Bad predictions are soon forgotten. This can be a blessing for those in the prediction business. The guy on the local news that predicts the weather doesn’t always get it right, but we still tune in the next night for the next prediction. We forgive and we forget.
I’d prefer you forgot about our bad predictions too. But, because we’re trying to provide some help in thinking about and planning for the future, we add some accountability to our predictions. For our 2010 predictions we actually graded ourselves mid-year as you can see here: http://www.symantec.com/connect/blogs/security-trends-watch-2010-mid-year-status-check. With our 2011 predictions, we let you, our readers, grade us immediately through an attached survey. For the most part, you agree with us. And in one case we (both Symantec and you) have been proven correct already. We are one for one so far. So, let’s take a look at the results. We’ll start with the disagreement.
Compliance Will Drive Encryption Initiatives…or Will It?
Thirty-seven percent of you disagree with our prediction that regulatory compliance will drive the adoption of encryption. This was the strongest disagreement we had on any of our predictions. Interestingly enough, we had pretty solid backup on this one. The Ponemon Institute’s 2010 Annual Study: U.S. Enterprise Encryption Trends study revealed that for the first time, regulatory compliance has surpassed data breach mitigation as the top reason why organizations deploy encryption technologies. My guess is that our readers are ahead of the security curve and moved to encryption long before any regulation demanded it.
The majority of respondents were aligned with our other predictions.
Stuxnet is Only the Beginning
Eighty-eight percent of respondents said they think it very or somewhat likely that 2011 will bring with it additional threats following in the footprints of Stuxnet. Stuxnet is the most significant example to date of cyber espionage. It should at the very least make you a little paranoid. However, it appears that in the spirit of the holidays our readers have taken their security list and checked it twice. Forty-eight percent of respondents feel just as safe now as they did at the end of 2009, long before the Stuxnet threat was discovered.
Zero-Day Vulnerabilities Everywhere
Eighty percent of respondents agreed that zero-day vulnerabilities will become more common as highly targeted threats increase in frequency and impact over the coming year. With 12 zero-day vulnerabilities spotted in 2009, and 18 previously unknown zero-day vulnerabilities spotted so far this year, it looks like the trend is pointing toward 2011 as another record-breaking zero-day year.
Mobile Is Going to Be a Big Challenge
Eighty-eight percent of respondents agreed that the exponential adoption of smart mobile devices will drive new IT security models. With the blurring of the lines between business and personal use, the increasedsophistication of the devices and the consolidation of mobile platforms, it is inevitable that attackers will key in on mobile devices in 2011 and mobile devices will become a leading source of confidential data loss.Part of this new IT model is security. Fifty-two percent of respondents said they’ll be putting security software on their mobile device(s) in the future.
And now where we already know we got it right.
Cyber Attacks as Politics
Eighty-three percent of respondents agreed that politically motivated cyber attacks would emerge. Bingo! We didn’t even need to wait for 2011 to be proven right on this one. Remember, we ran our prediction in mid-November and our readers took the survey long before the massive DDoS attacks took place last week. It’s hard to argue that these attacks did any real damage to the large corporations involved, but they drew attention which was the whole point. Expect more in 2011.
Finally, in the survey we asked about IT trends that would have the biggest affect on security 2011. And the winner is:
We gave our readers four choices for the trend that would have the biggest impact on enterprise IT security strategies in 2011: the consumerization of IT, cloud computing, government regulation, and virtualization. Your vote for the “big bang” for 2011 – the cloud. Forty percent of respondents said cloud computing will have the biggest impact on enterprise IT security strategies. Equal numbers of respondents (24 percent each) said the consumerization of IT and government regulation will have the greatest affect. Only 14 percent thought virtualization would have the biggest impact.
Well, there you have it. There were a few surprises, but for the most part, we think your opinions are pretty well in line with our security and storage experts. Thanks to all those who took our 2011 predictions survey!