attacks on the software supply chain
The IBM Cost of a Data Breach 2023 report looked into attacks originating from the software supply chain.
It found that in 12 percent of surveyed companies, attackers breached a software provider’s network and deployed malicious code. This compromised software was then used to attack the customer’s data or system. Digital signage software developers are therefore under increasing scrutiny.
The study also revealed that the average cost of a data breach resulting from software supply chain compromise was 4.63 million US dollars. It took an average of 294 days to detect and contain the breach.
IT security must be a priority
For independent software vendors (ISVs) and integrators with proprietary software, security should be considered at every stage of development and deployment, with regular testing.
Companies nowadays place a lot more importance on cybersecurity when evaluating software providers. Instead of just filling out long Excel spreadsheets as in the past, sophisticated penetration tests are now common.
Hard times for digital signage
These tests are often conducted by external experts on behalf of cybersecurity insurance companies, rather than the companies’ own IT departments.
The digital signage industry, traditionally still made up of medium-sized businesses, is having a hard time when it comes to cyber security. Providers with older technology stacks and lacking IT security-certified processes, such as ISO 27001, often fail in tenders or even lose existing customers.
EU AI Act and other regulations
New laws, like the Cyber Resilience Act and the EU AI Act, are on the horizon for European companies, including digital signage providers and their customers.
Global companies also face regulations from other jurisdictions, like the US and China. Previously voluntary reporting of cybersecurity incidents and practices has become mandatory.
GenAI and IT security
The use of GenAI tools, such as large-language models like ChatGPT, must comply with legal requirements.
The previously frequent trial-and-error principle with public and confidential data must be controlled throughout the organization.
Some digital signage providers are turning to private GenAI models to ensure customer data protection.
New ways of protection
As more companies adopt an identity-first security approach, the cybersecurity focus is shifting from network security to identity and access management (IAM). IAM solutions protect remote access to company resources like apps, files, and data.
A typical example is multi-factor authentication (MFA). However, secure access is not just limited to employees, but also includes contractors, suppliers, business partners, and individuals using private devices.