It’s that time of year. Once we’ve run out of leftover Thanksgiving turkey for sandwiches, and our Black Friday purchases start to show up on our credit card statements, there are two things that seem to happen every year: reviewing the year gone by and making predictions for the year to come. I get it. It’s tradition. However, few ever learn any lessons of value from analyzing the events of the past year and even fewer gain any relevant insight into the year ahead from speculative prognostications—especially because most are either safe and obvious predictions or end up being wrong anyway. With that in mind, I have created a new list of reasons to stop doing that.
1. The past may not be relevant
Lots of stuff happened in the past 12 months. Even if we narrow the focus just to network and data security and security incidents, there’s no shortage of events to reflect on from 2016. However, most of those events affect platforms or technologies you don’t use, or target industries you’re not in, so reviewing them provides little value aside from increasing your knowledge of general information security trivia.
2. The past is not an indication of the future
The events that do relate directly to your industry or company provide greater value, but knowing what happened last year isn’t necessarily helpful for preventing future attacks or breaches. Reacting to past attacks leads to things like taking off shoes at TSA checkpoints. It might have been an effective means of preventing a past attack, but has little—if any—actual impact on preventing future attacks. It’s like closing the barn door after the horses have escaped.
3. Most predictions are wrong
Making predictions about technology or security is a bit like predicting the weather, and has as bad or worse odds of being accurate. Predictions are either painfully obvious—in which case they don’t provide any insight or value at all—or tend to be guesses more than predictions. The guesses are hopefully backed by some intelligent analysis of past and current trends or knowledge of cutting edge technologies, but ultimately they tend to be wish lists more than predictions, and those making them are as surprised as anyone else if or when they come true.
4. Predictions may not be relevant
There are some predictions that end up being accurate. A combination of “even a broken clock is right twice a day” and throwing enough ideas out there results in at least something eventually coming true. Odds are that the few predictions that prove to be accurate will fall into the category of things that don’t apply to your industry or to the platforms and applications your business relies on.
5. Better to look within
Make your own lists. There’s nothing inherently wrong with reviewing the past year or trying to make some educated guesses about the year to come. It makes good business sense. However, rather than relying on technology pundits to provide you with cookie cutter “Top 10” lists, you should analyze your own data and your own history, and use the information you have available to make your own predictions for 2017—predictions that are directly relevant to you and your company.
Analyze your own data and history to make your own predictions for 2017
If you simply must read the post mortem reviews of 2016, or check out the predictions and guesstimations for what 2017 has in store, feel free. I mean, it is tradition—like green beer on St. Patrick’s Day, fireworks on the 4th of July, or the Detroit Lions playing on Thanksgiving Day. Just do so with a realistic understanding of the value—or lack thereof—those provide for your business, and focus on the things that will actually make the most impact for you.