As natural philosopher and onetime baseball catcher Yogi Berra reportedly said: "It's tough to make predictions, especially about the future."
But that doesn't mean people and organizations don't try -- for good reason. In the world of business, correctly seeing the future even a few months out can provide a leg up on the competition or, in the case of cybersecurity, on ever-present attackers. A missed guess can leave one scrambling to catch up.
So, herewith are some predictions for 2015 on security from research firms Gartner and Forrester Research, and from Arthur W. Coviello Jr., executive chairman of RSA.
Nation states vs. private sector
(Coviello) Nation-state cyber-attacks will continue to evolve and accelerate but the damage will be increasingly borne by the private sector.
"With no one actively working on the development of acceptable norms of digital behavior ... we can expect this covert digital warfare to continue," Coviello said. And it will increasingly be private sector firms that will be, "the intended victim or the unwitting pawn in an attack on other companies."
The rise of integrated threat intelligence
(Gartner) Internet of Things (IoT) device revenue growth of almost 30% will create new vulnerabilities and security demands relating to both physical and digital environments. The expected convergence of IoT security and information security technologies, along with increased regulatory activity directed at protecting critical infrastructure, will drive demand for integrated threat intelligence capabilities, including IoT-related threat data feeds.
More money, much more scrutiny
(Forrester) Security budgets will see double-digit growth in sectors outside of banking and the defense industrial base.
The downside to those increases will be an enormous amount of scrutiny and much higher expectations, not just from business leaders and counterparts in technology management, but also from customers, government agencies, and privacy watchdog groups.
The quest for a uniform threat language
(Gartner) The drive toward a common framework adopting a uniform language, such as Structured Threat Information Expression, will accelerate as a result of the complexity and challenges brought by the need to integrate IoT security data inputs for indicator of compromise (IOC) detection.
(Coviello) A maturing privacy debate will become more pragmatic and balanced. Prospects for responsible privacy policies and intelligence sharing legislation that would better protect our privacy may improve. One test of this prediction will be the outcome of the EU General Data Protection Regulation, which may reach a final form in 2015.
More billions of things, more billions of risks
(Gartner) 4.9 billion connected things will be in use in 2015, up 30% from 2014, creating disruption, continued opportunities and continued risk.
"Organizations must straddle the tension of all the information available from smart things by balancing their desire to collect and analyze it with the risk of its loss or misuse," according to Steve Prentice, vice president and Gartner Fellow.
Find the breach, botch the response
(Forrester) With new investments in breach detection, a large majority of companies (60%) will discover a breach, or more likely be informed of it by a third party like a government agency, security blogger or a customer.
But they will likely botch the response, given that only 21% of enterprises report that improving incident response is a critical priority. That means more cases of customers' trust undermined or corporate reputations dragged through the mud.
(Coviello) While retail will remain an ongoing target, well-organized cyber criminals will increasingly turn their attention to stealing PHI -- personal health information. It is not as well secured, is very lucrative to monetize in the cybercrime economy, and is largely held by organizations without the means to defend against sophisticated attacks -- healthcare providers.
Competing on privacy
(Forrester) Privacy will be a competitive differentiator, not just through lip service, but action -- appropriate privacy policies, enforcement and building privacy considerations into business operations and the products or services offered to customers.
That will require the leadership of a privacy champion -- a Chief Privacy Officer, Data Protection Officer, or privacy professional. Today, about a third of security decision-makers in North America and Europe view privacy as a competitive differentiator. That will increase to half by the end of 2015.
The essential, more secure, mobile payment option
(Gartner) A renewed interest in mobile payment will arise, together with a significant increase in mobile commerce, due in part to the increased security features of Apple Pay and similar near-field communication (NFC) efforts by competitors such as Google.
As device manufacturers and application developers improve usability and functionality and address users' security concerns, devices will become even more of an essential tool for customers, particularly the younger demographics.
Beware the Botnet of Things
(Coviello) The increase of machine-to-human and machine-to-machine interaction will only exacerbate the situation described in a tweet this past year as: "Who needs zero days when you've got stupid?" Get ready for the Botnet of Things. This trend along with the strong growth of IoT in the healthcare sector and the accompanying risks to PHI, has ominous implications.