Why more security predictions and how can you benefit?

1 2 Page 2
Page 2 of 2

Why more security predictions?

1) I think this security prediction trend both reflects and affects society. It is a sign of security industry growth, maturity and future prospects of the cybersecurity industry as a whole.

More cyber predictions is a sign that many more in professional technology fields as well as non-technical readers and end users are interested in the suite of topics I listed above. They care more about cybersecurity, data breaches, technology and the growing Internet of Things (IoT) market – even if they don’t use those words.

How does this trend reflect society? Winkler is right that readers are fascinated by predictions.

Advice: Go with it, whether you like it or not. The security industry did not invent this global train that predicts the future, and we are far from the lead engine. In fact, we are closer to the caboose, but get on board the train before it leaves the station. People have been making predictions for thousands of years, and it ain’t going away anytime soon.  

This trend also affects society in that security budgets, government legislation, company priorities and more are impacted by societal opinions. Better security can result if the majority is well-informed about risks and security trends and demands action on the privacy of data.  

2) Online and offline life are merging as never before. With technology affecting more areas of life and crossing multiple domains, security predictions are bleeding into other areas of interest, and other areas of interest are bleeding into security. For example, national defense now includes the cyber domain, along with air, water, sea, sky and land. Therefore, defense predictions will include cyber components. Other areas, like transportation and healthcare, are similarly affected.

But are security predictions really “Hocus-pocus?” My daughter Katherine, who is an elementary education major in college, brought up an interesting point when discussing this topic. She said that the scientific method begins and ends with hypothesis. Even children learn by making educated guesses, even if the guess is wrong. Teachers encourage predictions in all subject areas as the students must understand a topic to be able to predict what is next.

But what about “dumb predictions” by the masses? How about unqualified ideas that just waste our time? Don’t we need better quality predictions from a select few? Answer: no. We all can learn this way.

Besides, the experts are not always right, as we know from practical experience in sporting upsets that no expert predicts or huge snowstorms that hit, despite meteorologist predictions that say it won’t happen.

There are certainly times when we need a child to say, “The emperor has no clothes!”

Action item: Ask your children what they think will happen if certain data is not protected in the coming year.

3) More people, companies, media outlets and others are trying to define themselves as your “trusted adviser” within security. They want to be recognized as the top experts.

This requires that we dig deeper into the best sources – look beyond specific dates to trends, analysis and signals to watch out for. Of course, as consumers of predictions, we need to make educated decisions about who offers the best advice, insights, trends and predictions. We should hold experts accountable.

Just as those who do a good job of predicting economic trends and stocks and bond prices are listened to closely the next year, I expect a closer look at who is making what security predictions in the coming years.  

Each December, I read through hundreds of security predictions lists from a variety of sources that contain thousands of predictions. I can say without a hesitation, that I learn a tremendous amount each year by going through these predictions. Most of the major vendors have excellent reports and data that back up their predictions. If available, look at the detail behind the predictions.

For example, Trend Micro allows you to zoom down into more detail behind their simple one-line predictions like the one that Winkler criticized. Here’s an excerpt of what’s said related to one prediction: “A customer-grade smart device failure will be lethal.”

2015 saw incidents that involved hacked or insecure devices, ranging from baby monitors, smart TVs, and connected cars. Even as users have increasingly become aware of the security risks of connecting appliances and devices to the Internet, the public interest in smartifying just about everything will continue to peak.

Smart-connected home device shipments are projected to grow at a compound annual rate of 67% in the next five years, and are expected to hit almost 2 billion units shipped in 2019—faster than the growth of smartphones and tablet devices. Given the diversity of operating systems and lack of regulation for these smart devices, there remains to be no signs of a possibility of a large-scale hacking attack. WiFi and Bluetooth networks, however, will become polluted and clogged as devices fight for connections. This will, in turn, push mission-critical tasks to suffer.

However, the likelihood that a failure in consumer-grade smart devices will result in physical harm is greater. As more drones encroach on public air space for various missions, more devices are used for healthcare-related services, and more home and business appliances rely on an Internet connection to operate, the more likely we will see an incident involving a device malfunction, a hack, or a misuse that will trigger conversation on creating regulations on device production and usage.

How can you benefit from security predictions?

1) Gain industry knowledge, understand overall trends and expand your horizons beyond one stovepipe or topic. Security predictions help you understand industry trends and help you grow in your knowledge – if you do your homework and read the supporting research that usually comes from major vendors.

Remember that the actual date the event happens is less important than trends, patterns and even repetition of an item. Sure, these people or vendors are predicting that it will happen in 2016. It could certainly be 2017 or 2018. But the trend is still valid – especially if many top vendors predict the same thing.

Meanwhile, we reward those who make unique predictions that no one else thought of if they come true. So don’t always penalize bad predictions, since no one is perfect.

2) Use the free advice, direction, insights and annual reports provided by many.

Are some these predictions just marketing? Sure. But a lot of it is very good analysis of where we have been and where we are going.

And this has been going on for years. Gartner, Forrester and many other services typically charge for the advice and predictions that many top vendors give away for free in their annual prediction reports. I am not saying you should not use those services for expert advice, if you like what they offer, but understand that there is value in many of these free annual reports from companies like FireEye, Symantec, McAfee, Websense, Sophos and others.

3) Use predictions as an opportunity to educate others. Get the word out on cybersecurity – whether that is to your company, your family or your community group. Are you bringing problems or solutions? We claim we want to educate end users on cybersecurity, so educate!

Or, why not offer your own predictions? Join the party, after you do your homework.

Here’s an area where I think we can all agree. Even if you think most annual security predictions are lemons, turn them into lemonade! Make the most out of the situation.

I often get asked questions about dramatic security predictions that friends and family hear on TV. The questions come up in unexpected places – like church or at extended family events. Usually, someone has heard some prediction like, “A Cyber Pearl Harbor is coming!” They want to talk about it with a person they know and trust.

When such situations occur, we can either dismiss the comment and walk away, or offer an appropriate, kind response in whatever way you think is best. We have a choice to make at that moment. Hopefully we have the time to be wise, helpful and informative. Even if you disagree with the prediction, offer some examples of what you think will happen.

Final Thoughts

Here’s a new prediction for you: Even more security predictions next December 2016 (about 2017). Some predictions will be good, some not so good. Some general, some very specific. Some irrelevant. Some (who knows what).

And guess what? Not all the industry thought leaders will be right, and not all of the wannabee novices will be wrong with their predictions.

But isn’t that the truth about most areas of life? The Internet is giving us more voices, and we need to learn who we really trust and turn to. Who will we listen to moving forward?

Bottom line, the more the security and technology industries grow, the more predictions we will have. From the Internet of Things, to new technologies to robots to self-driving cars, do you really think we will be talking about security and privacy less in 2020? I don’t.  

Predictions are not new, and they are not going away. In fact, they are just getting started.

Congratulations security industry, and welcome to center ring in this three-ring circus. Yes, it is a very big circus, but that’s where all the action is.

Copyright © 2016 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Get the best of CSO ... delivered. Sign up for our FREE email newsletters!