Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

The End Of A Security Decade -- And The Beginning Of A New One

Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.

For the last month or so, Dark Reading has been celebrating its 10th year of service to the IT community with a series of stories and columns remembering the decade. You’ve seen articles that called out some of the industry’s history and heard from some security visionaries on where we’ve been and where we’re going.

Today, I’d like to conclude our 10th anniversary coverage with thanks – and a look at the challenges ahead.

The thanks are for you, dear readers, who have clicked on our stories and given us both positive and negative feedback over the decade. While we have a wonderful staff – Kelly Jackson Higgins, Marilyn Cohodas, and Sara Peters -- and many great contributors, we would never have risen to the top of the industry without the people who read our content every day. You are the reason we do this job, and we thank you for your loyalty and your participation in our online community.

Over the decade, the IT security industry has achieved some great victories. Huge botnets have fallen. Some of the worst cybercriminals have been caught. Security has transcended the data center and now sits in the enterprise boardroom -- and in those hallowed halls where laws are made. The military added a fifth domain to its universe: land, sea, air, space – and now cyberspace.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Never has the work we do been so evident – or so important – as it is today. Nearly every day, we see the impact of cyberattacks through breaches such as those that have occurred at Anthem, the Office of Personnel Management, and the Federal Reserve. We’ve seen businesses lose their very lifeblood – intellectual property – and individuals lose their identities. And we’ve said a silent “thank you” on the many days that our defenses held and none of those things happened. If you’re an IT security professional, the work you do matters.

Yet, while some of you have been at your jobs for years -- even decades -- the battle to win cyberspace has just begun. Recent estimates project that cybercrime costs will reach $2 trillion by 2019. Risk Based Security’s Data Breach QuickView Report cited an all-time high 3,930 incidents in 2015, representing more than 736 million records – both all-time highs. In the US alone, more than 17.6 million people – about 7 percent of the population – were victims of identity theft in 2015. Clearly, the IT security industry has its work cut out for it in the months and years ahead.

For most of the past decade, spending on information security has increased every year – and so have data breaches and losses. From personal security to perimeter defense, many aspects of industry thinking have been thought and rethought. Yet, most experts agree that the defenders continue to lose ground against the attackers, who only need one good exploit to cause havoc in an enterprise network.

To gain back that lost ground, IT security professionals will need new technologies and new ways of thinking. Enterprises must stop looking at security in a vacuum and begin sharing information – as the attackers do so effectively. Vendors must stop inventing new, stand-alone products that solve only one problem – and don’t work together. Enterprises must stop fighting fires long enough to develop a real security architecture that goes beyond simple layering of disparate technologies. Businesses must make a sincere investment in IT security staffing and training. End users must recognize that their unsafe behavior affects not only their own data, but the entire organization.

As difficult as the last decade has been for IT security professionals, the next decade promises to be even harder. The bad guys are becoming more numerous, more sophisticated, and more prolific. And as the cost of breaches increases, the stakes are going up. Over the last decade, we’ve seen huge threats and challenges – and chances are that the next decade will make those obstacles look like a day at the beach.

At Dark Reading, our pledge is to be with you as you face those threats and challenges. Our goal is not just to bring you the news on the latest attacks, but to help you develop the defenses you need to mitigate them. Just as attackers need IRC and other online methods of communication and collaboration, so defenders need places to gather and share their experiences and their solutions. Dark Reading – in partnership with its sister sites and events such as Black Hat, InformationWeek, Interop, and Network Computing -- pledges to be such an online destination.

The last 10 years has been IT security’s greatest decade – and greatest challenge. At Dark Reading, we’re privileged to have helped you see that decade unfold – and we hope to be a light that will help you navigate the next decade as well.

 

Related Content:

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
6/11/2016 | 9:05:41 AM
two things
1. transactions need to be authenticated

2. operating software nneds to be secure

 

just "proper formatting" of a transaction -- does not pass as authetication.    nor does the use of a symetric key such as a credit card number.    the authentication has be be good 1 time only for the instant transaction --- and has to be such that only the proper user can produce it.     this is the story behind Public Key Encryption.    we need to integrate it into what we do -- think 'packaged technology':   for example: think Forms 1040 and tax prep. software.

 

a secure operating system is one which will not allow itself to be compromised by un-authorized programming, nor will it allow un-authorized access of data from one application to another.   we need to insust on this.   we may not achieve perfection overnight but we cannot go on with business the way it has been thus far.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17489
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
CVE-2020-17495
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
CVE-2020-0260
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
CVE-2020-16170
PUBLISHED: 2020-08-11
The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded credentials.
CVE-2020-17487
PUBLISHED: 2020-08-11
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.