As much as I want to be optimistic about the state of IT security in 2004, I can’t help but think things are going to get worse before they get better. This certainly isn’t for a lack of effort on behalf of enterprise security professionals. But malware writers, vendors and software providers are going to continue to make security an increasingly heinous challenge in the coming year. Meanwhile, legislators will think they’re doing everyone a favor by passing vague, yet demanding security regulations. To start with, we’re going to see more blended threats that (like Blaster) combine malicious code with previously unidentified vulnerabilities. The increasing complexity and quantity of blended threats will keep security pros in reactive mode, making it difficult – if not impossible – to keep up with proactive mitigation techniques that are necessary in order to help secure organizations against other threats like DoS attacks, war driving, insider breaches, etc. In reaction to the multitude of threats against our enterprise and national infrastructures, more regulations dictating security will be handed down. However, the legislation will be written and passed by politicians who keep their passwords on sticky notes under their keyboards. It won’t be clear how organizations are expected to “get secure,” but it will be clear what they can expect if they aren’t secure when a breach occurs. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.