What Security Vendors Said One Year Ago…
I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.
Then, I included Symantec (for which this year I did not find any prediction), McAfee, Trend Micro, Kaspersky, Sophos and Cisco. I included Check Point in a second time and I did not include Fortinet, At that time I missed their five security predictions, which I only discovered later so I decided to provide an addendum for this post including Fortinet as well in order to provide a deeper perspective.
The security predictions for 2011 are summarized in the following chart, which reports what the vendors (with the partial above described exception of Checkpoint) expected for the past year in terms of Information Security trends.
But a strict side-by-side comparison with the 2012 information security predictions (extracted by my previous post) is more helpful and meaningful:
As you may notice mobile threats were on top even among the predictions for 2011. This prediction came easily true most of all for Android which suffered (and keeps on suffering) a huge increase in malware detection samples (even if the overall security risk remains contained). Social Media were on top as well: they have been crucial for the Wind of the Changes blown by the Arab Spring but in the same time Social Media have raised many security concerns for reputation, the so called Social Network Poisoning (who remembers Primoris Era?). Although 2011 was the year of the Anonymous, hacktvism ranked “only” at number 4, behind Advanced Persistent Threats, which however played a crucial role for information security (an APT was deployed for the infamous RSA Breach, but it was not an isolated case).
Also botnets, web threats and application vulnerabilities ranked at the top of Security predictions for last year (and came true). As far as botnets are concerned, fortunately 2011 was a very important year for their shutdown (for instance Hlux/Kelihos, Coreflood, Rustock). In several cases the botnets were taken down thanks to joint operations between private sectors and law enforcement agencies (another prediction came true). On the application side, this prediction came true most of all thanks to the Sony breach, the Liza Moon infection and the huge rate of SQLi based attacks and ASP.NET vulnerabilities. We have also assisted to an hard blow to SSL/TLS and XML Encryption.
But what is more surprising (and amusing) in my opinion is not to emphasize which predictions were correct, but rather to notice which predictions were dramatically wrong: it looks like that, against the predictions, virtualization threats were snubbed by cybercrookers in 2011 (and nearly do not appear in 2012). But the most amusing fact is that no security vendor (among the ones analyzed) was able to predict the collapse of the Certification Authority model thanks most of all to the Comodo and Diginotar Breaches.
- 756,302 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 1-15 April 2014 Cyber Attacks Timeline
- 2013 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- 2013 Cyber Attacks Statistics
- August 2013 Cyber Attacks Statistics
- A (Graphical) World of Botnets and Cyber Attacks
- 1-15 March 2014 Cyber Attacks Timeline
- 2013 Cyber Attacks Statistics (Summary)
- 16-31 March 2014 Cyber Attacks Timeline
- @forensikblog Thanks for the feedback! Much appreciated! Will amend it asap! - 3 hours ago
- In case you missed, here's the 1-15 April 2014 Cyber Attacks Timeline! hackmageddon.com/2014/04/24/1-1… #infosec - 11 hours ago
- 1-15 April 2014 Cyber Attacks Timeline wp.me/p14J6X-2y7 - 18 hours ago
- Analyzing a banking Trojan info.lastline.com/blog/analyzing… - 1 week ago
- Pipeline for a scalable malware analysis process: an interesting take from our very own @marco_cova. Worths reading! info.lastline.com/blog/a-pipelin… - 1 week ago
- 16-31 March 2014 Cyber Attacks Timeline wp.me/p14J6X-2y0 - 1 week ago
- RT @lastlineinc: Lastline co-founder Engin Kirda presents "Evasive Malware Attacks" at NY Information Security Meetup http://t.co/pcoZnspu1l - 2 weeks ago
- WatchGuard Uses Lastline's Cloud Based Sandbox to Combat APTs info.lastline.com/blog/watchguar… - 3 weeks ago
- @kf916 For the moment only the timelines. I am very busy. Hope to republish the charts quite soon - 3 weeks ago
- @lastlineinc is present at #ROOMn2014, visit our booth and discover how you can protect your organization from mobile advanced threats - 3 weeks ago