As many of you already know, the anti-Midas touch of the financial crisis is spreading to the technology sector. Sequoia Capital, one of the largest VC funds in Silicon Valley, gave a presentation that pretty much said become profitable now or pack up and go home. Security seemed to be counter-cyclical during the last bust, with Guardent, @Stake, SecurityFocus, and many others either started or acquired during the downturn. Myself and several other security analyst/bloggers believe that this time, however, is different, and our field will experience the same cutbacks that we will see across the broader tech industry, albeit less severely.
Security spending won't grind to a halt. People will always need spam filters and anti-virus packages. What I do expect, however, is less product and technology innovations that provide only marginal security improvements in the coming months to years. Much like a homeowner who won't renovate their basement when the toilet is leaking from the bottom seal, no one is going to pay for a new database security solution when their UTM can barely keep the web compromises down. Anyone who wants to push a new product forward better be solving a preexisting problem in an established market far more effectively and at a lower cost than their competitors for them to have a chance.
It's not all bad news, though. Downturns are great for attackers! Limited resources means machines will stay online longer, and reduced staffing means they are likely to stay unpatched for greater intervals. Home users will be stretching their budgets even further, and replacing a "perfectly fine computer" is going to be at the bottom of the list. I expect all the distributed attack problems, such as spam driven by bots, to continue to increase as a result.
The bottom line is that we will all be forced to focus on the fundamentals and dispense with products and processes that don't keep us secure and keep only those products that do so with our current hardware and a minimum of human oversight.