It's hard to believe that 2009 is already here. It hardly seems possible. I have, as I'm sure most of you have as well, been doing a lot of thinking about what the New Year will bring. What will be the new threat for the security professional in the upcoming year? The SSL MD5 issue is one that will surely make the new year interesting. I know that you're supposed to bring the New Year in with a bang, but that is certainly one we could have all done without.
SANS Technology Institute has posted a nice compilation of what challenges the security community will face. I would like to focus this compilation on what you think the threat will be. Coming from a military background, I hold to the belief that you have to know your enemy and the tactics they will use. You cannot defend against what you don't know and you can't afford to sit idle till something happens.
I'll start first will a couple of predictions for 2009. I believe we will continue to see an increase in targeted attacks. It has proven too lucrative, to the attackers, to get and keep a foothold in an organization. I think the delivery mechanism of the targeted attacks (usually via email) will have to be adjusted since people are becoming more aware and technology to filter email is getting better. I also believe that we will start to see more of a convergence of threats/attacks in the cyber world and their impact with the real world. We are networking everything and that is not going to be without ramifications. I have a presentation on the concept I did at SANSFire a couple of years ago if anyone is interested.
If you're willing to drop us a note with your threat predictions for 2009, please do. We'll compile them and post those we receive permission to post. It'll be interesting to see what everyone thinks 2009 will bring!
Jan 2nd 2009
1 decade ago