The 10 Digital Risk Predictions for 2004
London, UK - 9 December 2003, 16:00 GMT -As the last twelve months
have unfolded, even those chairmen and chief executives who had previously
expressed little interest in technology issues have suddenly begun to talk
about their corporate experience in dealing with business interruption caused
frequently by computer viruses, worms, spammers and denial of service extortion.
This indicates that digital risk management has clearly crept up the board's
agenda and now concerns executive decision making much more regularly.
The art of making accurate predictions is based on understanding the historic
trends, future motivations and the scenarios that new technology makes possible
with every passing year. However, we cannot hope to rival the precision of
this statement from The Life of Brian:
"There shall in that time be rumours of things going astray, erm,
and there shall be a great confusion as to where things really are, and nobody
will really know where lieth those little things wi-with the sort of raffia-work
base, that has an attachment. At that time, a friend shall lose his friends
hammer, and the young shall not know where lieth the things possessed by their
fathers that their fathers put there only just the night before, about eight
Without further ado, the mi2g Intelligence Unit's top ten predictions
for next year are:
1. In 2004 there will be a metamorphosis in the nature of digital attacks.
It will no longer be possible to classify them along the rigid lines currently
employed, such as viruses, worms, spam, denial of service, hacker attacks,
Trojan software etc. It will be common to see viruses delivering spam; spam
becoming a propaganda tool of rogue states, radical militant and religious
groups; as well as sophisticated malware attacks that more closely mimic the
way in which hackers manifest their skills. The prediction for the number
of overt digital hacker attacks worldwide in 2004 is 350,000. The most targeted
country will remain USA followed by NATO member countries - especially the
UK and Germany. Most of the attacks will originate from developing countries
upon OECD countries. Government computer networks will increasingly be successfully
breached, especially those of China, South Korea, Brazil and Scandinavian
2. The amount of spam will continue to rise and could constitute as
much as two thirds of all email traffic worldwide. The war between the spammers
and anti-spam block list community will intensify. The productivity drag from
spam to the global economy will exceed $60bn in 2004. Tight anti-spam measures
will add to the inconvenience of not being able to communicate with long established
contacts swiftly as some genuine email messages will invariably get mis-routed,
mis-filed or deleted. Senior executives will once again resort to facsimile
messaging as they did in the 1980s and early 1990s.
3. The intellectual gain or "for fun" motivation for virus
writers and hackers will continue to recede and the dominant reason to hack,
write malware or send spam will be financial gain. All manner of financial
fraud and scams based on exploiting trust associated with established brand
names will become commonplace. Ordinary households and small entities will
be the primary victims of such scams. Sophisticated identity theft will continue
to proliferate as online bank accounts and electronic payment facilities in
particular are targeted because of poor single layer authentication reliant
only on passwords and text. Introduction of smart card and basic biometric
authentication is likely to take place within the coming two years.
4. Command and control attacks that target and cripple specific organisations
within financial services, aviation, transport, telecommunications, utilities
or emergency services will be witnessed. Those attacks may be orchestrated
by a combination of malware, hacker attacks and insider help. As a result,
a major electricity distribution network, an airline's reservation capability,
bank ATMs, mobile telephone access or emergency response capability could
go down with a domino effect.
5. Outsourcing will begin to manifest serious risk. All manner of electronic
crime will originate from countries where multi-nationals have outsourced
customer support and software development. The privacy of confidential customer
data will be violated as off-shore workers migrate from one job to the next
or begin to participate in organised crime rackets. Watch out for outsourcing
risks manifesting adversely through off-shore centres in India, China, The
Russian Federation, Mexico, Brazil and Philippines.
6. Fundamentalist hacking, crippling malware proliferation, denial
of service attacks and propaganda spam are likely to grow in the context of
domestic insurgence and trans-national militant activity. The origin of this
malevolence is likely to be based in Morocco, Egypt, Saudi Arabia, Kuwait,
Pakistan, Central Asian Republics, Indonesia and Malaysia. Backlash hacktivism
originating from USA, UK, Germany, Italy, Israel and India can also be expected.
Fundamentalist hacking will continue to precede physical terrorism by a factor
of eight to ten weeks as has already been witnessed in the case of terrorism
in Bali, Casablanca, Riyadh and Istanbul as well as the targeting of American,
British, Italian and other NATO member countries' commercial and government
7. There will be at least three major malware - virus or worm - attacks
in 2004 where the damage worldwide will exceed $30bn in each instance. Despite
this, anti-virus tool kit and firewall vendors will find it difficult to make
money out of retail customers as operating system vendors will offer those
products for free either through strategic alliances or by incorporating the
security functionality within the underlying software. Public and private
trust in software vendors will continue to erode. New flavours and product
launches of proprietary operating systems and associated applications will
find it difficult to convince established customers and new buyers to part
with cash unless security becomes guaranteed and the sunk cost is recompensed
if a mission critical system becomes infected with malware and is rendered
useless. Within the corporate environment, there will be increased confusion
about which security products and services to budget for and procure. There
will be more emphasis on training personnel.
8. Many governments around the world will note the economic impact
of digital risk on their GDP and demand redressal from software vendors for
themselves and their large businesses, set up early warning centres and migrate
their computer systems from proprietary to open source solutions. The total
economic damage from all types of digital attack worldwide will cross $250bn
in 2004 but the rate of increase could slow considerably as investment in
digital risk education and training accelerates. Legislation will be passed
across the world to bring computer criminals to justice. Law enforcement agencies
across the globe will report the arrest of several trans-national criminal
syndicates operating in the close knit matrix of drug trafficking, contraband
and counterfeit goods, illegal immigrants, credit card and other financial
fraud, as well as computer crime.
9. Fixed connection computing will continue to give way to wireless
connectivity that will pave the way for pervasive computing anytime anywhere.
SMS messaging spam and mobile-telephone specific malware will emerge and present
a growing challenge. Base stations belonging to mobile telephone operators
could get hijacked to send millions of unwanted SMS messages soliciting purchase
of product or disseminating propaganda. Satellite upload links could also
be hijacked by militia or criminal syndicates from developing countries to
push through a particular criminal agenda or anti-government message.
10. Some 'reputable' authors and large software vendors will continue
to form macro-groups to question mi2g's research; and use distributed-defamation-of-reputation
attacks to propel inane comments on search engine hierarchies against mi2g
and its team members. We will continue to welcome all feedback with a smile.
The mi2g team would like to take this opportunity to wish all our friends
and their families a Merry Christmas and a Happy New Year!
Also read Predictions for 2003 - How accurate was mi2g?
Full details of the November 2003 report are available as of 1st December
2003 and can be ordered from here.
(To view contents sample please click here).
Become a member of the Inner
Sanctum to retrieve articles in full.