What a year it’s been – review of IT security 2014

By rights, 2015 should be the year of cyber security. After all, 2014 was the year of cyber-security failure. Just consider some of the highlights:

That’s merely a selection of the ones that made the news this side of the pond. ITRC reports a total of 720 breaches affecting 81.6 million records. So far in 2014, in the US alone. That’s counting only breaches where personal information was affected; it doesn’t include DDoS attacks – like the one that took down 1&1 yesterday, or destructive hacks without data leakage (as far as we know) like the one that offlined Sony’s Playstation Network on Monday. Again.

What about the UK? Well, BIS’s Cyber Security report for 2014 reports that 81% of large businesses and 60% of small businesses had a breach this year, with the cost of the worst breach averaging between £600k and £1.15m for larger businesses and £65k-£115k for small ones. The ICO’s fines total for 2014 so far is £815,000 – relating mostly to breaches from prior years, of course, so we’ll only really know how 2014 turned out this time next year.

And all these scary numbers relate only to the breaches we know about. The UK report is a self-reporting survey; the ITRC report depends on published news reports. Tip, iceberg?

What else happened this year?

We finally defeated the first version of Cryptolocker, aka “ransomware”. Let this inside your perimeter and it encrypted all the files it could reach and then demanded bitcoin payment for decryption; we saw further development of malware and hacking tools for sale – or even delivered as a service; ever more super-sophisticated, probably state-sponsored spyware; massive security holes in commonly-used software including the Bash unix shell, WordPress, Windows, Office; SSL; the development of a portable toolkit for compromising contactless payment cards; the growth in hacked versions of Android apps carrying malware; cyber warfare in Syria and Iraq; the News International phone-hacking trials; a site giving access to open CCTV around the world, including nursery cams…

So here’s my festive question: what are you doing about it?

Will your New Year’s Resolution be to take cyber security seriously, or is it to continue as the Cinderella entry in the depths of your IT budget? Remember, this isn’t just about buying firewalls – it’s about attitude, procedures and training, starting in the Boardroom.

Bah humbug. Happy Christmas.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s