Skip to content

2011 Security Predictions: Yes, We Have the Prognostication Bug Too!

December 28, 2010

Every year, it seems that everyone in the security industry — from software vendors, to practicing consultants, to security bloggers, all the way down to former-security-interns-turned-peanut-farmers — strings together a list of predictions for the next 365 days. So, without further delay, here are my top four predictions for information security in 2011:

  • Prediction #1: Stuxnet Will Get Monetized. Stuxnet got a lot of press in 2010, and with good reason. In 2011, I predict we’ll have at least one reported major data breach associated with a Stuxnet variant.  Keep scanning the PRC database for the first one.
  • Prediction #2: Insecurity in the FrankenCloud. For those of you who been listening to me for any appreciable period of time, you know that I’m very skeptical of the cloud, at least from a security perspective.  By the end of 2011, I predict we’ll see at least one large-cap, commercial company get publicly burned by their use of cloud computing.  Most likely, this will be a data breach, but could also be a significant sanction from a regulatory body for violating controls defined in a piece of security or (more likely) privacy law.
  • Prediction #3: Three Words: “Mobile Device Security”. Two predictions are rolled-up in this one: first, security firms will begin to focus a lot of energy on addressing mobile security and privacy, by developing both point security tools as well as security “suites” to address the egress of private data across mobile networks, enforce better authentication and encryption, provide better detection of malware, and ease backup and device recovery.  Second, we’ll see at least one significant lawsuit against a mobile service, device, and/or application provider, claiming failure to adequately protect the security of one (or more) users.
  • Prediction #4: WikiLeaks is the New Model of “Security Through Fear and Shame”. There are two specific predictions tied to this one, as well: first, there will be more large WikiLeaks-type disclosures, but I think that they’ll more likely be in the commercial realm rather than the political one.  Second, the WikiLeaks incident is now the poster child of the concept of “reputational damage” that security analysts have been talking about for so many years.

Finally, with a clear understanding of the potential of this term, organizations will be shoring-up the confidentiality of their data to ensure that they don’t go through the same cycle of fear and shame.

OK, I’m going to step off the soapbox now… what are your predictions for 2011? Comment and let us know!

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: