Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

The End Of A Security Decade -- And The Beginning Of A New One

Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.

For the last month or so, Dark Reading has been celebrating its 10th year of service to the IT community with a series of stories and columns remembering the decade. You’ve seen articles that called out some of the industry’s history and heard from some security visionaries on where we’ve been and where we’re going.

Today, I’d like to conclude our 10th anniversary coverage with thanks – and a look at the challenges ahead.

The thanks are for you, dear readers, who have clicked on our stories and given us both positive and negative feedback over the decade. While we have a wonderful staff – Kelly Jackson Higgins, Marilyn Cohodas, and Sara Peters -- and many great contributors, we would never have risen to the top of the industry without the people who read our content every day. You are the reason we do this job, and we thank you for your loyalty and your participation in our online community.

Over the decade, the IT security industry has achieved some great victories. Huge botnets have fallen. Some of the worst cybercriminals have been caught. Security has transcended the data center and now sits in the enterprise boardroom -- and in those hallowed halls where laws are made. The military added a fifth domain to its universe: land, sea, air, space – and now cyberspace.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Never has the work we do been so evident – or so important – as it is today. Nearly every day, we see the impact of cyberattacks through breaches such as those that have occurred at Anthem, the Office of Personnel Management, and the Federal Reserve. We’ve seen businesses lose their very lifeblood – intellectual property – and individuals lose their identities. And we’ve said a silent “thank you” on the many days that our defenses held and none of those things happened. If you’re an IT security professional, the work you do matters.

Yet, while some of you have been at your jobs for years -- even decades -- the battle to win cyberspace has just begun. Recent estimates project that cybercrime costs will reach $2 trillion by 2019. Risk Based Security’s Data Breach QuickView Report cited an all-time high 3,930 incidents in 2015, representing more than 736 million records – both all-time highs. In the US alone, more than 17.6 million people – about 7 percent of the population – were victims of identity theft in 2015. Clearly, the IT security industry has its work cut out for it in the months and years ahead.

For most of the past decade, spending on information security has increased every year – and so have data breaches and losses. From personal security to perimeter defense, many aspects of industry thinking have been thought and rethought. Yet, most experts agree that the defenders continue to lose ground against the attackers, who only need one good exploit to cause havoc in an enterprise network.

To gain back that lost ground, IT security professionals will need new technologies and new ways of thinking. Enterprises must stop looking at security in a vacuum and begin sharing information – as the attackers do so effectively. Vendors must stop inventing new, stand-alone products that solve only one problem – and don’t work together. Enterprises must stop fighting fires long enough to develop a real security architecture that goes beyond simple layering of disparate technologies. Businesses must make a sincere investment in IT security staffing and training. End users must recognize that their unsafe behavior affects not only their own data, but the entire organization.

As difficult as the last decade has been for IT security professionals, the next decade promises to be even harder. The bad guys are becoming more numerous, more sophisticated, and more prolific. And as the cost of breaches increases, the stakes are going up. Over the last decade, we’ve seen huge threats and challenges – and chances are that the next decade will make those obstacles look like a day at the beach.

At Dark Reading, our pledge is to be with you as you face those threats and challenges. Our goal is not just to bring you the news on the latest attacks, but to help you develop the defenses you need to mitigate them. Just as attackers need IRC and other online methods of communication and collaboration, so defenders need places to gather and share their experiences and their solutions. Dark Reading – in partnership with its sister sites and events such as Black Hat, InformationWeek, Interop, and Network Computing -- pledges to be such an online destination.

The last 10 years has been IT security’s greatest decade – and greatest challenge. At Dark Reading, we’re privileged to have helped you see that decade unfold – and we hope to be a light that will help you navigate the next decade as well.

 

Related Content:

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
6/11/2016 | 9:05:41 AM
two things
1. transactions need to be authenticated

2. operating software nneds to be secure

 

just "proper formatting" of a transaction -- does not pass as authetication.    nor does the use of a symetric key such as a credit card number.    the authentication has be be good 1 time only for the instant transaction --- and has to be such that only the proper user can produce it.     this is the story behind Public Key Encryption.    we need to integrate it into what we do -- think 'packaged technology':   for example: think Forms 1040 and tax prep. software.

 

a secure operating system is one which will not allow itself to be compromised by un-authorized programming, nor will it allow un-authorized access of data from one application to another.   we need to insust on this.   we may not achieve perfection overnight but we cannot go on with business the way it has been thus far.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18986
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVE-2019-18981
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2019-18982
PUBLISHED: 2019-11-15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVE-2019-18985
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
CVE-2019-18928
PUBLISHED: 2019-11-15
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.