Tippett's Top 10 Security Predictions
"While we can never fully forecast the future, we certainly have a good glimpse into what security will be like 10 years from now -- based on all the data we have amassed over the last several years for our Data Breach Investigations Reports," Tippett says. "For starters, we know successful security breaches are leveling off, and that means we are headed in the right direction as organizations band together to fight cybercrime. By 2020, we expect life to be notably better for cyber users."
Tippett's top 10 predictions:
What are your information security predictions for 2020?
#1. Security Will be More Measured and Scientific -- While generally more effective, it may also become more mundane, similar to how industrial safety and quality control are seen today.
#2. Security Data Drought Over -- As more data is available, we'll see standard, unified methods of collecting, analyzing and reporting data breaches will become commonplace.
#3. Privacy or Transparency -- There will be a large-scale consumer "vote" on whether we value privacy or personal transparency. We can see this coming with the battles over Facebook privacy taking place now.
#4. Identity Will Be Easier -- Eventually, he says, the dozens of passwords that each net user has today will be reduced to two to three identities that are easy and intuitive.
#5. Threats Will Evolve -- Threats will emerge that we haven't thought of yet, and we will need to devise new ways to beat the cyber criminals (then the process will repeat). But all in all, the overall security climate will get better.
#6. Combination of Technologies Coming -- The use of reputation systems, and the large-scale use of end-user, network, and other reputational data, will combine with forms of automation to help users to avoid websites, email and IP addresses with malicious content. This will help institutions keep their brands safe, as more customers move to online banking.
#7. Security Coming to Cloud -- More security services will become part of the "cloud," and many of the basics will be included "in the pipe." Users will be able to use both wired and wireless forms of connectivity that include common security functionality such as email spam, anti-virus and other filtering, Web proxies, firewall, IDS/ IPS, Denial of Service, and other "reputational" technologies. A bigger chunk of population will be protected with these basics; they will be less expensive, more pervasive and comprehensive.
#8. Mobile Will Be King -- Mobile platforms will dominate end-user interaction with the Internet. Mobile will attract malicious activity, users will find the mobile platforms with better security versus those that are open and unrestricted.
#9. SaaS and Cloud Deliver -- Software-as-a Service (SaaS) and numerous, diverse cloud services will dominate the software, storage, and computer-platform delivery models. Providers will provide better security features and controls than the current plethora of diverse, and individually deployed enterprise systems.
#10. Computer Crime Enforcement Increasing -- Prosecution of computer criminals will increase over most of the decade. Better laws, logging and other evidence preservation, forensics capabilities, cooperation among worldwide law enforcement agencies, and stronger, more ubiquitous and diverse electronic identity will all drive more arrests and more jail time for those convicted of cybercrimes. It is fair to point out - the Albert Gonzalez case notwithstanding -- that other experts contradict this, saying that criminals will be driven further under the radar in more targeted, stealthier attacks.
I'm hoping we see a faster delivery of some of these solutions than 2020. Because of the attacks and threats we've been facing in our industry with ACH fraud and all of the other types of crime hitting us and our customers, I think we all will agree these changes can't happen fast enough. Add to this that we're already behind the security curve, where the cyber criminals have pushed ahead and are constantly upping their game, changing tactics and adding more strategies to their bag of tricks. Until we get to that "less risky" state of security, keep fighting the bad guys with everything you've got.
Meanwhile, what are your information security predictions for 2020?