paulmudgett.com

I may as well get on the 2010 prediction bandwagon.

1.  With the rush to get into the “cloud” businesses will sacrifice security for the promise of efficiencies.  Attacks will be focused on the applications placed in the cloud, not necessarily the underlying OS infrastructure.  I predict there will be a large compromise of information stored in the cloud this year that will disrupt business processes for several businesses.

2.  The big talk about “cybersecurity” that comes from the Obama administration will be nothing more than talk.  Action taken will have little impact as the new Cybersecurity Czar/Coordinator has little authority to implement necessary changes in national information security.  This is most likely because of the pure volume of important “initiatives” being taken on by this Administration that will result in some areas, cybersecurity in this case, receiving less attention than required.  This isn’t a dig on the Administration, merely an observation that issues in terrorism, healthcare, economy, etc. will take precedence over fixing the cybersecurity issues facing the U.S.

3.  I predict there will be an even larger breach than what we saw with Heartland Payment Systems last year.  The financial motivations and organization surrounding cybercrime makes this type of criminal activity very profitable.  Attacks are being perfected while the resources to defend against such attacks continue to be too thin in most organizations.

4.  Mobile platforms will be the target of attacks this year.  The proliferation of iPhone/Blackberry and availability of mobile applications will prove a fertile environment for malware writers.  As more of these mobile devices are integrated into both business and personal worlds, the target will simply get too big to pass up.  Expect 2010 to be a big year for mobile attacks.

5.    With major attacks taking place in 2010 and hopefully and improving economy, the investment in information security will improve.  Specifically, there will be some growth in the need for both skilled technical staff and leadership positions where the ability to understand the business environment are emphasized.

I’ll be interested in seeing the twists and turns that are inevitable in the cybersecurity world and how organizations adapt to such a dynamic environment to protect sensitive information.  Good luck in 2010.

Tags: information security, National Cyber Security, PII, security awareness, security vision

This entry was posted on Sunday, January 3rd, 2010 at 12:22 pm and is filed under Awareness and Education, Business and Security, National InfoSec. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.