How Did I Do On Last Year’s #Cybersecurity #Trends Predictions?


Last year I predicted six trends for cybersecurity in 2014.

  1. Botclouds not botnets – the idea that malware command and control infrastructure would start to become more cloud based.
  2. Cryptocurrency surprise – the idea that things like Litecoin and Dogecoin would be mined by more malware instead of Bitcoin due to the difficulty in mining Bitcoin on home PCs.
  3. Wearable malware – the idea that malware would start to move into tablets, mobile phones, and wearable smart devices.
  4. The deep web surfaces – the idea that the Deep Web would get more popular.
  5. 3rd party security requirements increase – the idea that businesses will increasingly require third party vendors to obtain some sort of external validation of their cybersecurity processes.
  6. Big data becomes huge data with things like SSL visibility – the idea that big data will only increase, leaving people with “huge data” which they might not immediately have a handle on.

Considering I posted some of these predictions as late as March (though I came up with them in January for a talk I would give in February, and why I posted all my 2015 predictions on the 1st this year), one could suggest that I didn’t really predict much. That’s fair, and let’s see how I did.

Botclouds were already a thing when I made the first prediction. They are increasingly used by malware authors, and some of the researchers in the company for which I work (Blue Coat) found a fairly sophisticated cloud-based APT attack recently. Based on its many layers, they styled it “Inception”, after the movie. Aside from that, though, there was a significant increase in cloud platforms being used for malware. It seems even those companies trying to solve the problem (GoDaddy) are replaced by those who aren’t.

Though I posted on the 29th of March for the second trend, I had developed the trends prior to my blog articles for a talk I gave at a conference last year. Two days before my post (but after I gave the conference talk in February), CoinKrypt was making its rounds and using people’s computing resources to mine Litecoin, Dogecoin, and Casinocoin. Clocking in a win for both the second prediction and the third, Android mining malware started showing up.

While not exactly crafted into malware (yet?), a Denial-ofService attack was found for the Pebble Smart Watch. There were other examples of smart watch vulnerabilities as well. Malware for wearables is just an extension of mobile malware, so this was on target even if not really all that difficult to imagine.

The deep web did surface, as Google Trends shows:


Everything after the dip after “D” is 2014.

This screenshot also includes the forecast. The trend will continue.


The ISACA conference in November talked about 3rd party cybersecurity SLAs (PDF link). It also became a topic for the Cyberdefense blog. Banks started making outside lawyers up their cybersecurity requirements.

We can determine the interest in “huge data” by looking at the popularity of the term “data science”. As more people struggle with larger volumes of data, they need data science to start understanding it. Therefore, one can use that term as a proxy for the idea of huge data, and Google Trends once again gives us an idea:


Everything after the dip after “G” is 2014.

The giant drop-off at the end represents partial data for January of 2015. I doubt that drop-off will remain like that, especially given that it’s only three days worth and is already at 2013 levels.

So it looks like most of the things I predicted seem to have come true in some form or another. In fairness, trends one through four were really already in existence, so those weren’t too difficult to predict. Five and Six were more of a risk, and I seem to have gotten those right. It will remain to be seen if my prognostication skills for 2015 will hold up!