Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

What Would Nostradamus Have Said About Cyber Security in 2014?

It’s that time of year again when everyone wants to wow you with their insights and predictions about what the next year will bring us in terms of technology and hacks in the security industry. Don’t get me wrong, always thinking ahead and applying a predictive approach to security is an idea and practice I fully endorse.

It’s that time of year again when everyone wants to wow you with their insights and predictions about what the next year will bring us in terms of technology and hacks in the security industry. Don’t get me wrong, always thinking ahead and applying a predictive approach to security is an idea and practice I fully endorse. However, I would like to ask the security community as a whole to please not waste our time with vagaries and statements that are so broad that they could apply to anything, and/or at the same time, nothing.

For those unfamiliar with the name or work, Michel de Nostredame, aka Nostradamus, was a French apothecary and reputed seer who published collections of prophecies that have become famous worldwide. While he is the most famous of the prognosticators, his predictions are largely panned by the scientific community as being too general as to be moldable to fit multiple scenarios and situations. His most famous of all predictions was that the world was going to end in 1994, and then again in 1998 or maybe it was 2000. No, it was definitely going to end on December 21, 2012. Well, I’m writing this in November of 2013 so I guess that didn’t quite work out the way he had envisioned after all.   

IT Security Predictions for 2014

The reason I bring this up is that if Nostradamus had envisioned our networked world of 2014 and had written predictions about the security challenges that existed, I’d expect them to look something like this:

– Hackers will target data in the cloud

– Attacks will continue to become more sophisticated

– Cybercriminals will be motivated by profit

– China and other nation states will remain a top security concern

– Mobile devices will be under increased scrutiny

Please raise your hand if any of these predictions have helped you shore up your security planning for 2014. Anyone? I didn’t think so. While I changed some of the wording to protect the guilty, the themes of each of these predictions was a direct pull from members of our industry. Forward-thinking and practical advice from experts is always appreciated, but we need to do a better job making constructive points in our observations.

What we need are view points and recommendations based on analytics and trends in data that will point us towards actual solutions to real problems. One of the better reports published each year is the Emerging Cyber Threats Report presented by the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI). While it’s a fairly lengthy report, it is well worth your time investment as it provides analysis and trends with straightforward explanations of the types of threats we should be actively preparing to deal with in the coming years. These are the types of reports that allow companies to plan for security based upon facts, data, and the analysis of the best minds in the security industry and law enforcement.

As I’ve written about in the past, we as an industry do a great job of hyping ourselves, but a poor job of explaining what we do and how we solve problems within an organization. This needs to change. As we move into 2014 and beyond, security will continue to take on increased importance within organizations, especially those who deal in sensitive data or areas of critical infrastructure. It will need to become more tightly integrated into business planning and the CISO will need to become an agent of change within the organization.

As I’m sure you could gather from the opening portion of my article, I’m not much into predictions. A clever sound bite can’t ever be a substitute for careful analysis and years of research and development aimed at solving the industry’s most technical challenges. Despite years of heavy investment in security, none of us can stand here today and say that we are winning. At the same time, we continue to face more sophisticated foes with increasingly well-funded technology capable of delivering significant attacks on our most valuable institutions.

While I won’t make a prediction per se, I will leave you with what I consider to be a statement of fact. We in the security industry need to do better. We need to continue to advance our technology and develop new and better ways of addressing security concerns and vulnerabilities. Due to the very nature of our business we will always be playing catch-up to the hackers, but that is a challenge we need to meet. I’m not sure who said it first, but the reality remains, in the security industry, we need to be right 100 percent of the time whereas the hacker only needs to be right once. Words to live by and ones that I’m pretty sure didn’t come from Nostradamus. 

Related Reading: ‘Tis The Season For Security Resolutions, Not Predictions

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet