2010 Security Outlook: Reply Hazy, Try Again

Security researchers, experts don't show much agreement on the coming year's threats

Tim Wilson, Editor in Chief, Dark Reading, Contributor

December 30, 2009

4 Min Read

Every year, Dark Reading editors are subjected to a hail of email from vendors, researchers, and analysts offering "predictions" for the coming year. While some of these predictions are based on actual data gathered by researchers who analyze security trends, the vast majority of these predictions often seem a bit random, if not completely arbitrary.

We suspect the widespread use of Ouija boards, crystal balls, tea leaves, and chicken entrails.

Seriously, folks, is this the best the security industry can do? Some of these predictions include shocking new insights, such as "the malware threat will continue to increase" and "use of botnets will grow." Duh. Tonight's forecast: dark.

As a service to you, our readers, we combed through the many lists of predictions in an effort to find a few that are actually forward-thinking. This is by no means a comprehensive list, and it's pretty darn subjective -- but, hey, so are most of the predictions.

By the way, we already know which of these are going to come true -- but we're just so sick of predictions, we don't feel like telling you. Nyah. The winners, in no particular order:

1. Network-attached peripheral security threats will continue to increase. With more network-attached devices than ever before, disgruntled employees and other insiders will find ways to use unsecured printers and other network-connected devices to steal data while covering their tracks. (ICSA Labs)

2. Malicious software will target specific devices. Like the malware that attacked ATM cash machines and routers in 2009, attackers will take aim at next-gen or lower-level devices that may not be on the radar of corporations and vendors yet. (Norman ASA)

3. Mobile devices will remain a relatively low priority target for the bad guys. We like this one because it runs contrary to the other 114 predictions that we received, which all state that handheld devices and smartphones will be among the top threats in 2010. This prediction points out that although many vulnerabilities undoubtedly will be found in next-gen handhelds, the computer criminals will probably not target them because most of the really valuable data is still on corporate PCs and servers. (Accuvant Labs)

4. Attacks on virtualization technologies will increase. The growing deployment of Microsoft's Windows Server 2008 R2 Hyper-V and VMWare's vSphere will make it easier for small and midsize businesses to take advantage of virtualized servers -- which will make these environments a much more interesting target for attackers. (BitDefender)

5. There will be a rise in attacks from file-sharing networks. The bad guys will shift from exploits via Websites and applications toward those that originate from file-sharing networks. In particular there will be an increase in mass malware epidemics via P2P networks. (Kaspersky Lab) 6. Despite the hype of increased social networking threats, misconfigured "stuff" -- e.g., servers, firewalls, and laptops -- will be the real threat for companies to watch out for. This is another prediction that goes against the tide: The other 99 percent of predictors say social networking will be among the chief threats of 2010. (Tripwire)

7. It is unlikely that 2010 will see widespread targeting of cellphones by malware because the mobile operating systems are too disparate for them to be a lucrative effort for cybercriminals. This is an insightful statement that runs contrary to the many knee-jerk predictions that smartphones will be among the top targets for 2010. (PandaLabs)

8. ISPs will increasingly implement technologies to identify users who are infected with malware and take steps to block Internet access until the users' machines are cleaned up. It will probably be a few years before these ISPs are the norm, rather than the exception, but the prevalence of such practices will increase. (ESET)

9. The Windows 7 operating system, while built to be more secure than Vista, will inevitably be riddled with exploitable vulnerabilities. The widespread adoption of Win 7 naturally makes it a key target for malicious threats, like viruses, bots, and worms. (ICSA Labs)

10. Windows 7 will have some issues, but will prove more secure than forecast by the security industry. While the Redmond PR folks pitch Win 7 as a brand new OS, a survey of the code indicates it is mostly a rework of Vista. "Rework" is the key word here, and initial analysis shows many of the bugs that exist in Vista are absent from Win 7. (Accuvant)

If those last two predictions seem contradictory, you should see the rest of the predictions we received. We may be asking some of these pundits for security advice in the coming year, but trust us, we won't be asking them to pick any lottery numbers. Maybe it's time to put away the crystal balls for another year and focus on fighting the threats we already know about.

Whatever awaits, we at Dark Reading wish you a happy -- and secure --new year.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights