Security Predictions for 2008 Revisited

Anton mentioned that very few people actually go back and review their predictions from the prior year (here), probably, as he states, cause they are all pretty lame. So I thought prior to posting my 2009 predictions (stay tuned) I would go back and review my “Security Predictions 2008” which I originally posted in January of 2008 (here)…so let’s see how accurate I was.

1. The percentage of executives who do not care about security will grow from 98% to 99% in 2008. The percentage that say they care will remain constant at about 68%.

This one was pretty much right on target, although to be fair there was probably only a .5% increase in executives who still do not really care about security.

2. The percentage of U.S. Citizens who have had their identity or other personal information stolen will increase to 99%, however a small contingent of Michigan Militia members will avoid this certain digital catastrophe since they will be a fix’n to make their own ammunition and live off the land. Even with the sheer number of identity thefts the percentage of U.S. citizens who realize they have had their identity stolen, or who just don’t give a damn, will remain constant at 10%.

This one was a near miss. Although 99% of people have actually had their identities compromised in one form or another the % that “just don’t give a damn” actually rose to 43.5%

3. As organizations switched to hiring CISSP’s and people who can help them “align security with the business” and communicate like a business person, they realized these people cannot actually prevent attacks or lessen their impact – security was now aligned with the business but since none of these people were qualified or trained to deal with active security threats the business had become really insecure and unable to fend off all but the most benign script kiddies.

Again another near miss. Although organizations were no better off in terms of fending off attacks and were still fundamentally insecure none were able to align security with the business anyway.

4. Microsoft will continue to support a thriving security industry through it’s distribution of vulnerable code, not to be outdone Apple, Oracle, and almost every version of *nix will try to outperform MSFT in the most vulnerabilities found in 2008 department.

Smack dab, right on. MSFT had several high-profile vulnerabilities, but then so did almost everything else, including the core routing infrastructure of the Internet itself.

5. Flush from internet scam proceeds Nigeria will buy a majority interest in Linden Research, Inc., the developers of Second Life, creating the most noble and prosperous republic of Virtual Nigeria and switching the Nigerian Naira to Linden dollars as the country’s official currency.

OK, so this was a miss, Nigerian spammers were unable to acquire an equity stake in Second Life, however they did manage to turn a major profit and have one of the strongest P&L balance sheets in the world, rivaled only by the Mexican drug cartels.

6. A group of elite Russian hackers will sit on the precipice of total world domination as they are minutes away from launching the Internet’s most devastating attack, which would have resulted in complete and total disruption of America’s critical infrastructure, but as the last minute modifications are being made to the apocalyptic plans Sergei, the younger and less intelligent brother of one of the cyberterrorists, accidentally spills soda on their equipment and in an instant their nefarious plans fizzle away in a swirling mess of high fructose corn syrup and melting silicon.

This one did happen, Sergei is now in a Siberian Gulag as he had to take the fall as the lone conspirator of what was dubbed “Cyberdoom 08 – the reckoning” by the Russian media.

7. The entire DLP market will crescendo to a wallet expanding $80 million, giving DLP the envious position of most-hyped, yet under deployed security technology – NAC vendors rejoice in having something even less beneficial and mature to take it’s place as the red-headed step child of Security.

Dead on, almost, there are no NAC vendors left to rejoice in DLP’s demise.

8. There will be a conference/training session every day of the week for 11 months out of the year with all of them lasting from 2-3 days and offering the most-advanced industry analysis, training and keynote speakers to help keep you ahead of the threats and armed to the teeth with breach statistics.

Dead on, there are more security cons than security professionals as of this writing.

9. True to his name Infosec sellout will emerge as an industry spokesperson for McAfee, selling out his secret identity as a sellout.

I totally whiffle balled this one, infosecsellout did not end up becoming a spokesperson for McAfee, but McAfee did continue to suck ass in 2008 (here)

10. Someone somewhere will open an infected email because they really believe that someone loves them

Yep, right on.

So you see folks no one can predict the future, but with a little intuition and a lot of insight one can gain a pretty clear picture of what lies ahead. My security predictions for 2009 will be posted soon so stay tuned to know what lies ahead for the industry.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s