The
start of a new year always holds the promise for emerging trends, technologies
and threats in the field of cybersecurity.
One of my favorite traditions when it comes to this arena is reading the
commonplace and sometimes absurd predictions that “experts” will prognosticate
for the upcoming 12 months. Jon Oltsik
from Network World (2016) had some
fairly timely and (in my opinion) likely options for 2016.
“Mergers
and acquisitions. Okay, this one is somewhat
obvious but allow me to add my own spin. M&A activities will be
robust with numerous big deals taking place before the RSA Security Conference
at the end of February. That said, many areas of cybersecurity are
actually over-invested right now (i.e. CASB, next-generation endpoint security,
etc.). Once the first few deals happen, I foresee an industry panic where
Johnny-come-lately VCs get cold feet and start fire selling. As this
happens, patient cybersecurity companies will be rewarded with cybersecurity
technology startup acquisitions at relative bargain basement prices.
The
Beltway crowd jumps into the commercial market.
Federal contractors like Booz Allen Hamilton, CACI International, CSC, L-3,
Lockheed Martin, and Northrop Grumman have strong cybersecurity skills and
assets but little penetration into the commercial market. Look for one or
several of these federal integrators to follow Raytheon’s lead by establishing
commercial cybersecurity divisions, hiring management teams with vast private
sector experience, and acquiring companies with strong commercial cybersecurity
market share.
Growing
trusted systems offerings. Technologies
like the Trusted Platform Module (TPM) and Intel’s Trusted Execution Technology
(TXT) have been around for years but few software developers have taken
advantage of this system-level security functionality. I believe we will
see things start to change in 2016 as enterprises look to enhance
mission-critical system integrity. Oracle and VMware will join the
trusted systems fray while phones will ring off the hook at focused players
like Skyport Systems and Virtual Software Systems (VSS).
Cybersecurity
technology vendors will open their own kimonos.
Driven by new types of threats, CISOs will continue to increase oversight of IT
vendor risk management in 2016. This will cause a reaction on the supply
side as leading vendors trumpet their own internal cyber supply chain
management and secure software development best practices as a way of
differentiating themselves from more lackadaisical competitors. Microsoft
secure software development lifecycle (SDL) is a good example here, look for
lots of others to emulate this type of model.”
Given
past trends and predicted threats, these all seem likely to come to
fruition. As I searched for additional
predictions on the future of my field, I came across an interesting article
entitled Hocus-Pocus: The stupidity of cybersecurity predictions, from Computer World’s Ira Winkler (2016). Winkler purports that all predictions are
either a slight variation of each other, rehashed trends from last year’s DefCon,
or worse a self-fulfilling prophecy.
That is, if enough reporters / politicians / security professionals say
the power grid will be hacked then eventually it will. Winkler does concede that occasionally the
cybersecurity groundhogs can predict something correctly as one analyst firm did
prior to the end of the millennium when they envisioned a Y2K-related billion
dollar theft. Given the potential for
jumping on this bandwagon then, I will hazard my own safer prediction. Technology
will be exploited, and the world will need more people to stop it.
References
Oltsik,
J. (2016). Cybersecurity industry predictions for 2016. Network World. Retrieved from
http://www.networkworld.com/article/3019106/security/cybersecurity-industry-predictions-for-2016.html
Winkler,
I. (2016). Hocus-Pocus! The stupidity of cybersecurity predictions. Computer World. Retrieved from
http://www.computerworld.com/article/3019063/security/hocus-pocus-the-stupidity-of-cybersecurity-predictions.html
