Security Forecasts for 2007 - Right or Wrong?

It’s always a useful learning exercise to look back on earlier perspectives of security. This time last year I set out a Top 10 Security Trends for 2007. The list included some obvious trends such as security threats getting nastier, databases being the new target and compliance getting tougher. It also contained hot topics such as true de-perimeterisation remaining beyond reach, social computing making an impact on everyday business and security professionalism making slow progress. And I took a stab at a few higher risk predictions such as CISOs getting tough, technology taking centre stage and security vendors uniting. Finally I suggested that the electronic Pearl Harbour is probably just around the corner and that we could certainly do with a not-too-damaging wake-up call.

How did I do? Well the electronic Pearl Harbour didn’t strike though we did come close with events such as the Storm worm, the Far Eastern espionage attacks and the large-scale data breaches at TJ Maxx and HMRC. Most of my high risk bets also failed to materialise. CISOs didn’t get tougher. In fact more of them went native, supporting rather than challenging their business managers. I was also disappointed with the lack of imaginative new technology solutions on display, especially considering the increased amount of security research and VC funding for security products that’s been taking place across the world.

In defence I can claim that my first six predictions were spot on, so at least I achieved an above average return. And I still stand by most of my forecasts. The problem with predictions is always in the timing. Anything less than two years out is always a difficult forecast. Business cases, hype curves and development delays slow down the adoption of emerging trends. In the end the true art of predicting future generally comes down to estimating time lags rather than spotting the general trends.