With security journalists complaining about hazy security predictions for 2010, we thought I thought I should get my crystal ball out and share with you what the future holds for the world of Endpoint Security! My predictions are based on what I’ve noticed in the past few years, on recurring issues and generally how things work in the industry. So here goes!
1. The much hyped and awaited US Cybersecurity Czar will spend at least 6 months sorting through inter-agency policies, egos and feeble budgets and only then starting to do some work! The boost the security industry is expecting to come from the authorities interest in cybertheats will continue to lag.
2. The economy is picking up. But slowly and mostly on paper. Security budgets won’t be much increased and cost effectiveness will remain an important factor in selecting security products. Let’s hope it will come into play after the ineffective products are eliminated and not before!
3. While misplaced laptops might not be as big of a cause for security threats – shrinking budgets might put an emphasis on accountability for company technology and hardware and people might start paying more attention to where they through their notebooks – portable hard drives, USB sticks and other such devices will still be grossly lost and left unencrypted. So we’re still up for plenty of news on misplaced hardware leading to humongous sensitive data exposures.
4. I completely agree with the ICSA labs prediction – “Network-attached peripheral security threats will continue to increase. With more network-attached devices than ever before, disgruntled employees and other insiders will find ways to use unsecured printers and other network-connected devices to steal data while covering their tracks.“
No surprises there! USB sticks, MP3 players, smart phones, portable hard drives, they’re all hooked to the corporate networks and can pretty much drain all the data out of your company. With people still being let go and the competition willing to do anything for and edge and a chance to survive the dire conditions of a barely recovering economy, the insider threat will continue to lead them all when it comes to data theft.
5. 2010 will be the year of Security as a Service. With so many companies relying on overworked and understaffed IT departments and unwilling to allot too much money to the IT infrastructure, security products offered as a service will all see significant increase. Of course only those that get the job done! Pretty obvious if you think about it: no time wasted on installation and maintenance, no additional hardware needed to accommodate the new software, easy to learn and intuitive interfaces, it makes sense.
6. As a consequence of point 5 up there, companies providing software as a service solutions will have to better explain and promote them. They need to address reliability, liability and other security concerns, as well as point out the many benefits of choosing this type of security service.
7. More lawsuits. Yes, more data breaches will lead to lawsuits. Customers are becoming more knowledgeable, so the lawsuit threat will increase for all companies mishandling private data of their customers. They might not all win, but companies need a better plan to handle breaches. For example, waiting for months to disclose them might not be the sharpest idea.
What do you think? Which of these will come true and which are your own predictions for 2010?