Akamai Diversity

Akamai Security Intelligence
& Threat Research

Why I Hate Security Predictions: Part 1

Security predictions have been a staple of news in the security industry for as long as I've been in this profession. I hate them.  Every December and January, there's a spate of stories written about what the "experts" expect for the upcoming year. With rare exceptions, they fall into one of three categories: more of the same, growth in a specific attack type, or "the year of" .  Some of them have a kernel of value, but it's hard to separate those kernels from the chaff of general predictions.

First of all, I think predictions are a lazy attempt to get press attention.  More of the same and growth predictions are almost invariably put forth by people working on solutions to those problems.  They're often correct, because most of the problems we face in security continue to increase, and will for the foreseeable future.  The few predictions of this type  worth reading, go deeper and actually explain why there will be changes in the near future.

The second reason I hate predictions is that they too often represent little, or no, actual analysis or thought.  A reporter, or more likely a PR team, typically asks a security professional what they think will happen next year leading the expert to respond with an off the cuff response based on what they're currently working on.  Knowing there's no one who will remember these comments in a year, or even in a few weeks, makes it easy to simply give a flippant response that doesn't require much thought.

Research is hard and can make many of us rather myopic when it comes to threats. It's unusual to have the time or energy to step back from our current work to understand how our analysis might influence the wider world or what it might mean to the future of our industry.  In other words, we see the problems in front of us, but don't often see how the ripples they cause. I can speak from personal experience on this point.

Finally, predictions are difficult because it's hard to be nuanced and support your reasoning for them in a pithy, attention grabbing way.  Predictions stories are all about having multiple ideas about the future that can fit in a tweet or be read in a few minutes.  It's hard to get the 'why' of your predictions into a story if you can't sum it up in a single sentence.  

Predictions make for good eye candy, garnering eyeballs for both reporters and industry pundits. Like candy, they're good in small doses, to feed us a little jolt of energy at the end and beginning of the year, but not something we should make a steady diet of.