Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

10 Things That Didn't Happen in 2009 (And Probably Won't Happen in 2010)

We look back at how well GFI's David Kelleher did on predicting what was NOT likely to happen in the security department this year

By , Senior Editor

December 27, 2009CSO

At the beginning of 2009, CSO ran an article contributed by David Kelleher, communications and research analyst at with security software firm GFI Software, about ten things that won't happen in 2009. At that time, Kelleher gave us his picks for ten things he predicted security pros would want, but were not likely to get, in the coming year.

As we head into 2010, we decided to look back at how the year shaped up and spoke with Kelleher about his prognosticating. His reaction?

"I would say the predictions are spot on," said Kelleher

Read on to see what Kelleher had to say at the beginning of the year. How did these "fake predictions" shape up in your security program? How do you think they bode for 2010? According to Kelleher, even though the world of security is constantly evolving, the more things change, the more they stay the same.

Fake Prediction #1: Organizations will pay greater attention to security in 2009
The reality in 2009: Breaches continue to plague enterprise security
"And pigs will fly!" said Kelleher at the time he made the "unprediction" that organizations will pay more attention to security. "The 'it won't happen to me' syndrome will strike again and thousands of records will be put at risk," he predicted.

Taking a glance at this very long list of breaches that occurred over the last year, it appears Kelleher was, indeed, spot on. 2009 began with a monster breach announcement from Heartland Payment Systems, which disclosed its credit card payment systems had been hacked and millions of clients had had sensitive data exposed.

The list of organizations hit by breach grew rapidly over the course of 2009. Even security vendors got hit, as CSO Senior Editor Bill Brenner discussed in his FUDWatch column.

Fake Prediction #2: IT security spending will increase in 2009
The reality for 2009: Depends on who you ask
CSO reported on a Forrester Research survey at start of 2009 that found security spending was actually up for some IT departments. The Cambridge, Mass.-based research firm interviewed nearly 1,000 firms for its State Of Enterprise IT Security: 2008-2009 report and found, among other things, that the security portion of IT budgets is expected to rise 12.6 percent in 2009, up from 7.2 percent in 2007 and 11.7 percent in 2008.

But a survey conducted by CSO told a different story. The story, published in February, revealed economic conditions are having a negative impact on the majority of security budgets. CSO polled security-decision makers in over 100 companies about their spending plans for 2009. Of the 159 respondents, 64 percent indicted that the economy was having a negative impact on security spending. Many respondents indicated hiring freezes or staff reductions were necessary due to the financial crisis.

RESOURCE CENTER