I recently wrote about why I hate security predictions. I hate being asked to make them, I dislike reading many of them, and I think a lot of what we think of as "predictions" are simply extensions of the analysis security researchers and analysts are doing on a daily basis. This brings me to the conclusion that I actually hate the framing and connotation of predictions, rather than the actual act of creating and writing about the future of security.
In most types of research, one of the fundamental questions we should be asking is, "What does this mean going forward?" It's great to know the technical details of a vulnerability. We need to understand the actions criminals and nation state actors are taking today. It's equally important that we keep up to date on the latest detection and prevention methodologies in our space. But none of that is important unless we're also applying that knowledge to how we're going to change our actions in the future.
Asking about what research means to the future is one question you always need to be able to answer to make it valuable. When it's about the latest effort, questions about research aren't phrased as predictions, they're simply a part of the analysis of your work. Some might say telling readers how research affects them and what they should do about it is the most important part of the effort.
If we remove the word "prediction" from our vocabulary, and view this as an exercise to extend research to a broader audience, it becomes much more reasonable. No one expects any research or analysis to perfectly describe what the future will bring. We shouldn't have higher expectations for a piece of analysis simply because we've changed the term we're using to "predictions".
Coming at the end and beginning of the calendar year, predictions also help refocus our efforts, or at least give us a reminder of what we should be thinking about. Many of us plan breaks around the holiday season. Taking a few minutes to read the predictions of the prognosticators in our industry gives us a chance to be reminded of things we might have lost focus of over the course of the year. Or fodder to use to feed new lines of thought in the coming year.
If you think of predictions as a summary of the analysis by a variety of experts, rather than the ramblings of mad seers, there's a significant value to be found in this end of year tradition. As with so many things in life, sometimes it's how you focus on something that governs how much you'll get out of it.
Article Link: https://blogs.akamai.com/sitr/2021/01/why-do-we-need-security-predictions.html