Around this time of year, when the bubbly Spring Carnival subsides and the turf clubs take stock of another season of thundering hooves, gambling tendencies shift from the track to other pursuits like cricket. In the IT industry, a similar migration also takes place as the punters’ attention turns from the relentless product launch rumours to yearly reviews and previews, especially in the security space.
It is not only the respective independent analyst firms that role out a line-up of their forecast hottest technologies – Gartner, for example, has already done this. Security vendors will gladly offer their thoughts on the coming year’s form too. It’s called the predictions game.
How much of it can be trusted as a legitimate guide to the realities of the industry and the true threats faced by users and IT administrators, is open to debate. On the other hand, and just to blur the form guide a little more, many security firms don’t always openly discuss the biggest threats of the day and the strategies they plan to take. Why would you telegraph your intentions to those who aim to hurt you or your clients?
Marshal vice-president Asia-Pacific, Jeremy Hulse, said: “I think there is always a semblance of accuracy with the predictions that are sent through, especially in the security space. It is more relevant because predictions are a great asset to malicious attackers – they can see where areas to avoid to a certain extent are. It doesn’t mean predictions are always done very well.”
Thankfully, in 2008, the industry was largely on the money.
The 2008 wrap
The predictions for 2008 were generally based on the threat landscape and the potential attacks to be launched. First out of the gates and arguably the most talked about in the press were the evolution of malware and the increasing use of websites as the attack vector of choice.
Kaspersky senior security researcher, Alex Gostev, said malware was accurately predicted to change from single applications to complex commercial projects.
“Alas, we were right,” he said. “Such criminal projects as Sinowal, Rustock and others came to life in 2008, becoming a sad proof of our words.”
Kaspersky’s forecast for the number of malware was also bold. In 2007, it found 2.2 million new malicious programs and suggested that would grow 10-fold in 2008. While the final number for this year wasn’t exactly spot on, it still hit an alarming 15 million samples.
Sophos, meanwhile, claimed there were 15,000 malicious sites appearing daily.