I've never been a fan of security predictions, though I've written about them too many times to count.
I guess that makes me a hypocrite. I could take the high road and tell you my bosses always make me write about it, but why pass the buck? In the world of tech media, we ALL write about predictions.
Call it a case of doing one of those tasks you hate because, like changing diapers or taking out the trash, it has to be done.
Predictions are perfectly harmless. But here's my beef: They change very little from year to year.
For 10 years I've seen predictions that this will be the year of mobile malware or the year of a federal data security law. Here's what Symantec offered me from its 2013 crystal ball two years ago, when I was still a journalist getting pummeled with vendor predictions:
- Conflicts between nations, organizations and individuals will predominately take place in the cyber world
- As users shift to mobile and cloud so will attackers, especially exploiting Secure Sockets Layer (SSL) Certificates used by mobile devices and applications
- Madware continues to spike - particularly as companies seek to drive mobile ad revenue
- New security dangers & tricks for consumers on social networks
They weren't really predictions. It's stuff that was already happening. It's been happening for quite some time, actually. It's going to keep happening well beyond 2015.
Security folks particularly love declaring competing technologies dead. There was the prediction that IDS was dead. That was many years ago and the technology remains in demand. There was the prediction that 2009 would be the year pen testing died. Most of the security practitioners I talk to daily still swear by pen testing.
Attackers are always adjusting their tactics. But their targets remain pretty much the same: Financial institutions, retailers and governments with policies they don't like.
The challenges of IT security practitioners is pretty much the same: Minimize successful attacks against their enterprises, making the best of whatever human and technological resources they have.
Meet the new year. Same as the old year.
Having said all that, I'm going to make a few predictions anyway:
Researchers will continue to ramp up the frequency by which they disclose major vulnerabilities in old technologies. That means more of the crises we saw with Heartbleed, Shellshock and Poodle.
So-called hacktivist groups will continue to deface and DDoS the web sites of anyone they have a political beef with.
Catastrophic attacks like the one Sony Entertainment suffered will continue. That means more political debate about the role governments play in the mayhem. North Korea, Iran, Russia and China will continue to be the usual suspects.
Whatever happens, I wish you a happy, healthy and prosperous new year.