Andrew Hay’s Predictions for 2008
Everyone else posts their predictions for the coming year so I figure I should throw mine into the air as well.
More Public and Damning Breaches
I predict that several large breaches will occur and will be revealed to the public. I also predict that one of these breaches will be that of a sensitive government or military target that will dwarf the severity of the TJX breach. These breaches could very well be outside of North America but I have a feeling the major breach will happen in the United States. The breaches will also lend credibility to any of the Presidential candidates “new” cyberwar policies that they will enact once elected.
Increased Focus on Foreign Cyberwar Capabilities
I predict that the perceived Chinese cyber-threat will continue to grow and that the capabilities of other unfriendly nations will be thrust into the public eye. Since 2008 is an election year you’ll probably notice this being talked about quite a bit on the campaign trail. I also suspect that there will be promises of increased military spending to combat this “new” threat. Is this the start of another “cold war” on the digital plain? Will the major military players start stockpiling “cyber warriors” in their arsenal?
Year of the Rootkit
I predict that 2008 will be a very bad year for rootkits. More freely available rootkit creation tools will be published allowing more script-kiddies to build their own distribution packages. Rootkits themselves we become increasingly complicated and harder to detect by common methods. I also suspect that 4th year University & College computer science courses will start showing up over the next several years, showing students how to create, and defend against, these new technologies.
Economic Downturn will Impact Training Budgets
I predict that 2008 will be a bad year for security professionals looking to receive training from their organizations. With the U.S. dollar in flux, organizations will be hesitant to spend their budget on something that isn’t perceived as a tangible return on investment. Expect training organizations to drive their customers towards the web and mobile training solutions to help stay competitive.
Forensic Requirements will drive SIM/SEM/SIEM Products
I predict that forensic analysis of stored data will become the hot topic for 2008. Log retention and storage was the key driver in 2007 but now that people have all of this information stored, they are going to need a way to actively use it for investigatory purposes. Expect customers to push back on their SIM/SEM/SIEM vendors for faster and better correlation between events, vulnerabilities, and flows. Also expect several failed PCI investigations to push the top players in the industry to increase the forensic capabilities of their offerings.