Predictions - everyone seems to have them. We're still in early January, so I wanted to summarize the best of what I've seen as well as contribute my opinions to the many 2009 security lists floating around in cyberspace.
A Google search on "2009 Security Predictions" yields millions of results. Starting at the top, SANS usually offers good insights, so here's their list of top predicitions which was updated on January 9. I didn't see too many "way out there" statements, and some of these predictions already came true in 2008 such as David Hoelzer's: "I predict that in 2009 a major corporation who is fully PCI/DSS compliant will experience a major data breach, proving the point that "Compliant" is not the same as "Secure".
(A look at recent major data breaches in the past few months will show you which company I'm referring to.)
A Georgia Tech Information Security Center Report entitled "Emerging Cyber Threats Report for 2009" is subtitled "Data Mobility and Questions of Responsibility will Drive Cyber Threats in 2009 and Beyond." Althought there were no major surprises, the report listed the following five emerging threats as the greatest challenges in the year ahead: "Malware, botnets, cyber warfare, threats to VOIP and mobile devices, and the evolving cyber crime economy.
Network World's Andreas M. Antonopoulos lists his security predictions for 2009 which includes: "Regulatory compliance will be back with a vengeance." I agree with him on the list, but again there are no "wow" statements or big surprises here.
Finally, I like the slideshow of predictions offered at Channel Web. This list is by far the most original and creative.
And the winner is... Channel Web. No doubt the economy and tough times will impact security in unknown ways but will dominate the backoffice of security.
Any thoughts on other predictions that you've seen?
