bCentral Home >
Security Bulletins
Old Bore's Almanac: Predictions for 2006
What does the crystal ball reveal?
By Matthew Stibbe
The end of the year is nearly upon us, and rather than look back at problems that have already occurred, I thought I would look forward to the coming year
I read an article in The New Yorker (that well-known security journal) which stated that the "the accuracy of an expert's predictions actually has an inverse relationship to his or her self-confidence, renown, and, beyond a certain point, depth of knowledge."
What I mean is: you shouldn't take these 'predictions' too seriously. Let's get the bad news out of the way first.
Things to worry about
• | Brace yourself: we'll see the first serious cyber-terrorist incident in the next twelve months. Three possible scenarios: Chinese hackers disrupt the banking system in Taiwan and their stock market closes for three days; an oil or gas control system is attacked in the Middle East, causing a refinery or pipeline pumping station to stop working; animal rights protesters use a combination of hacking, social engineering and custom viruses to attack a laboratory and its staff. |
• | In the UK, we'll see the first mass theft of identities using electronic attack - for example, an insider job in a call centre. The criminals will use the stolen credit card information along with personal data such as birthdays to make millions before they are caught. |
• | Someone will sue Wikipedia or a similar collaborative website over the publication of false information. Until recently, companies have had to worry about the damage that bloggers, for example, can do to their reputations. Increasingly, however, this is become a concern for individuals. An example is the online Wikipedia 'biography' of retired John Seigenthaler which falsely implicated him in the assassination of President Kennedy, as reported recently in The Register |
• | A virus will appear that combines a zero-day exploit (i.e. no-one will see it coming) with a malicious payload - something that destroys your data or takes it hostage. |
• | Virus-writing toolkits will become so easy to use that it will be possible to download a tool from the internet and create your own with no technical skill at all. This will cause the number of known viruses to increase exponentially. To some extent this has already happened. |
Reasons to be cheerful
• | The government will pull a U-turn on identity cards as the projected costs rise, opposition mounts and the likely value of the cards is called into question. |
• | Incremental improvements in security - better equipped new PCs, stronger action by internet service providers, government action like Get Safe Online and so on - will mean that the majority of people will be better protected and more safety-conscious next year. |
• | 2006 will be the year of Voice-over-IP (VoIP) or internet telephony. Watch Google and eBay integrate it into their services. On the one hand, we can all get free or very cheap phone calls; but on the other hand, so can the spammers. At some point in 2006 someone will coin an expression for spam over VoIP. |
• | Email encryption will become more widespread. This will in part be a response to the growing problem of spam - people will want to be sure that their business email isn't mistaken for junk emails - and partly it will be driven by regulation such as the Data Protection Act. I think it will start with multinationals next year and percolate down their supply chain over the rest of the decade. |
So it's not all gloom and doom, after all. From me and everyone at bCentral: have a happy holiday and a safe and successful new year.