There’s very little to argue with here, but other than the World Cup, Microsoft’s top security predictions for 2014 could easily be a list for 2013 or even 2015. Usually lists like Microsoft’s 2014 top security predictions make me painfully aware of how little progress the security industry makes as time rolls on, said security expert Ken Pickering.
In a blog post entitled, “Top Cyber Threat Prediction for 2014,” Redmond’s Tim Rains, a director of Trustworthy Computing, offered a glimpse into the future as his company sees it — with a little help from his companions.
Before we get into the list, we asked Ken Pickering, director of engineering, CORE Security, for his review of Microsoft’s predictions. He told us there’s very little to argue with here, but other than the World Cup, this could easily be a list for 2013 or even 2015.
“It’s like tracking the delta of the OWASP Top Ten over the years. How often does something have to surface as an issue before the industry takes it seriously and actually fixes the problem?” he asked. “Usually these sorts of lists make me painfully aware of how little progress the security industry makes as time rolls on.”
Cyber security Regulatory Efforts Will Spark Greater Need for Harmonization
Paul Nicholas, a senior director of Global Security Strategy for Microsoft’s Trustworthy Computing, predicts the U.S. government will release its Cyber security Framework and this will begin a more detailed conversation between what can be accomplished by leveraging voluntary efforts, standards and tailored regulatory actions.
“Similarly, the directive on Network and Information Security (NIS) discussions in the European Union (E.U.) will continue to evolve and examine how to improve security, including raising more detailed discussions of incident reporting. The U.S. and E.U. efforts will not happen in isolation,” he said. “It will be important to ensure that we do not end up with hundreds of different approaches to cyber security. This type of approach would begin to erode the base of the global ICT industry. In 2014, I predict that policy makers, private sector companies and vendors of all sizes will begin to see the imperative for harmonization and begin to align risk-based approaches to managing cyber security.”
Service-Impacting Interruptions for Online Services Will Persist
David Bills, a chief reliability strategist at Microsoft’s Trustworthy Computing, said online services across the industry and around the world have experienced service disruptions during the past year.
“I expect this trend to continue. Cloud service providers adopting contemporary resilience-enhancing engineering practices like failure mode and effects analysis and programmatic fault injection can help to reduce this trend,” he said. “The adoption of practices such as these will help to effectively address the persistent reliability-related device failures, imperfections in software being triggered by environmental change and mistakes made by human beings while administering those services.”
Microsoft is giving the security world a sneak peak of what it thinks will be the biggest threats in 2014.