Cybersecurity to reach new heights in reducing risk by 2020
By Victor Ng | Apr 29, 2010
While online business transactions and consumer use of the Internet are continuing to increase dramatically, cybersecurity breaches are starting to level off, and in the next 10 years security protection will become more effective and widespread as organizations band together to fight cybercrime.
This is Verizon’s top Internet security expert Peter Tippett's most recent assessment.
Speaking at the Infosecurity Europe trade show in London, Tippett, vice-president of technology and innovation at Verizon, said: “While we can never fully forecast the future, we certainly have a good glimpse into what security will be like 10 years from now, based on all the data we have amassed over the last several years for our Data Breach Investigations Reports. For starters, we know successful security breaches are leveling off, and that means we are headed in the right direction as organizations band together to fight cybercrime. By 2020, we expect life to be notably better for cyber users.”
Tippett provided his top 10 predictions for the next decade in information security:
- Security will be more measured and more scientific. While generally more effective, it may also become more mundane, similar to how industrial safety and quality control are seen today.
- The long-standing “lack of security data” problem will lessen. More data will be available to more people. Standard, unified methods of collecting, analyzing and reporting data breaches will become commonplace. This, combined with the new dominance of worldwide breach notification requirements, will tend to drive better controls and better understanding of the threatscape.
- Something will happen that will force users to make more important decisions about the way they use the Internet. There will be a large-scale consumer “vote” on whether we value privacy or personal transparency.
- Identity will become ubiquitous and simple for everyone. Anonymity will be possible, but the normal method of interacting with banks, health care, our workplace and other high-trust systems will include high-grade, “second factor” identity operating as the norm. The user experience will be easier than it is today. The dozens of passwords that each of us net users has today will be reduced to two to three identities that are easy and intuitive.
- Since human adversaries and not just industrial accidents and product defects are involved, the threat landscape will continue to evolve. Things will emerge that we haven’t thought of yet and organizations will need to devise new ways to beat the cyber criminals (then the process will repeat). But all in all, the overall security climate will get better.
- The use of reputation systems, and the large-scale use of end-user, network, and other reputational data, will be coupled with numerous forms of automation that will help users to avoid websites, e-mail and IP addresses with malicious content, or which have been recently involved in malicious activities.
- Numerous security services will become part of the “cloud.” Many of the basics will be included “in the pipe.” It will be both possible and common to be able to use both wired and wireless forms of connectivity that include common security functionality such as e-mail spam, anti-virus and similar filtering, Web proxies, firewall, IDS/ IPS, Denial of Service, and other “reputational” technologies. Together, a larger segment of the population will be protected with these basics; they will be less expensive, more pervasive and more comprehensive.
- Mobile platforms will dominate end-user interaction with the Internet. Though mobility will invite malicious activity to be directed at mobile devices, users will generally gravitate toward platforms with better security and content with some software pre-testing or restrictions over platforms that are totally open and unrestricted. These controls will come from wireless, and some content, providers and will make malicious software less likely to succeed, which will contribute to decreased computer crime.
- Software-as-a Service (SaaS) and numerous, diverse cloud services will dominate the software, storage and compute-platform delivery models. Successful providers of these cloud and SaaS services will inherently provide better security features and controls than our current plethora of diverse and individually deployed enterprise systems.
- Prosecution of computer criminals will increase over most of the decade. Better laws, logging and other evidence preservation, forensics capabilities, cooperation between worldwide law enforcement, and stronger, more ubiquitous and diverse electronic identity will all drive more arrests and more jail time for those convicted of cybercrimes.
Tippett concluded: “In general, cyberthreats will become less and less risky as the decade unfolds. With stronger and more ubiquitous measures in place, we will see a significant decrease in e-mail spam, identity theft and much of the computer crime as we know it today. And those cyberattacks that continue will change in character to fewer, more targeted attacks.”