Infosec predictions for 2013? Shoot me, please

Stop them before they predict again!

Welcome to my third annual plea for security vendors to put away those self-evident New Year predictions. Today seems like the right time to do this. I've gotten three prediction emails since firing up the laptop.

I've never been a fan of security predictions, though I've written about them too many times to count. I guess that makes me a hypocrite. I could take the high road and tell you my bosses always make me write about it, but why pass the buck? In the world of tech media, we ALL write about predictions. It's only a matter of time before I get the predictions assignment from CSO's beloved editor-in-chief.

Call it a case of doing one of those tasks you hate because, like changing diapers or taking out the trash, it has to be done.

Predictions are perfectly harmless. But here's my beef: They change very little from year to year.

For eight years I've seen predictions that this will be the year of mobile malware or the year of a federal data security law. Here's what Symantec offered me from its 2013 crystal ball this morning:

  • Conflicts between nations, organizations and individuals will predominately take place in the cyber world
  • As users shift to mobile and cloud so will attackers, especially exploiting Secure Sockets Layer (SSL) Certificates used by mobile devices and applications
  • Madware continues to spike – particularly as companies seek to drive mobile ad revenue
  • New security dangers & tricks for consumers on social networks

Sorry, Symantec, but these aren't really predictions. It's stuff that's already happening. It's been happening for quite some time, actually. Tell me something new.

Vendors particularly love declaring competing technologies dead. There was the prediction that IDS was dead. That was many years ago and the technology remains in demand. There was the prediction that 2009 would be the year pen testing died. Most of the security practitioners I talk to daily still swear by pen testing.

My inbox has been getting hammered with 2013 vendor security predictions since Halloween. They all pretty much state the obvious:

--Mobile malware is gonna be a big deal

--Social networking will continue to be riddled with security holes

--Technologies A, B and C will be dead

--Microsoft will release a lot of security patches

--Data security breaches will continue to get more expensive

Looking at the predictions I got this time last year for 2012, I found that any of them could be repackaged as 2011 predictions and nobody would know the difference. Here are some examples from the Zscaler Labs Research Team:

1. Political hacktivism will escalate

2. Cloud computing will be fraught with security risks

3. App stores like the Android Marketplace will continue to be polluted with malicious programs

4. Social networking will meets social engineering

Some of my vendor friends will tisk me for raining on their New Year parade. So will the PR people they pay to distribute this stuff.

But I also know more than a few PR people are reading this and agreeing with me.

CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

New! Download the State of Cybercrime 2017 report