As we start 2013 off, I'm pretty sure that information security leaders everywhere are glad to hear all those predictions about their budgets getting a boost this year (and that the Mayans were wrong). Still, while some lucky ones are seeing their funds spike across most of their lines, others might be looking at only flat budgets or, poorer still, decreases.
The skeptic in me questions the forecast's validity. Pretty much each year over the last couple we've all heard that ‘everything's going to jump next year' refrain. Yet, we've all seen or gone through the opposite, right?
Most of the time, after we battle for more dollars and leave the year behind thinking that all will be well the next, stuff happens and new, less pleasant budgets are cast throughout the quarterly cycle. We may start off getting approval for that new hire (or maybe the wishful three or five, even) but, generally, things change. The economy starts tanking (surprise), a competitor begins gaining on us with some new offering, quarterly expectations don't hit the mark or, maybe, a data breach sends us in a tailspin…
Wait, why was that budget increase nixed? Again?
My point is that in this industry, even as budgets here or there get some jolts every so often, the one critical area of the biz that really should see increases or, at the very minimum, flat budgets year after year is IT security. I'm typing this commentary now on an internet-connected laptop which I will then use to email to my staff in our NYC headquarters while tunneling through a VPN. Technology underpins every single activity or, at least, most on which all businesses now rely.
“...in this industry... that really should see increases or, at the very minimum, flat budgets year after year is IT security.”
Just looking at the stories rounding out 2012, financial institutions and government agencies might want to be particularly worried about this year. For both government agencies and financial organizations, there are plenty of hacktivist attacks to go around. Team GhostShell, an Anonymous-related group, allegedly leaked about 1.6 million account details and records culled from the likes of NASA, the FBI, the Credit Union National Association and dozens of others. Already last year, the group had posted online the data of universities, banks, government agencies and more.
On the financial side, some of Carberp's crime network are back on the market with a $40,000 trojan kit to take out banks after a two-year absence. The move reportedly was made to take advantage of the big hole left by a Citadel syndicate. Meanwhile, a Russian gang is gearing up for spring by looking to infect as many users as possible with a variant of the Gozi trojan, called ‘Prinimalka', in hopes of initiating unauthorized wire transfers by hijacking live banking sessions.
Let's hope these budgetary prophecies are true… or some among us may start wishing the Mayans had it right.