Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

The End Of A Security Decade -- And The Beginning Of A New One

Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.

For the last month or so, Dark Reading has been celebrating its 10th year of service to the IT community with a series of stories and columns remembering the decade. You’ve seen articles that called out some of the industry’s history and heard from some security visionaries on where we’ve been and where we’re going.

Today, I’d like to conclude our 10th anniversary coverage with thanks – and a look at the challenges ahead.

The thanks are for you, dear readers, who have clicked on our stories and given us both positive and negative feedback over the decade. While we have a wonderful staff – Kelly Jackson Higgins, Marilyn Cohodas, and Sara Peters -- and many great contributors, we would never have risen to the top of the industry without the people who read our content every day. You are the reason we do this job, and we thank you for your loyalty and your participation in our online community.

Over the decade, the IT security industry has achieved some great victories. Huge botnets have fallen. Some of the worst cybercriminals have been caught. Security has transcended the data center and now sits in the enterprise boardroom -- and in those hallowed halls where laws are made. The military added a fifth domain to its universe: land, sea, air, space – and now cyberspace.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Never has the work we do been so evident – or so important – as it is today. Nearly every day, we see the impact of cyberattacks through breaches such as those that have occurred at Anthem, the Office of Personnel Management, and the Federal Reserve. We’ve seen businesses lose their very lifeblood – intellectual property – and individuals lose their identities. And we’ve said a silent “thank you” on the many days that our defenses held and none of those things happened. If you’re an IT security professional, the work you do matters.

Yet, while some of you have been at your jobs for years -- even decades -- the battle to win cyberspace has just begun. Recent estimates project that cybercrime costs will reach $2 trillion by 2019. Risk Based Security’s Data Breach QuickView Report cited an all-time high 3,930 incidents in 2015, representing more than 736 million records – both all-time highs. In the US alone, more than 17.6 million people – about 7 percent of the population – were victims of identity theft in 2015. Clearly, the IT security industry has its work cut out for it in the months and years ahead.

For most of the past decade, spending on information security has increased every year – and so have data breaches and losses. From personal security to perimeter defense, many aspects of industry thinking have been thought and rethought. Yet, most experts agree that the defenders continue to lose ground against the attackers, who only need one good exploit to cause havoc in an enterprise network.

To gain back that lost ground, IT security professionals will need new technologies and new ways of thinking. Enterprises must stop looking at security in a vacuum and begin sharing information – as the attackers do so effectively. Vendors must stop inventing new, stand-alone products that solve only one problem – and don’t work together. Enterprises must stop fighting fires long enough to develop a real security architecture that goes beyond simple layering of disparate technologies. Businesses must make a sincere investment in IT security staffing and training. End users must recognize that their unsafe behavior affects not only their own data, but the entire organization.

As difficult as the last decade has been for IT security professionals, the next decade promises to be even harder. The bad guys are becoming more numerous, more sophisticated, and more prolific. And as the cost of breaches increases, the stakes are going up. Over the last decade, we’ve seen huge threats and challenges – and chances are that the next decade will make those obstacles look like a day at the beach.

At Dark Reading, our pledge is to be with you as you face those threats and challenges. Our goal is not just to bring you the news on the latest attacks, but to help you develop the defenses you need to mitigate them. Just as attackers need IRC and other online methods of communication and collaboration, so defenders need places to gather and share their experiences and their solutions. Dark Reading – in partnership with its sister sites and events such as Black Hat, InformationWeek, Interop, and Network Computing -- pledges to be such an online destination.

The last 10 years has been IT security’s greatest decade – and greatest challenge. At Dark Reading, we’re privileged to have helped you see that decade unfold – and we hope to be a light that will help you navigate the next decade as well.


Related Content:


Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/11/2016 | 9:05:41 AM
two things
1. transactions need to be authenticated

2. operating software nneds to be secure


just "proper formatting" of a transaction -- does not pass as authetication.    nor does the use of a symetric key such as a credit card number.    the authentication has be be good 1 time only for the instant transaction --- and has to be such that only the proper user can produce it.     this is the story behind Public Key Encryption.    we need to integrate it into what we do -- think 'packaged technology':   for example: think Forms 1040 and tax prep. software.


a secure operating system is one which will not allow itself to be compromised by un-authorized programming, nor will it allow un-authorized access of data from one application to another.   we need to insust on this.   we may not achieve perfection overnight but we cannot go on with business the way it has been thus far.
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory w...
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on t...
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute w...
PUBLISHED: 2021-06-21
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some...
PUBLISHED: 2021-06-21
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue