Well its broken record time in the security blogosphere as the Amazing Carnac’s roll out the very best analysis we have to offer in the areas of security and compliance through 2008. Bad stuff is getting badder, and threats against new stuff will increase, apparently security controls will continue to trail security threats which trail new product innovation – amazing! So as you roll-out your new digital toaster/coffee maker combo and integrate it into your wireless network some 15 year-old Swedish kid is going to use the internet to burn your toast and ruin your coffee.
It’s a cliché to say that the IT security threat environment is evolving faster and becoming more dangerous. Unless you have been living under a rock you have been bombarded with the FUD mallet. What is interesting is that not many seem to care. The storm worm introduced a new era of decentralized badness, innovative bot commanders have figured out how to leverage a web browser to add computers to their zombie armies, viruses are being spread through those little digital picture frame things, mobile computing is introducing new attack vectors, and apparently we are on the verge of a digital apocalypse the likes of which haven’t been seen since, well since the beginning of forever. I would be remiss if I didn’t lay down a couple of my own tracks, so in the spirit of the industry here are my top 10:
1. The percentage of executives who do not care about security will grow from 98% to 99% in 2008. The percentage that say they care will remain constant at about 68%.
2. The percentage of U.S. Citizens who have had their identity or other personal information stolen will increase to 99%, however a small contingent of Michigan Militia members will avoid this certain digital catastrophe since they will be a fix’n to make their own ammunition and live off the land. Even with the sheer number of identity thefts the percentage of U.S. citizens who realize they have had their identity stolen, or who just don’t give a damn, will remain constant at 10%.
3. As organizations switched to hiring CISSP’s and people who can help them “align security with the business” and communicate like a business person, they realized these people cannot actually prevent attacks or lessen their impact – security was now aligned with the business but since none of these people were qualified or trained to deal with active security threats the business had become really insecure and unable to fend off all but the most benign script kiddies.
4. Microsoft will continue to support a thriving security industry through it’s distribution of vulnerable code, not to be outdone Apple, Oracle, and almost every version of *nix will try to outperform MSFT in the most vulnerabilities found in 2008 department.
5. Flush from internet scam proceeds Nigeria will buy a majority interest in Linden Research, Inc., the developers of Second Life, creating the most noble and prosperous republic of Virtual Nigeria and switching the Nigerian Naira to Linden dollars as the country’s official currency.
6. A group of elite Russian hackers will sit on the precipice of total world domination as they are minutes away from launching the Internet’s most devastating attack, which would have resulted in complete and total disruption of America’s critical infrastructure, but as the last minute modifications are being made to the apocalyptic plans Sergei, the younger and less intelligent brother of one of the cyberterrorists, accidentally spills soda on their equipment and in an instant their nefarious plans fizzle away in a swirling mess of high fructose corn syrup and melting silicon.
7. The entire DLP market will crescendo to a wallet expanding $80 million, giving DLP the envious position of most-hyped, yet under deployed security technology – NAC vendors rejoice in having something even less beneficial and mature to take it’s place as the red-headed step child of Security.
8. There will be a conference/training session every day of the week for 11 months out of the year with all of them lasting from 2-3 days and offering the most-advanced industry analysis, training and keynote speakers to help keep you ahead of the threats and armed to the teeth with breach statistics.
9. True to his name Infosec sellout will emerge as an industry spokesperson for McAfee, selling out his secret identity as a sellout.
10. Someone somewhere will open an infected email because they really believe that someone loves them