‘What 2 things are most likely to change the security industry in the next 2 years? And why?’
1. Spying Revelations.
Although it comes to no surprise to many that spying agencies… well, spy, I think seeing it in black-and-white and seeing the extent of it will have some change on the security industry. Snowden’s leaks have prompted many in the industry to question the technologies they rely on a daily basis to provide security. Security professionals are the paranoid type anyway and I’m pretty sure they questioned this before, but now their paranoia can be justified. You can see evidence of the changes already taking place. Projects such as ‘IsTrueCryptAuditedYet?’ which plans to conduct a security audit of the popular Open Source encryption software, TrueCrypt, and Google taking steps to encrypt communications between their data centers are among many of the positive changes already taking place.
We may tighten our defences, we may question what we may not have questioned before, but the truth is the spy agencies have a huge budget and incentive to break whatever defences we may come up with. The only real long term change is probably political.
2. Security Awareness.
Many will say that the security industry is an echo chamber, our message rarely gets to the right people. This may be true to an extent but I believe information security has never been more in the spotlight than it is today, and I believe this will only increase. Almost daily there is a news story on a main stream news channel about hacker groups, security breaches, spy agencies and electronic warfare. They may sometimes exaggerate and let their imaginations run wild, but at the same time they are raising awareness of the importance of information security. With this increased awareness we can only hope that security is taken more seriously by business and government in an effort to protect our data.
Ryan Dewhurst | RandomStorm | Security Engineer | @ethicalhack3r
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.