Well, it is rapidly approaching the end of the year and time for the prognosticators and pundits to publish their Cybersecurity Trends to Watch for in 2020. I really enjoy reading what the so-called experts pass off as omniscient morsels of cyber security wisdom.
In this article, I will take a look back at some of the more egregiously obvious and sometimes humorous predictions. One great, big, RED FLAG in reading these articles is when they use the term “will continue”, using the same prediction as last year or previous years. This is a sure indication of journalistic laziness. Another RED FLAG is when the prediction is so general that it likely has a 100% probability of being true. We will see several examples of this RED FLAG as well.
In order to protect the guilty, I will not cite specific references but will simply use the dates of the articles. But rest assured all of the items below come from legitimate cybersecurity prediction articles.
“Attackers will get smarter”
(December 2018) - This is one of my personal favorites. (Note extreme sarcasm to follow) Had I not read the article, I would have never guessed in a million years that attackers would improve their techniques and tools in the coming year. Obviously, attackers are continuously improving their tools and methods to compromise an ever-expanding universe of attack surfaces.
“Attackers will continue to target consumer devices”
(December 2018) - This is another of my favorites since it uses the general technology term, “consumer devices”. With half the planet using iPhones, of course, attackers will continue to target consumers! This gem has two RED FLAGS by using a gross generalization and the term “continue”.
“Demand will continue to rise for security skills”
(December 2018) - This golden nugget is another one that appeared in a December 2018 article about cybersecurity trends to watch for in 2019. This “prediction” has appeared in nearly every cyber security “trend” article over the last 30 years since the advent of the Morris Worm in 1988! To pass off this trend may be the most intellectually dishonest of them all. To prove my point, I went back to a December 2016 article on “Five cybersecurity trends to watch for 2017. You guessed it, the article contained to obligatory, “Shortage of skilled IT security workers.”
“Five emerging cybersecurity threats you should take very seriously in 2019 - Cross-site scripting and Mobile Malware”
(February 2019) - While these “predictions” cite specific threats, the problem I have is with the use of the term “emerging”. Mobile malware has been “bugging” users for years. The Open Web Application Security Project (OWASP) has been around since 2001 and thus has been cautioning security professionals about cross-site scripting (XSS) for the last 18 years. I would hardly classify these two threats as emerging.
“Cyber threats and the number of attacks will continue to grow”
(December 2017) - This treasure also violates two of my RED FLAGS by using the term “continue” as well as the general nature of the item itself. This item may be in contention for a “Captain Obvious” award or at least an honorable mention!
“Old fashioned phishing and hacking of individual users”
(December 2013) - Going back several years for this tidbit, I am trying to figure out what “old-fashioned” attacks might be? Did someone dig out their Cap’n Crunch whistles so they could resurrect phone phreaking? Oh, that’s right, there aren’t many, if any, pay phones/phone booths in use anymore (even in 2013). Maybe we need an old-fashioned CISO to combat the old-fashioned attacks?
“The end of the internet as we know it”
(December 2013) - From the same article as the previous item, the author really went out on a limb for this one. The author postulates that due to surveillance measures, the Internet will break up into national segments. Although some countries take drastic measures to filter or otherwise subvert their citizenry from the free flow of information, I would hardly frame it as the demise of the Internet as “as we know it”. You can put this in the “what the hell were they thinking” file!
(January 2015) - While I give the author credit for brevity, a prediction that more cybersecurity breaches will occur in any subsequent year is hardly worth the reader’s time and effort. This “pearl of wisdom” gets a double whammy as the author also used the way, way, way overused the shopworn phrase, “it’s not a matter of if, but when.”
“DDOS Attacks Will Continue”
(January 2019) - The fact that in 2019, someone would “predict” that distributed denial of service attacks would continue is inexcusable.
While it is certainly fun to look back at these so-called predictions, CISO’s need actionable intelligence to make plans and think about what they may be faced with in the coming year. Granted, there are a lot of good, predictive articles that help CISO’s prepare for the coming year and I looked for the worst-of-the-worst in writing this article.
In an effort for full disclosure, I did some self-reflection and reviewed an article I wrote for CISOBox entitled, “Cyber Security Trends 2018”. Admittedly, I did not follow my own advice and in two instances used the dreaded word, continue. In my defense, these two items referred to newer topics, those being cryptocurrencies and blockchain, and regulatory compliance in the form of General Data Protection Regulation (GDPR) which was to become enforceable in May 2018. Another wrinkle I used in my article was to provide a “confidence level” as a percentage that each item would actually occur.
Well, we all look forward to the coming onslaught of prophetic articles for 2020. Hopefully some of them will yield actionable predictions that will help CISOs protect their organizations.
Share This Article