2010 IT Security Predictions

It’s that time of year again, the time when some things are simply inevitable. Things like fruitcake, maxed out credit cards, endless commercials about the “sale to end all sales”, and last, but not least, end of year predictions by everyone in the Security field who thinks they know something the rest of us do not. I don’t want to buck the trend or to be dubbed a scrooge, so I thought I would add my own two cents. My 2010 predictions are listed below, so give them a read and let me know your thoughts.

2010 predictions:

1.) Services will protect themselves: Facebook, Google, Twitter, TinyURL and the like will gain more control over criminal content. They will achieve this by either eradicating it or flagging it as bogus (or questionable), since not doing so seriously jeopardizes their business model. Those that do not will lose significant advertising revenue and go under (or away, or will be consumed by competitors).

2.) Malware will not evolve. No significant changes in malware will occur in 2010. Botnets won’t get more “sophisticated”, although they may make changes in the way they work (so what, they always have been.) No mass outbreaks will occur, and highly targeted attacks will remain only on the very fringes, as it has been for years.

3.) Consumers are getting smarter: The number of older “newbies” being introduced to the Internet’s crime is going to be significantly less in 2010 than in the past. While younger “newbies” will make their introductions via more secure services, or with friends who have been scammed in the past or otherwise have a good level of awareness. The base level of “cluefulness” for consumers will rise in 2010, which is
another reason for prediction #1 above.

4.) Windows 7 (not necessarily IE8) will prove to be more robust than expected, but ISV’s will have the light shone on them by MS as the attacks move more towards the applications (and, possibly, away from browser exploits.) ATL issues in ISV products will have a spotlight in 2010 (those that don’t use IE to do their interactions.)

5.) Serious finger-pointing and frustration over basic essential protocols (SMTP, DNS) will occur amongst “governments”, and non-technical organizations as spam and phishing prove even more difficult to thwart. Microsoft’s legal efforts, however, will pay off with at least one major arrest in this arena (and the details should give hope to those who’d like to see many more arrests.) Criminals will begin to think twice.

6.) Breaches will increase, albeit possibly smaller in average number of records compromised. There will be more money transfers made via accounting staff compromised credentials in 2010 than past years. Mid-sized businesses will be “shocked,” and some representative organization will call for major changes in some form of infrastructure (again!) A PCI-like standard will likely be announced/enforced by several major banks to cover electronic access to accounts for businesses. ACE (or ACE-like) tokens go mainstream (again)!

7.) Nothing of note happens to non-PCs (e.g. phones, PDAs, Macs, etc)

8.) CaaS works, not surprisingly for most of us.

9.) Virtualization does not come under real-world attack as a target, but the media will sensationalize at least one story where VM’s were involved (but the VM software had nothing to do with the issue.) Joanna will continue to ride her horse.

10.) China will continue to be blamed for everything.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: