2012 has been an interesting year with a growth in our understanding of our adversaries and some high-profile international security incidents. 2013 will continue to impress, but differently. It will ultimately be a year of strategic growth.
Here are 5 cyber security predictions for 2013.
1. There will be little change to the threat landscape
There will be little change to the threat landscape in 2013 as our adversaries are already achieving their intent (extrapolating the size and scale of currently known adversary operations) and therefore have little pressure to change. However, I do not see this as holding into 2014 as greater innovation in the threat intelligence and mitigation space is made (prediction #4) and the role of government is better defined (#5).
2. Cyber attacks will have a greater impact to a greater number
As data and service providers co-locate in cloud environments, attacks on the infrastructure providing these services will rise (attackers will always go to where the data lives) resulting in greater collateral damage to non-intended victims simply based on with whom they are co-located.
2.1 Corollary: Risks will be more difficult to assess as control of the location of data and an accurate knowledge of the infrastructure is lost in the cloud. This will cause businesses to continue to mismanage public and customer relations when incidents occur.
3. The cost of cyber threats will grow and there will be an increased awareness and visibility of those costs resulting in greater effective action in the mid-and-long term.
Based on prediction #3 the cost of cyber threats to all organizations will grow. However, as has been the trend, visibility of security issues and incidents will rise forcing business change to address this challenge in new ways (hence prediction #5). Innovation will then lead to greater effective action in the mid-and-long term.
4. The role of government in securing computer systems from domestic and foreign cyber threats will continue to be muddled.
The role of government in any area is generally slow to evolve. Cyber security has not been any different. As governments around the world are consumed by domestic and international economic affairs, little attention will be focused on this problem further delaying necessary action.
5. Private industry, vice government or research, will make great innovations in the threat intelligence and mitigation space.
Based on: (1) the amount of venture capital flowing into cyber security industry to produce innovations in threat intelligence and mitigation, (2) the market growth for such innovations (based on predictions #2 & #3), and (3) with the growth in funding means the ability for private industry to recruit and retain the best talent in the field — it is no great stretch of the imagination to see that this is where the innovations necessary to combat the threat and increase risk and cost on the adversary will originate during 2013 changing the threat landscape in 2014 and beyond.