The internet loves its lists. SEO and web content experts will tell you that lists get more traffic. People just love to know what the “Top 10” of anything is–whether it’s the Top 10 Richest People in America, or the Top 10 Fastest Cars in the World, or the Top 10 Brazenly False Things Donald Trump Said (In the Last 24 Hours), or the Top 10 Best Laptops of 2016.
At the end of every year we are deluged with Top X list rundowns of the past year and Top X list predictions for the year to come. Although it’s tradition and it’s unlikely to change anytime soon, I wrote a little something about why those lists have little–if any value–for companies or individuals trying to make sense of information security.
It’s that time of year. Once we’ve run out of leftover Thanksgiving turkey for sandwiches, and our Black Friday purchases start to show up on our credit card statements, there are two things that seem to happen every year: reviewing the year gone by and making predictions for the year to come. I get it. It’s tradition. However, few ever learn any lessons of value from analyzing the events of the past year and even fewer gain any relevant insight into the year ahead from speculative prognostications—especially because most are either safe and obvious predictions or end up being wrong anyway. With that in mind, I have created a new list of reasons to stop doing that.
1. The past may not be relevant
Lots of stuff happened in the past 12 months. Even if we narrow the focus just to network and data security and security incidents, there’s no shortage of events to reflect on from 2016. However, most of those events affect platforms or technologies you don’t use, or target industries you’re not in, so reviewing them provides little value aside from increasing your knowledge of general information security trivia.
2. The past is not an indication of the future
The events that do relate directly to your industry or company provide greater value, but knowing what happened last year isn’t necessarily helpful for preventing future attacks or breaches. Reacting to past attacks leads to things like taking off shoes at TSA checkpoints. It might have been an effective means of preventing a past attack, but has little—if any—actual impact on preventing future attacks. It’s like closing the barn door after the horses have escaped.
Check out the complete list on the Tenable blog: Top 5 Reasons to Stop Looking Back at 2016 or Making 2017 Predictions.