The fakers, charlatans and incompetents will be purged from the IT security industry. In three years, 40 per cent of the current gaggle of alleged security professionals will leave the industry -- some to other professions, many to prison for egregious misrepresentation of their skills. By that time, the Department of Homeland Security will have mandated that all IT security professionals must pass a skills certification test run by the US military academies.
- Thornton May, management consultant and futurist.
In the next two years, there will be a major XML Web services security breach. The consequences will be much more severe than the defaced Web sites and stolen credit cards that caused mostly embarrassment in the early days of e-commerce. Instead, automated production lines will grind to a halt, company bank accounts will be emptied, 100-company-long supply chains will break, and the most proprietary corporate data may be disclosed.
- Eugene Kuznetsov, chairman and chief technology officer, DataPower Technology.
Attacks get speedier
As attacks grow more professional in nature, we'll see an even greater increase in the speed of threats. For instance, "flash worms" would operate under the premise that a determined hacker could have obtained a list of all (or almost all) of the servers open to the Internet in advance of the release of the worm. Such an attack could infect all vulnerable servers on the Internet in less than 30 seconds. Protecting against these threats will require new, proactive technologies, including behaviour blocking, anomaly detection and new forms of heuristics.
- Rob Clyde, CTO, Symantec.
Next year, a "sleeper cell" terrorist group will infiltrate the offshore programming industry and be identified as the cause of a widespread worm that will have been injected in the code of a widely used software product.
- Tari Schreider, director of the security practice, Extreme Logic.
New organisational chart
Public and private companies, in large numbers, will merge physical and data security. They'll unify these two independent groups on the organisational chart and convert physical access-control systems from stand-alone systems to network-enabled systems that convert physical access activity into network data. This data about physical access will be correlated with IT activity reports to provide early detection and warning of security breaches.
- Joel Rakow, partner, Tatum Partners.
Three or four years ago, hackers were taking a haphazard, shotgun approach to Internet attacks, but now they're using their tools to penetrate very specific and lucrative targets, especially enterprise networks containing valuable intellectual property. These highly targeted attacks are on the rise, each one more intelligent and harmful than the last. By 2005, targeted attacks will account for more than 75 per cent of corporate financial losses from IT security breaches.
In the next two years, companies will need to build much stronger and more intelligent defences around every network endpoint touching sensitive information, instead of depending on general perimeter security.
- Gregor Freund, CEO, Zone Labs.
Horses and loggers threat
By the end of 2003, Trojan horses and keystroke loggers will overtake viruses as the greatest threat to PC users. We'll see countless malicious attacks each month -- and most will initially go undetected, causing companies to lose millions of dollars. This problem will be made worse by the proliferation of wireless laptops and other mobile devices, which provide hackers with a back door for infiltrating enterprise networks.
- Pete Selda, CEO, WholeSecurity.
Biometrics is perceived as the ultimate in security, but what does somebody do once their bioprint is stolen? Within three years, hackers will have all sorts of scanned fingerprints, retinal patterns, etc., and these will be used to bypass biometric network security. When your credit card is stolen, you phone Visa and have a new card issued. When your bioprint is stolen, do you call God and ask for a new set of fingerprints or eyes?
- Malcolm MacTaggart, president and CEO, CryptoCard.
Behavioural-anomaly-based technology will replace traditional signature-based methods to prevent damage from viruses, worms and Trojan horses over the next three to five years.
- Jeff Platon, senior director of security marketing, Cisco Systems.
Firing the clueless
PT Barnum knew that a sucker was born every minute. Since most cyber risk is directly attributable to insider activity, including the social engineering of digital dullards, a renewed focus on background checks is necessary. The chief security officer of the future, working with the HR chief, is going to find and fire digital "suckers" before their dimness puts the enterprise at risk.
- Thornton May