Cybersecurity Will Reach New Heights; Security Risk Expected To Be Reduced by 2020

LONDON, April 28.  While online business transactions and consumer use of the Internet are continuing to increase dramatically, cybersecurity breaches are starting to level off, and in the next 10 years security protection will become more effective and widespread as organizations band together to fight cybercrime.

That assessment was made Wednesday (April 28) by Verizon's top Internet security expert, Peter Tippett. Speaking at the Infosecurity Europe trade show in London, Tippett, vice president of technology and innovation at Verizon, said: "While we can never fully forecast the future, we certainly have a good glimpse into what security will be like 10 years from now, based on all the data we have amassed over the last several years for our Data Breach Investigations Reports. For starters, we know successful security breaches are leveling off, and that means we are headed in the right direction as organizations band together to fight cybercrime. By 2020, we expect life to be notably better for cyber users."

Tippett provided his top 10 predictions for the next decade in information security:
  1. Security will be more measured and more scientific. While generally
     more effective, it may also become more mundane, similar to how
     industrial safety and quality control are seen today.
  2. The long-standing "lack of security data" problem will lessen. More
     data will be available to more people. Standard, unified methods of
     collecting, analyzing and reporting data breaches will become
     commonplace. This, combined with the new dominance of worldwide breach
     notification requirements, will tend to drive better controls and
     better understanding of the threatscape.
  3. Something will happen that will force users to make more important
     decisions about the way they use the Internet. There will be a
     large-scale consumer "vote" on whether we value privacy or personal
     transparency.
  4. Identity will become ubiquitous and simple for everyone.  Anonymity
     will be possible, but the normal method of interacting with banks,
     health care, our workplace and other high-trust systems will include
     high-grade, "second factor" identity operating as the norm.  The user
     experience will be easier than it is today.  The dozens of passwords
     that each of us net users has today will be reduced to two to three
     identities that are easy and intuitive.
  5. Since human adversaries and not just industrial accidents and product
     defects are involved, the threat landscape will continue to evolve.
     Things will emerge that we haven't thought of yet and organizations
     will need to devise new ways to beat the cyber criminals (then the
     process will repeat). But all in all, the overall security climate will
     get better.
  6. The use of reputation systems, and the large-scale use of end-user,
     network, and other reputational data, will be coupled with numerous
     forms of automation that will help users to avoid websites, e-mail and
     IP addresses with malicious content, or which have been recently
     involved in malicious activities.
  7. Numerous security services will become part of the "cloud."   Many of
     the basics will be included "in the pipe." It will be both possible and
     common to be able to use both wired and wireless forms of connectivity
     that include common security functionality such as e-mail spam,
     anti-virus and similar filtering, Web proxies, firewall, IDS/ IPS,
     Denial of Service, and other "reputational" technologies.  Together, a
     larger segment of the population will be protected with these basics;
     they will be less expensive, more pervasive and more comprehensive.
  8. Mobile platforms will dominate end-user interaction with the Internet.
     Though mobility will invite malicious activity to be directed at mobile
     devices, users will generally gravitate toward platforms with better
     security and content with some software pre-testing or restrictions
     over platforms that are totally open and unrestricted.  These controls
     will come from wireless, and some content, providers and will make
     malicious software less likely to succeed, which will contribute to
     decreased computer crime.
  9. Software-as-a Service (SaaS) and numerous, diverse cloud services will
     dominate the software, storage and compute-platform delivery models.
     Successful providers of these cloud and SaaS services will inherently
     provide better security features and controls than our current plethora
     of diverse and individually deployed enterprise systems.
  10. Prosecution of computer criminals will increase over most of the
      decade.  Better laws, logging and other evidence preservation,
      forensics capabilities, cooperation between worldwide law enforcement,
      and stronger, more ubiquitous and diverse electronic identity will all
      drive more arrests and more jail time for those convicted of
      cybercrimes.

Tippett concluded: "In general, cyberthreats will become less and less risky as the decade unfolds. With stronger and more ubiquitous measures in place, we will see a significant decrease in e-mail spam, identity theft and much of the computer crime as we know it today. And those cyberattacks that continue will change in character to fewer, more targeted attacks."