The 10 Digital Risk Predictions for 2004

news release

London, UK - 9 December 2003, 16:00 GMT -As the last twelve months have unfolded, even those chairmen and chief executives who had previously expressed little interest in technology issues have suddenly begun to talk about their corporate experience in dealing with business interruption caused frequently by computer viruses, worms, spammers and denial of service extortion. This indicates that digital risk management has clearly crept up the board's agenda and now concerns executive decision making much more regularly.

The art of making accurate predictions is based on understanding the historic trends, future motivations and the scenarios that new technology makes possible with every passing year. However, we cannot hope to rival the precision of this statement from The Life of Brian:

"There shall in that time be rumours of things going astray, erm, and there shall be a great confusion as to where things really are, and nobody will really know where lieth those little things wi-with the sort of raffia-work base, that has an attachment. At that time, a friend shall lose his friends hammer, and the young shall not know where lieth the things possessed by their fathers that their fathers put there only just the night before, about eight O'clock."

Without further ado, the mi2g Intelligence Unit's top ten predictions for next year are:

1. In 2004 there will be a metamorphosis in the nature of digital attacks. It will no longer be possible to classify them along the rigid lines currently employed, such as viruses, worms, spam, denial of service, hacker attacks, Trojan software etc. It will be common to see viruses delivering spam; spam becoming a propaganda tool of rogue states, radical militant and religious groups; as well as sophisticated malware attacks that more closely mimic the way in which hackers manifest their skills. The prediction for the number of overt digital hacker attacks worldwide in 2004 is 350,000. The most targeted country will remain USA followed by NATO member countries - especially the UK and Germany. Most of the attacks will originate from developing countries upon OECD countries. Government computer networks will increasingly be successfully breached, especially those of China, South Korea, Brazil and Scandinavian countries.

2. The amount of spam will continue to rise and could constitute as much as two thirds of all email traffic worldwide. The war between the spammers and anti-spam block list community will intensify. The productivity drag from spam to the global economy will exceed $60bn in 2004. Tight anti-spam measures will add to the inconvenience of not being able to communicate with long established contacts swiftly as some genuine email messages will invariably get mis-routed, mis-filed or deleted. Senior executives will once again resort to facsimile messaging as they did in the 1980s and early 1990s.

3. The intellectual gain or "for fun" motivation for virus writers and hackers will continue to recede and the dominant reason to hack, write malware or send spam will be financial gain. All manner of financial fraud and scams based on exploiting trust associated with established brand names will become commonplace. Ordinary households and small entities will be the primary victims of such scams. Sophisticated identity theft will continue to proliferate as online bank accounts and electronic payment facilities in particular are targeted because of poor single layer authentication reliant only on passwords and text. Introduction of smart card and basic biometric authentication is likely to take place within the coming two years.

4. Command and control attacks that target and cripple specific organisations within financial services, aviation, transport, telecommunications, utilities or emergency services will be witnessed. Those attacks may be orchestrated by a combination of malware, hacker attacks and insider help. As a result, a major electricity distribution network, an airline's reservation capability, bank ATMs, mobile telephone access or emergency response capability could go down with a domino effect.

5. Outsourcing will begin to manifest serious risk. All manner of electronic crime will originate from countries where multi-nationals have outsourced customer support and software development. The privacy of confidential customer data will be violated as off-shore workers migrate from one job to the next or begin to participate in organised crime rackets. Watch out for outsourcing risks manifesting adversely through off-shore centres in India, China, The Russian Federation, Mexico, Brazil and Philippines.

6. Fundamentalist hacking, crippling malware proliferation, denial of service attacks and propaganda spam are likely to grow in the context of domestic insurgence and trans-national militant activity. The origin of this malevolence is likely to be based in Morocco, Egypt, Saudi Arabia, Kuwait, Pakistan, Central Asian Republics, Indonesia and Malaysia. Backlash hacktivism originating from USA, UK, Germany, Italy, Israel and India can also be expected. Fundamentalist hacking will continue to precede physical terrorism by a factor of eight to ten weeks as has already been witnessed in the case of terrorism in Bali, Casablanca, Riyadh and Istanbul as well as the targeting of American, British, Italian and other NATO member countries' commercial and government interests.

7. There will be at least three major malware - virus or worm - attacks in 2004 where the damage worldwide will exceed $30bn in each instance. Despite this, anti-virus tool kit and firewall vendors will find it difficult to make money out of retail customers as operating system vendors will offer those products for free either through strategic alliances or by incorporating the security functionality within the underlying software. Public and private trust in software vendors will continue to erode. New flavours and product launches of proprietary operating systems and associated applications will find it difficult to convince established customers and new buyers to part with cash unless security becomes guaranteed and the sunk cost is recompensed if a mission critical system becomes infected with malware and is rendered useless. Within the corporate environment, there will be increased confusion about which security products and services to budget for and procure. There will be more emphasis on training personnel.

8. Many governments around the world will note the economic impact of digital risk on their GDP and demand redressal from software vendors for themselves and their large businesses, set up early warning centres and migrate their computer systems from proprietary to open source solutions. The total economic damage from all types of digital attack worldwide will cross $250bn in 2004 but the rate of increase could slow considerably as investment in digital risk education and training accelerates. Legislation will be passed across the world to bring computer criminals to justice. Law enforcement agencies across the globe will report the arrest of several trans-national criminal syndicates operating in the close knit matrix of drug trafficking, contraband and counterfeit goods, illegal immigrants, credit card and other financial fraud, as well as computer crime.

9. Fixed connection computing will continue to give way to wireless connectivity that will pave the way for pervasive computing anytime anywhere. SMS messaging spam and mobile-telephone specific malware will emerge and present a growing challenge. Base stations belonging to mobile telephone operators could get hijacked to send millions of unwanted SMS messages soliciting purchase of product or disseminating propaganda. Satellite upload links could also be hijacked by militia or criminal syndicates from developing countries to push through a particular criminal agenda or anti-government message.

10. Some 'reputable' authors and large software vendors will continue to form macro-groups to question mi2g's research; and use distributed-defamation-of-reputation attacks to propel inane comments on search engine hierarchies against mi2g and its team members. We will continue to welcome all feedback with a smile.

The mi2g team would like to take this opportunity to wish all our friends and their families a Merry Christmas and a Happy New Year!


Also read Predictions for 2003 - How accurate was mi2g?

Full details of the November 2003 report are available as of 1st December 2003 and can be ordered from here. (To view contents sample please click here).

Become a member of the Inner Sanctum to retrieve articles in full.

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy