As we near the end of 2009 it’s interesting to look back and see how accurate my January forecasts were. I predicted that: fraud would hit the roof; information warfare would get real; human factors would top the agenda; security would get outsourced; and brand management would embrace security.
These forecasts were surprisingly accurate, perhaps suggesting that this field is becoming more predictable. Certainly we’ve already experienced several major paradigm shifts in this decade, such as the adoption of cyber attacks by the criminal and military communities, the shock of a major data breach, the growth in regulatory compliance, and the emergence of cloud-based security services. So are there any more surprises in store, or will the future be essentially more of the same?
The answer is that 2009 was largely a period of consolidation for information security, but 2010 will be quite different, with some important, new shifts in both perception and practice. I shall cover these in my next posting.