Predicting the future is a futile exercise but there are some things that never seem to change year after year even though every effort is made by security professionals to raise awareness and reduce the risk. The list below is not unfamiliar to IT administrators and it is really a checklist of those security issues that resurface every year and are never completely dealt with.
1. Organizations will pay greater attention to security And pigs will fly! In spite of a series of security breaches in 2008 and increased awareness on the need to secure data, organizations will not heed the warning signs any more than they did in 2008. The 'it won't happen to me' syndrome will strike again and thousands of records will be put at risk.
2. IT security spending will increase With the world's economy passing through one of the worst recessions since the Depression in 1930, there is little hope that IT security spending will be increased in 2009. Administrators will need to rethink their purchasing strategy and look at more cost-effective solutions. Do more with less, will be this year's mantra.
3. Employees will use IT with greater security awareness A dream, to say the least. Employees will continue to use IT with little regard for security. They remain a serious security threat and the weakest link for any organization. They will still stick passwords to monitors, give out passwords without thinking twice and they will still use their portable devices to copy material.
4. Employees will not fall for phishing and social engineering attacks They may not fall for the boring emails offering immediate millionaire status but try calling the boss's secretary with an excuse that you need to reset her password and could she give it to you over the phone. Cyber crime and identity theft are expected to increase in 2009. You can bet your last dime, they'll be successful.
5. Employees will pay attention to company security policies Fat chance; even more so if those policies restrict their freedom on the network. Most employees don't even know the policies exist, so if the IT manual is still gathering dust on the shelf behind the IT administrator, you can't really blame them. But why bother if they won't listen, you may say. Point made. Point taken.
6. Facebook will be forgotten The only thing that employees will forget is when to start working. Facebook will continue to be a thorn for IT administrators unless they can restrict its usage in the organization. Then again, with all this talk of using social networking as a marketing tool, would you dare restrict access? The upside is you'll get to know who was partying when they should have been in bed nursing a cold.
7. They will not open files from people they don't know It would be the greatest example of naivete if administrators expect users in 2009 to be vigilant and diligent in their handling of email and web downloads. Do you really expect someone to receive an e-card and think 'this may be a security threat, I shall not open'? Wait for that all important support request: 'Something happened to my files, I did not open anything'.
8. Company devices and data will be never be lost again Prepare yourself for the worst. If your organization's employees are using laptops, PDAs, mobile phones and flash drives to do their job, make sure you've implemented encryption at some stage. People have a bad habit of forgetting their laptop on the backseat of their car; their USB stick with thousands of client names on it at the bar (not surprising) and PDAs connected to hot spots without encryption. Lovely!
9. Vulnerabilities and threat vectors will decrease When the perfect operating system appears on the market, you can sit down, put your feet up and enjoy life as an IT administrator. Enough said.
10. You will have an easy life. Sorry to disappoint but 2009 will not be easy. You will be faced with more threats, even more gullible employees, a management team that doesn't understand security and, to top it all, a request to perform miracles with fewer resources, and less cash in hand. Don't you just love your job!
David Kelleher is Communications and Research Analyst at GFI. www.gfi.co.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.