ComputerWorld paints a wonderfully gloomy picture of an IT security meltdown and a complete redirection of current security practises (or lack of them):
Predictions: A Web services security breach will wreck the supply chain. And stolen fingerprints or eye scans will thwart biometric systems.
Bye-Bye Incompetents
The fakers, charlatans and incompetents will be purged from the IT security industry. In three years, 40% of the current gaggle of alleged security professionals will leave the industry—some to other professions, many to prison for egregious misrepresentation of their skills.
XML Catastrophe
In the next two years, there will be a major XML Web services security breach. The consequences will be much more severe than the defaced Web sites and stolen credit cards that caused mostly embarrassment in the early days of e-commerce. Instead, automated production lines will grind to a halt, company bank accounts will be emptied, 100-company-long supply chains will break, and the most proprietary corporate data may be disclosed.
Surgical Strikes
Three or four years ago, hackers were taking a haphazard, shotgun approach to Internet attacks, but now they’re using their tools to penetrate very specific and lucrative targets, especially enterprise networks containing valuable intellectual property. These highly targeted attacks are on the rise, each one more intelligent and harmful than the last. By 2005, targeted attacks will account for more than 75% of corporate financial losses from IT security breaches.
Stolen Fingerprints
Biometrics is perceived as the ultimate in security, but what does somebody do once their bioprint is stolen? Within three years, hackers will have all sorts of scanned fingerprints, retinal patterns, etc., and these will be used to bypass biometric network security. When your credit card is stolen, you phone Visa and have a new card issued. When your bioprint is stolen, do you call God and ask for a new set of fingerprints or eyes?
Firing the Clueless
P.T. Barnum knew that a sucker was born every minute. Since most cyber risk is directly attributable to insider activity, including the social engineering of digital dullards, a renewed focus on background checks is necessary. The chief security officer of the future, working with the HR chief, is going to find and fire digital “suckers” before their dimness puts the enterprise at risk.
There is more. Go and get scared… I am.
Gabriel,
I am as anxious and angry as you are but a part of me is almost dolefully resigned to the thought that only some sort of catastrophic collapse will put a stop Blunkett’s madness.
No, it shouldn’t have to come to this.