Security Predictions 2008

Well its broken record time in the security blogosphere as the Amazing Carnac’s roll out the very best analysis we have to offer in the areas of security and compliance through 2008. Bad stuff is getting badder, and threats against new stuff will increase, apparently security controls will continue to trail security threats which trail new product innovation – amazing! So as you roll-out your new digital toaster/coffee maker combo and integrate it into your wireless network some 15 year-old Swedish kid is going to use the internet to burn your toast and ruin your coffee.

Itโ€™s a clichรฉ to say that the IT security threat environment is evolving faster and becoming more dangerous. Unless you have been living under a rock you have been bombarded with the FUD mallet. What is interesting is that not many seem to care. The storm worm introduced a new era of decentralized badness, innovative bot commanders have figured out how to leverage a web browser to add computers to their zombie armies, viruses are being spread through those little digital picture frame things, mobile computing is introducing new attack vectors, and apparently we are on the verge of a digital apocalypse the likes of which haven’t been seen since, well since the beginning of forever. I would be remiss if I didn’t lay down a couple of my own tracks, so in the spirit of the industry here are my top 10:

1. The percentage of executives who do not care about security will grow from 98% to 99% in 2008. The percentage that say they care will remain constant at about 68%.

2. The percentage of U.S. Citizens who have had their identity or other personal information stolen will increase to 99%, however a small contingent of Michigan Militia members will avoid this certain digital catastrophe since they will be a fix’n to make their own ammunition and live off the land. Even with the sheer number of identity thefts the percentage of U.S. citizens who realize they have had their identity stolen, or who just don’t give a damn, will remain constant at 10%.

3. As organizations switched to hiring CISSP’s and people who can help them “align security with the business” and communicate like a business person, they realized these people cannot actually prevent attacks or lessen their impact – security was now aligned with the business but since none of these people were qualified or trained to deal with active security threats the business had become really insecure and unable to fend off all but the most benign script kiddies.

4. Microsoft will continue to support a thriving security industry through it’s distribution of vulnerable code, not to be outdone Apple, Oracle, and almost every version of *nix will try to outperform MSFT in the most vulnerabilities found in 2008 department.

5. Flush from internet scam proceeds Nigeria will buy a majority interest in Linden Research, Inc., the developers of Second Life, creating the most noble and prosperous republic of Virtual Nigeria and switching the Nigerian Naira to Linden dollars as the country’s official currency.

6. A group of elite Russian hackers will sit on the precipice of total world domination as they are minutes away from launching the Internet’s most devastating attack, which would have resulted in complete and total disruption of America’s critical infrastructure, but as the last minute modifications are being made to the apocalyptic plans Sergei, the younger and less intelligent brother of one of the cyberterrorists, accidentally spills soda on their equipment and in an instant their nefarious plans fizzle away in a swirling mess of high fructose corn syrup and melting silicon.

7. The entire DLP market will crescendo to a wallet expanding $80 million, giving DLP the envious position of most-hyped, yet under deployed security technology – NAC vendors rejoice in having something even less beneficial and mature to take it’s place as the red-headed step child of Security.

8. There will be a conference/training session every day of the week for 11 months out of the year with all of them lasting from 2-3 days and offering the most-advanced industry analysis, training and keynote speakers to help keep you ahead of the threats and armed to the teeth with breach statistics.

9. True to his name Infosec sellout will emerge as an industry spokesperson for McAfee, selling out his secret identity as a sellout.

10. Someone somewhere will open an infected email because they really believe that someone loves them


9 thoughts on “Security Predictions 2008

  1. Oh come along now, don’t be ridiculous. That is the worst set of predictions I’ve seen this year. More than ONE lonely person is going to open an infected email, perhaps as many as TWO.

  2. Thanks Amrit, how very insightful. Had I not read your blog I would not be aware that bad stuff is getting badder and that apathetic executives will rise by 1 percent. This is critical information that will serve to fuel further FUD campaigns, marketing collateral, and general market noise intended to confuse security buyers.


  3. What is really amusing to me is that a couple of people have sent me email believing that this was a serious set of predictions…and people think I am nuts when I say awareness training is ineffective since there is a basic lack of shared common sense in the world.

  4. I bet you $100 you’ll get an email from a green PR person, not paying attention, saying “You know, XX vendor can address many of the issues you predict.”

    I shouldn’t bash my own people but I know it happens. ๐Ÿ˜‰

  5. Pingback: Security Predictions for 2008 Revisited « Amrit Williams Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s