Lately, my email box has been filling up with seminars, newsletters and scary ads pronouncing that the next generation of information security problems has arrived. Is this just hype or something more?
Of course, most of these emails come from vendors who want to scare me into buying their product or at least read prompt me to read on and hear their pitch. The messages range from how new phishing attacks bypass spam filters to spyware or malware that isn't being detected by traditional tools sets.
Just in case you don't believe that there is a "next generation" trend, a Google search for "next generation security products" will yield almost 3/4 of a million results. Yes, the list of different security companies and their marketing practices are endless, and no doubt they need to distinguish their latest products from whatever they were selling last year.
And yet, I do think some things are changing. Symantec and many of the other big security companies are reporting that the bad guys continue to get more sophisticated and organized. The federal government is spending more on cybersecurity and kicking off several new cyber security initiatives.
At a time that we would expect the Bush Administration to be winding down and putting the finishing touches onto transition reports for the next administration, cyber security activity in DC seems to be heating up and not cooling down. All signs point to a next generation of problems and huge list of work left to be done well into the future.
While this trend may seem rather obvious to many in the CSO/CISO world, it certainly is not so obvious to many in the technology industry. Many people I speak with in government are waiting for "their turn" to be atop the priority list for CIOs and technology projects in 2009 and beyond. From projects leaders building "Green IT" to new virtual data centers to cloud computing strategies, I've heard numerous "experts" say that security should start winding down, packing up, and don't forget to turn out the lights on your way out the door.
The problem is, no one told the bad guys that their turn was over. Rather, we do seem to face a new set of more sophisticated attacks every few months.
How long can this pace keep up? I'm not sure, but I don't think this is just hype - this is the new normal. Neither do I know what comes after the "next generation," but I'm sure the marketers will help come up with a name. In the meantime, security should stay atop of the (undesireable) list that keep CIOs and business execs up at night in 2009.
What do you think? Have we reached the next generation of attacks?
