So what will 2014 hold for
cyber security professionals? Will it be something new or more of the old? The
answer is bit of both. We have all reached a crossroads in the way we manage
security. Some CSOs will soldier on ahead - with diminishing effectiveness -
while others will others will benefit from taking a fresh direction. Here are my
forecasts for the state of security in 2014.
Escape from monoculture
New security technologies
will provide a greater choice of defensive options. I've reported before on the
danger of security 'monoculture', i.e. we have all been implementing identical security
defences, providing attackers with a simple testing platform for attacks. New
products that detect malware through behaviour and characteristics other than traditional
signature scanning will present a new challenge for attackers.
A new generation of attacks
professionals have been wondering what comes next after Stuxnet et al. That
code was developed many years ago. The next generation of attacks will inevitably
be richer, more sophisticated and even stealthier. There are enough political,
commercial and criminal motives to encourage further attacks, so we can expect to
see some spectacular threats - if we can detect them. They may already be
A backlash against security standards
Wherever I go in the world I
find a huge percentage of security managers who believe that security has
failed, and the major culprit is compliance along with the bureaucratic standards
it promotes. I've been saying this for years but lately I detect that
governments and regulators are beginning to see the light. Compliance cannot go
away. In fact it's likely to become even stronger. There will however be a rethink
of the standards we need to achieve effective security. But don't expect an
Improving strategic crisis response
Crisis management has been a long-standing
weakness in all enterprises, for both business and security crises, especially
at the strategic level which aims to safeguard the intellectual assets of the
organisation. The growth in major incidents, CERTs, SOCs and SIEM tools has all
helped to raise awareness of the need for better crisis management. It will be a
long journey. But it's a healthy sign that enterprises are finally looking beyond
simple incident management processes and business continuity plans.
Cyber skills gap grows
We all know there's a
shortage of high-end cyber skills. Ask anyone that runs a security testing
company. It's because skills such as high-speed reverse-engineering require a special
kind of person. Training courses can't fix this problem, especially those that teach
ancient security rituals. People with special skills can't be mass produced.
They have to be sought out. And that's a more difficult challenge.
No change at NSA
Don't expect any major changes
in the operations at NSA, despite continuing Snowden revelations. The weakness
is primarily with visible oversight and public presentation of policy, rather
than day-to-day operations. The reality is that you we have to gather large
amounts of intelligence to prevent terrorist incidents. And that threat has not
diminished. There is no evidence of widespread misuse of the data gathered.
Admittedly there is a theoretical possibility of a future dictator abusing the power.
But that's arguably a lower risk than the threat of terrorists gaining access
to weapons of mass destruction.
And on that controversial note
I'll wish everybody Seasons Greeting.