Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hocus-pocus! The stupidity of cybersecurity predictions

Ira Winkler | Jan. 6, 2016
Security industry prognosticators rely more on marketing, hype, and our own bad memories than any knowledge of security past, present or future.

Ah, but this year, say some prognosticators, we can expect terrorists to target the power grid and other critical infrastructure components. Sure, we can, but that doesn’t make this much of a prediction. In 2008, CBS News reported that terrorists were using one of my old presentations for training on how to take down the power grid. It is also old news that terrorists will use the Internet to communicate with one another. Terrorists began using click fraud as a form of fundraising soon after Google Ads became available.

Trend Micro stated that “a customer-grade smart device failure will be lethal.” That is upsetting, but not news. Various failures have already resulted in deaths, and it can be argued that faulty directions in GPS devices have led to incidents causing deaths. In any event, more people will die from texting while driving. It is of course possible that someone will hack a medical device, such as an insulin pump, causing deaths, but that has been considered a possibility for more than a decade, with a proof of concept performed at the Black Hat conference in 2011. While there has not been a realized case of a medical device being hacked in the real world, I guess if you keep repeating it, it will eventually happen.

Repeating predictions seems to be safe, because nobody remembers failed predictions. And should one of those perennial forecasts ever actually come true, you can bet that the prognosticators will be crowing like roosters.

Why do these trite and useless lists proliferate? The media shares much of the blame. Columnists have to write stories, even during those end-of-year holidays when little in the way of actual tech news is being generated. Meanwhile, vendors’ PR people scramble to get their executives to come up with something, package the crap they come up with, and pitch it to any publication they can think of.

But little of it would get published if readers weren’t fascinated by predictions. Whatever readers click on, we will be given more of. Apparently, people just like to read lists.

But I have a proposal for readers. The next time you see a list of predictions for the coming year, do a search and find an article from a year earlier predicting what would happen in the year just ending. Do that a few times, and you will begin to see just how inane this exercise is, and more important, how much you should really trust these supposed experts and vendors.

For example, here’s one from a year ago in which Kaspersky stated that mobile payment systems would come under attack in 2015. Although there is little doubt that attackers are thinking about such attacks, there were no known attacks against this technology over the last year. If you had read that a year ago, you might have thought it a bold prediction. Reading it now, it’s just lame.

You’re never going to do anything with the predictions you read anyway, so you might as well use last year’s predictions to see just how useful and insightful vendors can be.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.