Home / Blogs

A Cynic's View of 2015 Security Predictions - Part 2

Gunter Ollmann

Every year those in the security industry are bombarded with various cyber security predictions. There's the good, the bad and the ugly. Some predictions are fairly ground breaking, while others are just recycled from previous years — that's allowed of course if the threats still stand.

In part one of my predictions I looked at the malware threats, so let's take a look at big data and the cloud for part two.

The predictions made by the security community for 2015 related to "big data" and "cloud" were common — but notable for their lack of detail. It's almost like unwilling commentators were told to come up with a top-five or top-ten predictions for the year and that they must include something about both of them.

The term big data has been adopted with a voracious appetite by vendor marketing teams. Five years ago as you trudged around the annual RSA USA event halls you'll have encountered only a handful of vendors offering specialized enterprise-level security solutions. In 2014 it was difficult to find a vendor booth that didn't mention it (albeit with little understanding of what it meant in reality).

As far as predictions for big data went, the common perspective was that big data will become more important, that the existing Security Information and Event Management (SIEM) market will have to reinvent itself in light of the overwhelming volume of data, and that machine learning was the key to extracting value of the caches of security logs now being collected.

Is big data a cure?

A lot of people are placing large bets on big data being a cure for many of the threats we face today. There's almost a religious fervour to the movement as new companies and products are springing up on what appears to be a weekly basis. A sizable fraction of the newest and most interesting companies have been spawned out of university incubators and are backed by an entourage of recent PhD candidates along with their latest machine learning papers.

Adding scientific rigor to the process of combating cyber threats is good news, but only a handful will manage to survive the next couple of years. We can hope that the best ideas and most successful inventions will be acquired and absorbed in to the suites of the larger vendors — because there is little scope for the majority of enterprise security teams to deploy and manage these complex widgets independently.

Looking to the future

When people discuss big data they cannot help but cluster it with discussions of 'the cloud'. In many ways the cloud has attained a degree of mysticism that even a technophobe could appreciate. The cloud is infinite; everything will be alright in the cloud (hmm).

Predictions for the cloud in 2015 can be best summed up as, "It'll get hacked". Well, to be more precise, at least one of the major cloud providers will be hacked and woe behold anyone who's dependent upon the cloud to host their business.

Now, as predictions go, it's worth pointing out that for all the reasons legitimate businesses move operations and tasks to the cloud, so too have the bad guys. Ergo the cloud is already a hotbed for hacking — both as a target and as a source.

If the predictions were more specific — such as a major cloud provider will be hacked and all the data of their customers will be irretrievably lost — then I'd have to say that is highly unlikely.

The caveat being that, as a business operating within the major cloud provider, your own hacked credentials weren't used against you to delete everything (including the backups that you unfortunately also stored in the same cloud). Don't laugh — this has happened numerous times in the past, and several of those businesses no longer exist.

By Gunter Ollmann, Chief Security Officer at Vectra

Related topics: Cloud Computing, Cyberattack, Cybersecurity, Data Center

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum