• United States



Stop them before they predict again!

Dec 19, 20113 mins
Data and Information Security

Welcome to my second annual plea for security vendors to put away those self-evident New Year predictions.

I’ve never been a fan of security predictions, though I’ve written about them too many times to count. I guess that makes me a hypocrite. I could take the high road and tell you my bosses always make me write about it, but why pass the buck? In the world of tech media, we ALL write about predictions. I’ve written about many that I probably didn’t have to bother with.

Call it a case of doing one of those tasks you hate because, like changing diapers or taking out the trash, it has to be done.

Predictions are perfectly harmless. But here’s my beef:

They change very little from year to year. For seven years I’ve seen predictions that this will be the year of mobile malware or the year of a federal data security law.

Only security vendors seem to enjoy making predictions.

Vendors particularly love declaring competing technologies dead. There was the prediction that IDS was dead. That was many years ago and the technology remains in demand. There was the prediction that 2009 would be the year pen testing died. Most of the security practitioners I talk to daily still swear by pen testing.

My inbox has been getting hammered with 2012 vendor security predictions since Halloween. They all pretty much state the obvious:

–Mobile malware is gonna be a big deal

–Social networking will continue to be riddled with security holes

–Technologies A, B and C will be dead

–Microsoft will release a lot of security patches

–Data security breaches will continue to get more expensive

Looking at the predictions I got this time last year for 2011, I found that any of them could be repackaged as 2012 predictions and nobody would know the difference. Here are some examples from the Zscaler Labs Research Team:

1. Political hacktivism will escalate

2. Cloud computing will be fraught with security risks

3. App stores like the Android Marketplace will continue to be polluted with malicious programs

4. Social networking will meets social engineering

See what I mean? Any of these would pass as predictions for 2012, even though they are a year old.

Some of my vendor friends will frown upon my prediction poo-pooing. So will the PR people they pay to distribute this stuff.

But I also know more than a few PR people are reading this and agreeing with me.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a