What we need are view points and recommendations based on analytics and trends in data that will point us towards actual solutions to real problems. One of the better reports published each year is the Emerging Cyber Threats Report presented by the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI). While it’s a fairly lengthy report, it is well worth your time investment as it provides analysis and trends with straightforward explanations of the types of threats we should be actively preparing to deal with in the coming years. These are the types of reports that allow companies to plan for security based upon facts, data, and the analysis of the best minds in the security industry and law enforcement.
As I’ve written about in the past, we as an industry do a great job of hyping ourselves, but a poor job of explaining what we do and how we solve problems within an organization. This needs to change. As we move into 2014 and beyond, security will continue to take on increased importance within organizations, especially those who deal in sensitive data or areas of critical infrastructure. It will need to become more tightly integrated into business planning and the CISO will need to become an agent of change within the organization.
As I’m sure you could gather from the opening portion of my article, I’m not much into predictions. A clever sound bite can’t ever be a substitute for careful analysis and years of research and development aimed at solving the industry’s most technical challenges. Despite years of heavy investment in security, none of us can stand here today and say that we are winning. At the same time, we continue to face more sophisticated foes with increasingly well-funded technology capable of delivering significant attacks on our most valuable institutions.
While I won’t make a prediction per se, I will leave you with what I consider to be a statement of fact. We in the security industry need to do better. We need to continue to advance our technology and develop new and better ways of addressing security concerns and vulnerabilities. Due to the very nature of our business we will always be playing catch-up to the hackers, but that is a challenge we need to meet. I’m not sure who said it first, but the reality remains, in the security industry, we need to be right 100 percent of the time whereas the hacker only needs to be right once. Words to live by and ones that I’m pretty sure didn’t come from Nostradamus.
Related Reading: 'Tis The Season For Security Resolutions, Not Predictions