Security Forecasts for 2009

It’s the time of year to dust off the crystal ball, look ahead, and take the plunge at forecasting the key trends we can expect to encounter during the next twelve months. Here are my Top 5 predictions for 2009.

Fraud hits the roof – When times are hard, expectations low, and loyalties hit rock bottom, that’s the time to expect an increase in fraud. In 2009, there will be more criminals, greater envy and increasing potential for insider cooperation. And at a time of increased financial scrutiny, companies will be more likely to detect frauds. Unfortunately, there’s a growing shortfall of skilled resources available to investigate suspected white-collar crimes. And anti-forensics technology will be a major problem for any security investigator. 

Information warfare gets real – Global recession and increased commercial competition, coupled with a growth in national cyber defence capabilities will combine to create an itchy trigger finger, waiting to unleash latent information warfare capabilities. Governments will need to raise their diplomatic game to establish new protocols to limit the increasing power and economic damage from professional hacking, espionage and sabotage.    

Human factors top the agenda – For years, we’ve known that people are the major security issue, yet we’ve done surprisingly little about it. The result is that our security efforts in this area fall embarrassingly short of customer and citizen expectations. This year, we’ll finally bite the bullet and belatedly put some effort and money into serious security awareness and behaviour change campaigns. Any organisations that fail to embrace the need for better security education for staff handling sensitive customer information will risk the outrage of the masses and the media.

Security gets outsourced – With shrinking levels of business demand and staff, many organisations will be forced to move to a variable cost basis for services, through outsourcing and Software-as-a-Service products. The market for security services is more mature than it used to be. You can outsource virtually anything today, though it would be dereliction of responsibility to farm out major decisions on security policy or risk management. And with increasing levels of outsourcing, managing the security of outsourced operations will become a growing challenge in itself. 

Brand management embraces security – When corporate reputation and confidence in brands begins to seriously impact sales, companies will look to media relations and brand management function to leverage revenue and profits. A simple root cause analysis will identify information security as a major differentiator. Security managers should introduce themselves to their in-house spin doctors before they look elsewhere for inspiration.