The Top Five Security Predictions for 2010

"Everybody talks about the weather, but nobody does anything about it" - the same might seem to be the case for security. While many of us do quite a bit regarding information security and network security, we may feel like those near us never quite do enough. So, some of my predictions for 2010 may seem like repeats of 2009.

Compare these predictions with my article on the top security risks of 2009 to see which dangers I believe will persist, and how although risks metamorphose over time regarding the specifics and details, the core categories of risk persist. Will the most notable security incidents of 2009 have repeats in 2010? As more and more aspects of our lives become Internet-enabled, and connectivity reaches every walk of life, elements of risk find new niches. Old vulnerabilities reemerge with renewed vigor. Here are my top five predictions for 2010:

The disparity of incomes and opportunities for quick, high-reward (despite high risk) turnarounds will make identity thieves a continuing threat in 2010. They will simply continue to attack "soft" targets and naive, new users of systems. Switching to European-style credit and debit cards that have additional theft protection built in to the cards would be a help, but is there enough pressure on the issuers?

I expect to see some impressive hacks of the mobile platforms. With the proliferation of what are essentially handheld computers for phones, and the rapid increase in numerous applications available almost instantly, there will surely be some clever exploits built that take advantage of the new power and connectivity.

With a recent theft of account numbers being one of the largest in history, following on the heels of several other record-breaking thefts over the last year and a half, all we can hope for is that the surely soon to come next mega-theft won't be as large as the last. Credit card issuers, merchants, processors and businesses have not truly taken the challenges to task and made real strides. Until they do, the problems will persist.

For the current big players and potential newcomers to the social networking scene, the potential for abuse remains high. Perhaps the current pending lawsuit against Facebook in California will force a change in how personal data is collected and used by the social networking providers. Perhaps not. We can still expect some sort of big social networking security event in 2010.

Despite the ever more thorough and in-depth testing of Microsoft of their operating system, the only means to discover the vulnerabilities that exist in the "real world" is to expose the product to the real world. Increasingly larger pools of beta testers, longer test cycles, and improved coding techniques help, but with every new feature and capability comes a new potential set of vulnerabilities.

Hey, they're only predictions. I don't have a crystal ball, or a massive mega-variable Internet simulator running an advanced security risk analysis engine (although that would be really cool). If we follow best practices and remain vigilant the worst won't happen to us.