I was trying to figure out what to write about this morning so I was looking at the various news articles that were available and was getting stumped with what to write about. The stories that were out there were the typical ones – you know, the ones on worries about self-driving cars (Elon Musk of Uber is worried about the cybersecurity of driverless cars), how different governments are looking at cybersecurity laws (Singapore is looking at one and the US is building out a new law), new companies are hacked (Verizon had it’s customer’s records made available because of a misconfigured Amazon Web Service S3 bucket) and so on.
In short, same old, same old.
I mean, really. We’ve been hearing about these types of stories for a long time now and they really aren’t anything new. So, while sitting back and thinking about this, I decided to try something different. I thought I would write a “predictive” blog about what I think will happen over the next year. I could do something like:
- The State Government of (fill in the blank) had it’s taxpayer accounts hacked and over 3 million private records were stolen.
- Cisco talks about how ICS equipment isn’t as secure as it could be so there needs to be improvements to protect critical infrastructure.
- Australia passes a new cybersecurity bill requiring certain levels of compliance with a new set of regulations
- England starts a new Cybersecurity Defence unit which will supplement it’s Army, Navy, and Airforce military arms, saying that Cyber is the new military branch and to be used for attack purposes (and not just for information gathering)
- The gap between the number of cybersecurity jobs and the people that can fill them is at an all time high (it’s been growing ever since I got into this area back in 2000)
But those are kind of obvious future predictions for cybersecurity. I mean, if you were to look at the various news stories over the last year, those are the obvious ones (just substitute the names of the countries and companies for some other entities).
So what are some actual REAL predictions? What will happen in the future that is different from the consistent trends that have been happening over the years? Well, lets see …
I got it! I’ll write predictions of things that I would LIKE to see but that I don’t think will happen anytime soon. Okay, let’s get started –
- By the year 2020, a new common cybersecurity language based on XML will be created through OASIS that allows Cybersecurity tools to communicate with each other. This allows cybersecurity tooling to react and respond in a fraction of the time it takes for human based corrective action.
- An extension of the new common cybersecurity language allows for the communication of security information beyond individual domains allowing for the “Federation” of security information to flow. This new standard replaces the aging TAXII standard.
- In the year 2022, the US Government makes changes to Sarbanes Oxley that makes corporate governance responsible for the security of all business records. As a result, the CISO is now elevated to the Board level and corporate risk includes security risk.
- A major Class Action lawsuit is decided against Microsoft for the exposure of financial records of a Retailer’s customers through a vulnerability in Windows 12. As a result, Microsoft is on the hook for a multi-billion payout to all members that purchased a computer with Windows 12 loaded on it. Microsoft appeals and the court case is expected to make it’s way to the US Supreme Court. In the meantime, Insurance agencies providing business insurances to companies creating anything with software have increased their insurance premiums 1o00x because of the shift in case law.
- McAfee releases it’s newest Malware protection, “HAL”. “HAL” (named after the computer from “A Space Odyssey) is an artificial intelligence based malware protection software that is able to review configurations of computers and automatically harden and loosen the configurations of the computers and servers based on the actions of the User. So, instead of having a baseline, it’s acts similar to a “rubber band” where the configuration, when not in use, “snaps shut” but, when the computer is in use, the configuration of the computer “stretches” to meet the needs of the User. NOTE: IBM is suing McAfee for the use of the name “HAL” because of where the name originally came from.
- The UN announces that a global agreement has been made as to how personal information is to be treated. All member nations of the UN will be aligning their privacy laws in order to ensure a consistent application of privacy protections. Cloud Service Providers applaud the initiative and a consolidation of data centres is expected. An unintended side effect is that the demand for cybersecurity professionals starts to decrease because of a consolidation of where these roles can be located.
- EA Media has purchased it’s 5 technology media based company in the last 2 years, growing it’s user base to 5 Million subscribers (hey, like I said, things that I would LIKE to see).
Huh. Sort of utopian, I agree. But, at the end of the day, if you can’t envision a brighter tomorrow, how can you move forward and improve?
Hope this helps …