Sunday, 31 January 2016

The "prediction" frenzy for 2016 in CyberSecurity and the Black Swan effect

The past few days, a number of articles have hit the web, which have as their main subject the attempt to predict emerging threats for 2016. Moreover, numerous webinars and discussion panels are being organized, mainly to express an opinion on these claimed predictions. I would like to share with the readers of my blog that this “prediction” frenzy is happening for a very specific underlying reason. 
The information security industry and more specifically the vendors, attempt to shift their value proposition once more in 2016, and make it the year of “predicting” attacks, initially from detection to prevention, and now to prediction. This is going to be the InfoSec buzzword for this coming year. 

Detection > Prevention >  Prediction 

It is sometimes annoying to see that some industry professionals (especially tied to specific vendors, as a publicity stand for quick profit) discuss/present such ideas as novel, when in reality researchers, especially in academia, have worked upon the evolution of threat assessment, and detection, many years back. Several PhD theses have been written on how intrusion detection will evolve, and even more on how unification of networkevents will address the problem of managing the vast amounts of information generated (later called “Big Data”). Also, how prevention can be effective across different geographic locations, how will this lead to “Threat Intelligence” needs, by sharing attack patterns across heterogeneous systems in real-time (including IoT), and what are the realistic expectations for predicting cyber threats, based on the abstraction of network events, and the behavioural analysis of cyber-criminals, and trends in cybercrime.

As an example, the “stuxnet scenario” was already a plausible scenario for most security researchers since 2007. For many security researchers "stuxnet" became yet another “black swan” story, where it was simply a totally plausible attack scenario waiting to happen. 

The term “black swan”: was common in sixteenth century London. Everyone knew swans were white, and black swans presumably did not exist, so the term came to mean something farfetched, not real. However, in 1636, a Dutch explorer discovered nomadic, red-billed black swans in Western Australia. All of a sudden, black swans were no longer an impossibility, and the meaning of the term changed from something farfetched to something once thought of as farfetched, but now known as reality. Today, there is a well-known species of black swans. All it took was one black swan to change people’s minds forever. (see:

The main point to be made is that the Information Security community has some very bright people who are conducting real information security and information assurance research, write scientific papers and publish their findings based on experimentation, facts and more specifically collaboration. Their opinions and findings are justified based on many eligible sources, have developed proof-of-concept software and benchmarking experiments, which provide a deep knowledge and understanding of the information security shifts and trends. Their research based contribution allows the industry to envision the future of Cyber Security, extensively and from different aspects. 

The industry should finally understand the value of the young security professionals, especially when originating from this specialised background in information security. Do not be surprised to find out that an information security post-graduate, with even little experience in ethical hacking, secure coding and fresh ideas, could be more valuable to a business when it comes to ensuring its overall security posture, compared to a senior manager with a business administration background, that might have twenty years of experience in signing-off projects, handling budgets and “manipulating/managing” people. 

You might disagree with the above statement, but it must become clear that technology, and most specifically the information security landscape and its threats, are evolving too fast. It is almost impossible to expect one person to follow that evolution to its full extend over a large period of time. The industry is in need of young people, that have been trained specifically in the information security arena, to be allowed to come in and fill this constantly evolving technology gap. 

Sometimes, these "senior managers" feel threatened by the young professionals for having a far more up-to-date knowledge base, better understanding of the emerging threats, an appetite for facing challenges and experience with the latest tools and techniques. The answer for defending against the fast evolving threat landscape is collaboration by bridging experience and up-to-date knowledge. Merging experience with knowledge and a targeted skills set will not only provide a better understanding of "predicting" (anticipating / forward looking) emerging threats but will also become the enabler for a defence-in-depth stance. 

No comments:

Post a Comment