Security review: Good riddance to 2009

Botnsts, encryption, mobile security, compliance created key challenges in 2009

Looking back at 2009, I'm sure I will not be alone in celebrating the end of the year with gusto. 2009 was a difficult year for most, with a slow recovery and challenging business conditions. Let's see how I did predicting security trends in 2009.

Looking back at 2009, I'm sure I will not be alone in celebrating the end of the year with gusto. 2009 was a difficult year for most, with a slow recovery and challenging business conditions. Let's see how I did predicting security trends in 2009:

Host-based security. I predicted that host-based security would rise in importance with the release of Windows 7. It is still too early to tell if Windows 7 will shift the discussion in security, but so far this prediction has not come true. Perhaps it represented wishful thinking.

11 security companies to watch

Mobile security concerns and solutions grow. I predicted the emergence of a trojan on a mobile platform and the increased importance of security for mobiles. The iPhone worm and other security incidents validate this prediction.

Encryption grows. At-rest encryption did in fact grow, coming as standard in most desktop operating systems and being widely adopted by companies as a default policy. E-mail encryption is still a challenge, according to last year's prediction. I'll count this one as a successful prediction

No news is bad news. While no new major malware outbreaks made huge headlines, the silent spread of stealthy keyloggers, trojans and botnets continued. As predicted, more computers fell prey to these silent threats while the lack of headlines is broadly and incorrectly seen as "success" against malware.

New botnets are discovered and they're bigger than ever. Fortunately, my prediction was correct but incomplete. Not only were several major botnets discovered in 2009, but a few of them were dismantled with security firm and law enforcement action, leading to measurable (though temporary) decreases in spam.

Regulatory compliance is back with a vengeance. I thought by now we would have a couple of mega-regulations to complement the Sarbane-Oxley Act. Other than the strengthening of the Health Insurance Portability and Accountability Act under the stimulus and Electronic Health Record initiatives, regulatory compliance did not explode. However, this prediction is only off by a matter of months. It will be carried into 2010, with a high likelihood because many regulatory schemes are moving through committees in both the House and the Senate. 

Security projects struggle for funding. IT professionals told us throughout 2009 that projects needed demonstrable ROI to get funding. The only exceptions were projects driven by compliance, as predicted.

I think I can count 5 out of 7 as correctly predicted, so onwards to 2010.

It can't arrive soon enough.

Learn more about this topic

On botnets, encryption and mega-worms: Security predictions for 2009

Risk and Reward

20 useful IT security Web sites

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies