Cyber predictions are cyclical, predictable

Halloween is over and everybody is now ramping up or engaged with Diwali, Armistice Day, Thanksgiving, Bodhi, Advent, Feast of Immaculate Conception, Winter Solstice and Christmas Day. But not if you are a cyber technologist.

It's time to be inundated by those with the crystal balls, as its Prediction Season

Let's hope those who profess to know more than everyone else, come out and surprise us with something that no one has thought of yet and can force a change of heart into 2024 plans and budgets.

Maybe I'm a sceptic but I think I could hit at least 90% of the major bylines that vendors and analysts will be dishing out.

Why? .........because everything is cyclical

• The cyber criminals are badder than last year.
• Its a bit like washing powder being even whiter than the last products' whiteness.
• New malware families will utilise AI to bypass security tools
• Why is this a surprise. Commercial organisation's use AI to become better at what they do
• Millions of cyber attacks will hit your organisation every day
• It's like a marketing campaign, where a 2% return is very good. Send to 1 person and you've little chance of success, send to 1 million and you get <20,000
• Millions of data will continue to be breached and a major hack will materialise in 2024
• 99.9% of attacks will be mitigated, but it's that 0.1% that catches everyone out and creates chaos. Major hacks, we had MGM, Sabre, Microsoft and MoveIT this year and lets not forget SolarWinds that is still making waves
• Governments reaction to cyber attacks will be to introduce more regulations
• Every country now has data privacy laws, many based on GDPR. Even the Whitehouse Executive Order wants the 'Bipartisan data privacy legislation' to get through congress.
• MFA is a priority to mitigate the ease of account takeovers
• This is so old and tired, its becoming laughable for any organisation not implementing. Most systems/Apps make the user deploy 2FA as a minimum.
• Cloud security will be growing and promoted as more secure than on-premise architecture
• Since when has cloud security providers had a bag of security tools that are not available to any individual organisation.
• The insider continues to be a threat, even if they are just a WIMP (Well Intentional & Meaningful Person)
• Log everything everyone does with data and you get pre-emptive visibility if they are bad or just ill-informed.
• Everyone needs to trained on being security aware
• Totally agree. If the governments want to put legalisation in place for cyber then do it for security awareness. My opinion.
• Ransomware will continue to scare everyone, but only when it happens
• It's like telling someone they cannot get access to their bank account. They'll only believe it when they try, then they'll shout very loudly.
• Everyone will be told they need to know more about their data and profess to understand 100%, when the reality is 20-40% (at a push)
• When organisations only appreciate data in a database as the Crown Jewels, that's all they need to know. Wait until they see what is floating around the company and being sent down social channels.
• Cyber security needs to attract more budgets, but is still seen as a cost to the business
• I think CISOs would love to be treated as a value to the business and given a greater share of stagnant operating budgets.
• Cyber needs to be understood by the board
• Its happening, but will only get better once technology can be spoken with a 'tone of voice' that senior management can digest.

Everyone of these statements, not predictions have been seen every year for at least the last 5 years.

All these statements need to be enacted, progressed or put into a plan, and many are probably in place and either factored in or out of a CIO/CISO's activities.

So, rather than circulating another set of cyclical predictions, just send out a reminder and let people know if anything has changed and how realistic the last 2-3 years of their predictions have materialised.