KEVIN BEAVER, CISSP
As founder and principal consultant of Principle Logic, Kevin has more than 15 years of experience in IT, and he specializes in information security. His areas of expertise include network and messaging security, security assessments and incident response. Send Kevin your questions or comments on his predictions via our Ask the Expert feature.
In 2004, I think the reality of the various government regulations that have cropped up (HIPAA, GLBA, SOX, etc.) will hit home -- at least with the larger companies. I think the smaller companies will start taking things more seriously when the lawsuits start ramping up from people not complying, which could very well be in 2004.
Smaller organizations -- the ones that say they can't afford all the fancy security technologies, policies and procedures -- will continue to get hit hard by malware, disgruntled employees and hackers. Perhaps in 2005 or beyond they'll realize that it takes more common sense than money to secure their systems and maybe, just maybe, we'll see a drop in the ridiculous Code Red, etc. traffic coming from systems that still aren't patched.
Speaking of worms, 2004 might just be the year that the next big worm carries a destructive payload. I'm talking about malware that deletes or steals confidential information, not just takes servers offline. I also believe that people will start seeing the business value of wireless LANs and P2P applications, and start accepting and integrating the technologies into their networks.
Finally, I believe that we're going to start seeing an upswing in proactive vulnerability and penetration testing. The tools are getting much better and much more affordable, and security best practices and general knowledge are becoming more widespread. All of these predictions combined could be the start of something good for the industry and something good for corporate and personal information that should be kept secure.
This was first published in December 2003