‘Tis the season…
…for Threat Reports, Cybersecurity Predictions, State of XYZ Reviews, and all the rest!
Just to be clear, we’re not being cynical, dismissive, or pejorative.
After all, we recently published an article right here on this blog entitled The State of Ransomware 2024, and it’s well worth reading.
Don’t panic!
It’s a digestible article rather than a lengthy report, weighing in at just over 1000 words rather than dozens of printed pages:
And reviews of the year just gone, or predictions for the year about to come, will almost always appear in last or first few weeks of any calendar year.
That doesn’t mean you can’t have some good-natured fun with Threat Report timings, just as you probably do with festive season shopping, which seems to kick off earlier and earlier every year.
(I am fairly sure I first heard Jingle Bells in October this year, long before any sleigh-based transport would have been possible, no matter how many horses were available.)
A similar thing happens around Black Friday, of course, which is now firmly embedded even in countries that don’t have Thanksgiving Thursday.
This leads to abominable linguistic exaggerations such as ‘Black Friday Week’, and even ‘Black Friday Month’.
But for all the hype around Black Friday, as we pointed out just before this year’s Thanksgiving period, any seasonal warning that encourages people to take cybersecurity more seriously is a positive result…
…provided that it doesn’t lead them to think that it’s satisfactory to let their guard down again immediately afterwards.
As we wrote at the time:
Please treat Black Friday warnings, even if they’re from cybersecurity vendors who really only want to sell you “more tools, more tools,” in the same way that you might treat Cybersecurity Awareness Month or Quit Smoking Day.
Quit Smoking Day, if you have ever seen or attended such a thing, is not meant to be one day on which you give your lungs a break and don’t smoke, or cut down from your usual intake.
It’s meant to be a day to encourage those who would like to give up smoking, which is a known health risk that many people find hard to get out of, to do just that for the rest of their lives.
Simply put, seasonal cybersecurity publications generally work well, provided that:
As for figuring out the nature of the threat predictions for next year, we can already begin to make our prediction predictions based on reports from vendors who decided to get in early and have published already.
As always, the bad news largely seems to boil down to, “Things will probably get worse before they get better, if they get better at all.”
But the good news, loosely speaking, is that even cyberattacks that will feel brand new, or that will be more dangerous because they use sneakier variants of existing techniques, can almost certainly be defended against by cybersecurity precautions that we already know and understand perfectly well.
All we need to do next year, as we probably should have done this year, last year, and the year before that, and so on, is to get ourselves a proverbial Round Tuit.
(Yes, that’s an old joke: “We are fully committed to this action. You can be sure that it will be done just as soon as we get a Round Tuit.”)
So, please read, enjoy, and learn from the many Threat Reports and Cybersecurity Predictions that are plentiful at this time of year.
Just make sure that you don’t get so distracted by any exciting new claims that you give up on the basics.
Don’t be like the four notorious people in the old meme:
The task required commitment, but in practical terms was sufficiently straightforward that Anybody could have done it. However, Everybody assumed that Somebody would do it. In the end, Nobody did it.
Some examples of predictions you are likely to hear, and what you can do about them, include:
Why not ask how SolCyber can help you do cybersecurity in the most human-friendly way? Don’t get stuck behind an ever-expanding convoy of security tools that leave you at the whim of policies and procedures that are dictated by the tools, even though they don’t suit your IT team, your colleagues, or your customers!
Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!
Featured image of masked person by Regine Tholen via Unsplash.