Wednesday, January 11, 2006

OK, here is a shot at my security predictions for 2006

So, I am finally done reading other people's security predictions. A lot of silly stuff, I must admit! And a lot of truly obvious things, which largely fall into a bin of "threats will still be there" :-)

Here is my own shot at information security predictions for 2006. I decided to stay on the safe side and minimize embarassment next year, so I am keeping the more controversial stuff to myself...

Note the numbers in brackets; these are (probability of happening, ease of making the prediction). The scale is from 1 to 5, which 5 marking the highest probability and the highest ease of prediction. I am stealing this idea from Thomas Ptacek's blog post, but making it more quantitative.

1. Viruses, worms, bots and spyware will remain the main concern; malware commercialization will continue and thus propel more money-making technologies such as spyware (5,5)
2. Data/IP theft and especially ID theft will continue and increase in both severity and occurrence (5,5)
3. At least one major 0-day compromise story will surface, maybe with Oracle software (5,4)
4. Application-level vulnerabilities will grow, service-level ones – shrink (5,4)
5. Client (web, mail, chat, etc) attacks will rise and server attacks will fall somewhat (4,5)
6. Major wireless and mobile threats will not come (4,3)
7. Endpoint security solutions and NAC-like technologies will experience sharper increase in adoption than other security tools (3,4)
8. Finally, I predict that just as one cannot predict the threats of tomorrow today, one still won’t be able to do in 2006 :-) (5,5)

Dr Anton Chuvakin