2010 Security Outlook: Reply Hazy, Try Again

Every year, Dark Reading editors are subjected to a hail of email from vendors, researchers, and analysts offering "predictions" for the coming year. While some of these predictions are based on actual data gathered by researchers who analyze security trends, the vast majority of these predictions often seem a bit random, if not completely arbitrary.

We suspect the widespread use of Ouija boards, crystal balls, tea leaves, and chicken entrails.

Seriously, folks, is this the best the security industry can do? Some of these predictions include shocking new insights, such as "the malware threat will continue to increase" and "use of botnets will grow." Duh. Tonight's forecast: dark.

As a service to you, our readers, we combed through the many lists of predictions in an effort to find a few that are actually forward-thinking. This is by no means a comprehensive list, and it's pretty darn subjective -- but, hey, so are most of the predictions.

By the way, we already know which of these are going to come true -- but we're just so sick of predictions, we don't feel like telling you. Nyah. The winners, in no particular order:

1. Network-attached peripheral security threats will continue to increase. With more network-attached devices than ever before, disgruntled employees and other insiders will find ways to use unsecured printers and other network-connected devices to steal data while covering their tracks. (ICSA Labs)

2. Malicious software will target specific devices. Like the malware that attacked ATM cash machines and routers in 2009, attackers will take aim at next-gen or lower-level devices that may not be on the radar of corporations and vendors yet. (Norman ASA)

3. Mobile devices will remain a relatively low priority target for the bad guys. We like this one because it runs contrary to the other 114 predictions that we received, which all state that handheld devices and smartphones will be among the top threats in 2010. This prediction points out that although many vulnerabilities undoubtedly will be found in next-gen handhelds, the computer criminals will probably not target them because most of the really valuable data is still on corporate PCs and servers. (Accuvant Labs)

4. Attacks on virtualization technologies will increase. The growing deployment of Microsoft's Windows Server 2008 R2 Hyper-V and VMWare's vSphere will make it easier for small and midsize businesses to take advantage of virtualized servers -- which will make these environments a much more interesting target for attackers. (BitDefender)

5. There will be a rise in attacks from file-sharing networks. The bad guys will shift from exploits via Websites and applications toward those that originate from file-sharing networks. In particular there will be an increase in mass malware epidemics via P2P networks. (Kaspersky Lab) 6. Despite the hype of increased social networking threats, misconfigured "stuff" -- e.g., servers, firewalls, and laptops -- will be the real threat for companies to watch out for. This is another prediction that goes against the tide: The other 99 percent of predictors say social networking will be among the chief threats of 2010. (Tripwire)

7. It is unlikely that 2010 will see widespread targeting of cellphones by malware because the mobile operating systems are too disparate for them to be a lucrative effort for cybercriminals. This is an insightful statement that runs contrary to the many knee-jerk predictions that smartphones will be among the top targets for 2010. (PandaLabs)

8. ISPs will increasingly implement technologies to identify users who are infected with malware and take steps to block Internet access until the users' machines are cleaned up. It will probably be a few years before these ISPs are the norm, rather than the exception, but the prevalence of such practices will increase. (ESET)

9. The Windows 7 operating system, while built to be more secure than Vista, will inevitably be riddled with exploitable vulnerabilities. The widespread adoption of Win 7 naturally makes it a key target for malicious threats, like viruses, bots, and worms. (ICSA Labs)

10. Windows 7 will have some issues, but will prove more secure than forecast by the security industry. While the Redmond PR folks pitch Win 7 as a brand new OS, a survey of the code indicates it is mostly a rework of Vista. "Rework" is the key word here, and initial analysis shows many of the bugs that exist in Vista are absent from Win 7. (Accuvant)

If those last two predictions seem contradictory, you should see the rest of the predictions we received. We may be asking some of these pundits for security advice in the coming year, but trust us, we won't be asking them to pick any lottery numbers. Maybe it's time to put away the crystal balls for another year and focus on fighting the threats we already know about.

Whatever awaits, we at Dark Reading wish you a happy -- and secure --new year.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.