I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.
Then, I included Symantec (for which this year I did not find any prediction), McAfee, Trend Micro, Kaspersky, Sophos and Cisco. I included Check Point in a second time and I did not include Fortinet, At that time I missed their five security predictions, which I only discovered later so I decided to provide an addendum for this post including Fortinet as well in order to provide a deeper perspective.
The security predictions for 2011 are summarized in the following chart, which reports what the vendors (with the partial above described exception of Checkpoint) expected for the past year in terms of Information Security trends.
But a strict side-by-side comparison with the 2012 information security predictions (extracted by my previous post) is more helpful and meaningful:
As you may notice mobile threats were on top even among the predictions for 2011. This prediction came easily true most of all for Android which suffered (and keeps on suffering) a huge increase in malware detection samples (even if the overall security risk remains contained). Social Media were on top as well: they have been crucial for the Wind of the Changes blown by the Arab Spring but in the same time Social Media have raised many security concerns for reputation, the so called Social Network Poisoning (who remembers Primoris Era?). Although 2011 was the year of the Anonymous, hacktvism ranked “only” at number 4, behind Advanced Persistent Threats, which however played a crucial role for information security (an APT was deployed for the infamous RSA Breach, but it was not an isolated case).
Also botnets, web threats and application vulnerabilities ranked at the top of Security predictions for last year (and came true). As far as botnets are concerned, fortunately 2011 was a very important year for their shutdown (for instance Hlux/Kelihos, Coreflood, Rustock). In several cases the botnets were taken down thanks to joint operations between private sectors and law enforcement agencies (another prediction came true). On the application side, this prediction came true most of all thanks to the Sony breach, the Liza Moon infection and the huge rate of SQLi based attacks and ASP.NET vulnerabilities. We have also assisted to an hard blow to SSL/TLS and XML Encryption.
But what is more surprising (and amusing) in my opinion is not to emphasize which predictions were correct, but rather to notice which predictions were dramatically wrong: it looks like that, against the predictions, virtualization threats were snubbed by cybercrookers in 2011 (and nearly do not appear in 2012). But the most amusing fact is that no security vendor (among the ones analyzed) was able to predict the collapse of the Certification Authority model thanks most of all to the Comodo and Diginotar Breaches.
- 855,451 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 1-15 July 2014 Cyber Attacks Timeline
- 2014 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- A (Graphical) World of Botnets and Cyber Attacks
- 2013 Cyber Attacks Statistics (Summary)
- 2013 Cyber Attacks Statistics
- 1-15 June 2014 Cyber Attacks Timeline
- Next Generation Firewalls and Web Applications Firewall Q&A
- One Year Of Android Malware (Full List)
- P.F. Chang's incident calls for updating payments tech lnkd.in/dQpjRE8 - 20 hours ago
- @artbyalida @thepacketrat he did the same one week ago for CNET… - 21 hours ago
- WSJ website hacked, data offered for 1 bitcoin -> Here's a cyber attack that will be included in the next timeline: arstechnica.com/security/2014/… - 21 hours ago
- @HP TippingPoint and @lastlineinc team up to offer advanced network protection h30499.www3.hp.com/t5/HP-Security… - 21 hours ago
- Without a good Italian espresso it's impossible to build cutting-edge technology! http://t.co/GZTZFXktsc - 1 day ago
- @lastlineinc recognized by CRN as a 2014 Emerging Vendor | Business Wire businesswire.com/news/home/2014… - 2 days ago
- 1-15 July 2014 Cyber Attacks Timeline #Infosec #Cyberattacks wp.me/p14J6X-2D9 - 3 days ago
- @ckreibich same test worked with an @A10Networks SSL inspector: malicious files downloaded through an https connection perfectly detected! - 1 week ago
- RT @lastlineinc: 'Cloud malware analysis a must-have for advanced threat protection' @TechTarget bit.ly/W70Opa http://t.co/ji5qWtt… - 1 week ago
- RT @cedricpernet: We are proud to be the first french guys to release a white paper about an #APT group :) ow.ly/z2fzL #cybercri… - 1 week ago