twitter facebook rss

Icebergs and Security Predictions

Posted by on December 22, 2015.

It’s traditional at this time of year for security researchers to risk their credibility by offering their predictions as to what will happen in information security in the next 12 months. Usually in multiples of ten. Or at least the unhidden one-tenth of the researcher iceberg spending enough time in the public eye to attract the attention of journalists and their own PR departments. Apparently there’s a perception that the public loves a list, even if it’s a list of sort of glamour-free topic that preoccupies the security industry.

Happily, my own accelerating slide into old age, grumpiness, and the obscurity that tends to accompany (semi-)retirement has allowed me to avoid the worst excesses of this tradition in recent years. Though I don’t say that it’s totally without interest. As I said elsewhere some years ago:

Security prognostication isn’t science: it’s more like science fiction, and classic science fiction isn’t about the future, but the present. A view of the future refracted through today’s trends may be through a glass darkly, but it’s not valueless.

And while I don’t intend to make any predictions about developments in malware/anti-malware technology, perhaps I will mention some issues that I think will be discussed over the coming months.

  • The Internet of Things. Of course. After all, it represents an ever-widening attack surface. And since we tend to be quite sensitive to any threat to children and/or health, anything involving toys like the Pink Fink or healthcare devices as discussed here. And indeed, recent crises involving Hello Kitty and VTech indicate the risks are not trivial. (And to think I used to tell people that my small daughter’s VTech computer had the safest operating system I knew…) It’s not just criminals who are interested in this stuff either: though if your opinion of politicians is as high as mine, you may already have considered that. However, there are plenty of less dramatic possibilities.
  • Tech support scams. Even though the security industry, with a few exceptions, takes very little notice of them, they continue to make a lot of money from their victims. Small-ish sums for individuals, but more than enough to keep some unpleasant individuals richer than they should be, and now increasingly found going far beyond mere deception, keeping company with ransomware and other malware.
  • Ah yes. Ransomware. (For some reason I keep typing that as ‘ransomeware’: strange, since I’ve never actually read ‘Swallows and Amazons‘…) I’ve been worried enough by the way its technology has become more sophisticated and the mounting volumes of people it is affecting to have started a vendor-neutral ransomware resource page. It’s a little piecemeal at the moment, but it does at least provide a starting point for people looking for more information.
  • The death of anti-virus. Again. Especially around RSA and Infosecurity, when companies in other areas of security are desperately seeking column inches at the expense of the ‘traditional’ anti-malware industry. (When I was more PR-friendly, I used to make this prediction every year, and I was never disappointed…) Well, old-school anti-virus in the sense of self-replicating malware and static signatures is long dead, and rightly so. But there’s more to security software than that, and replacing one solution du jour with another is not enough.

OK, it’s not a top ten. But it’s providing me with more than enough issues to worry about at the moment.

David Harley

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , , , ,