Jon is the CTO and founder of PGP Corp. He is an acknowledged expert in all major aspects of contemporary business security, including cryptography, operating system security, public key infrastructure and intellectual property rights. As a contributing expert for SearchSecurity, Jon answers your cryptography questions. Send Jon your questions or comments on his predictions via our Ask the Expert feature.
Computer security is a remarkably slow-moving discipline. Things don't change all that fast. Consequently, my predictions for this year are going to resemble my predictions for last year. However, there is nonetheless change.
- There will be a major worm/virus/whatever outbreak. It will be severely annoying. (For example, last year, there was SoBig, Blaster, and so on. SoBig took up most of a month's work for one friend of mine. This is severely annoying.) If people patched their systems regularly, it wouldn't be an issue. People who do patch their system won't have a problem. People who use other (non-MS) systems won't have a problem, either.
- A combination of laws and customs will push companies and organizations towards more security, but it will still take longer than anyone would like. Budgets don't grow on trees, and "best effort" will still be not very good.
- Security concerns are going to be further distracted by dealing with spam. The problem is that spam gets emotional reactions from everyone who gets it. The emotional reaction blinds people to the real issues. More ridiculous schemes have been thought up to fight spam than terrorism. Otherwise-sane people suggest solutions that are as draconian as they are unworkable. We'll see more of them.
- We will, however, start to see some real progress made. We may not be able to tell it until the year after next, or perhaps the one after that, but I think we'll see the security situation bottom out -- if not actually improve.
This was first published in December 2003