how to write effective industry predictionsJust in time (hopefully) for your 2015 industry trend prediction posts, here are five things to do right, courtesy of security and mobile cloud services provider Neohapsis and their excellent list of 215 security predictions. (No, Neophasis is NOT a client and I had nothing to do with this list of predictions.)

Kind of wish I had, though. Here’s what I learned from these predictions:

Get Specific

It would have been easy, and self-evident, to predict that large and embarrassing security breaches would continue. Neohapsis got more detailed and predicted that a U.S. firm will be implicated in a significant breach of EU data. This gives readers doing business in the U.S. more actionable information because, as it points out, “There is an associated cost…from the increased oversight and enforcement actions by” European agencies of US companies handling data about European citizens.

Dig Deep for Insights

“The line between attack and defense tools and techniques will blur,” Neohapsis predicted, as both sides “repurpose each other’s tools and techniques.” For example, attackers will hide behind the network defenses they are trying to attack and use forensic tools (usually used to track attacks) to steal passwords and find valuable data.” Their advice: Create security programs that don’t assume your security technology itself is safe.  I suspect this is new and thought provoking for anyone who isn’t hip deep into security. Such insights are a great way to position yourself as a smart, and trustworthy source of expertise in your industry.

Mash Them Trends

In apps (and music) a mashup combines content from multiple sources into something new and interesting. Neohapsis combined timely buzzwords to create several mashups in its predictions.

One that jumped out at me was the prediction – and even their urging – that the good guys use crowd-sourcing (combining small contributions from many individuals) to more efficiently find and share information about security vulnerabilities. Neohapsis even suggested it’s “more cost-effective to establish a bug-bounty program for…Internet facing services than (to) hire another security consultancy to perform testing.” It argued such payments could “drive a wedge between financially motivated hackers and eliminate threats just as the industry has turned blackhats to whitehats by providing respectable salaries.” This actionable advice gives forward-looking companies a way to outpace their competitors, and inside security staffs to look smart to their managers.

Shake Up the Status Quo

By way of predicting that “Attackers will exploit unassessed system components.”  Neohapsis challenged readers to push security consultants to widen the scope of their security tests. For example, it said, cloud and SaaS (software as a service) infrastructures are often tested for security, but not the controls for the DevOps teams that have access to cloud control scripts. Same for forgetting to test the configuration of the software that makes up a software-defined network, rather just than the network itself. Educating readers that what they think they know ain’t necessarily true is great thought leadership, especially if it includes actionable advice (as Neohapsis did.)

Fess Up

Neohapsis’ prediction that “We will have better communication from security consultants” was actually a confession that “as an industry, we’ve neglected to effectively convey the impact of our discoveries to all relevant parties.” The expert who penned this prediction wrote that “Heartbleed was a great vulnerability for penetration testers to exploit, but that wasn’t what struck my heart. Heartbleed was most impressive for demonstrating the power and importance of good reporting, marketing, and PR.”

Admitting to what you, as a vendor, need to do better is incredibly effective in establishing the  emotional connection so important with B2B prospects. Ditto for the words “what struck my heart.” This person is passionate about security. Isn’t that someone you’d like working for you?

Author: Bob Scheier
Visit Bob's Website - Email Bob
I'm a veteran IT trade press reporter and editor with a passion for clear writing that explains how technology can help businesses. To learn more about my content marketing services, email bob@scheierassociates.com or call me at 508 725-7258.

Tagged with:

Filed under: Content Marketing For IT Vendors

Like this post? Subscribe to my RSS feed and get loads more!