Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

The End Of A Security Decade -- And The Beginning Of A New One

Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.

For the last month or so, Dark Reading has been celebrating its 10th year of service to the IT community with a series of stories and columns remembering the decade. You’ve seen articles that called out some of the industry’s history and heard from some security visionaries on where we’ve been and where we’re going.

Today, I’d like to conclude our 10th anniversary coverage with thanks – and a look at the challenges ahead.

The thanks are for you, dear readers, who have clicked on our stories and given us both positive and negative feedback over the decade. While we have a wonderful staff – Kelly Jackson Higgins, Marilyn Cohodas, and Sara Peters -- and many great contributors, we would never have risen to the top of the industry without the people who read our content every day. You are the reason we do this job, and we thank you for your loyalty and your participation in our online community.

Over the decade, the IT security industry has achieved some great victories. Huge botnets have fallen. Some of the worst cybercriminals have been caught. Security has transcended the data center and now sits in the enterprise boardroom -- and in those hallowed halls where laws are made. The military added a fifth domain to its universe: land, sea, air, space – and now cyberspace.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Never has the work we do been so evident – or so important – as it is today. Nearly every day, we see the impact of cyberattacks through breaches such as those that have occurred at Anthem, the Office of Personnel Management, and the Federal Reserve. We’ve seen businesses lose their very lifeblood – intellectual property – and individuals lose their identities. And we’ve said a silent “thank you” on the many days that our defenses held and none of those things happened. If you’re an IT security professional, the work you do matters.

Yet, while some of you have been at your jobs for years -- even decades -- the battle to win cyberspace has just begun. Recent estimates project that cybercrime costs will reach $2 trillion by 2019. Risk Based Security’s Data Breach QuickView Report cited an all-time high 3,930 incidents in 2015, representing more than 736 million records – both all-time highs. In the US alone, more than 17.6 million people – about 7 percent of the population – were victims of identity theft in 2015. Clearly, the IT security industry has its work cut out for it in the months and years ahead.

For most of the past decade, spending on information security has increased every year – and so have data breaches and losses. From personal security to perimeter defense, many aspects of industry thinking have been thought and rethought. Yet, most experts agree that the defenders continue to lose ground against the attackers, who only need one good exploit to cause havoc in an enterprise network.

To gain back that lost ground, IT security professionals will need new technologies and new ways of thinking. Enterprises must stop looking at security in a vacuum and begin sharing information – as the attackers do so effectively. Vendors must stop inventing new, stand-alone products that solve only one problem – and don’t work together. Enterprises must stop fighting fires long enough to develop a real security architecture that goes beyond simple layering of disparate technologies. Businesses must make a sincere investment in IT security staffing and training. End users must recognize that their unsafe behavior affects not only their own data, but the entire organization.

As difficult as the last decade has been for IT security professionals, the next decade promises to be even harder. The bad guys are becoming more numerous, more sophisticated, and more prolific. And as the cost of breaches increases, the stakes are going up. Over the last decade, we’ve seen huge threats and challenges – and chances are that the next decade will make those obstacles look like a day at the beach.

At Dark Reading, our pledge is to be with you as you face those threats and challenges. Our goal is not just to bring you the news on the latest attacks, but to help you develop the defenses you need to mitigate them. Just as attackers need IRC and other online methods of communication and collaboration, so defenders need places to gather and share their experiences and their solutions. Dark Reading – in partnership with its sister sites and events such as Black Hat, InformationWeek, Interop, and Network Computing -- pledges to be such an online destination.

The last 10 years has been IT security’s greatest decade – and greatest challenge. At Dark Reading, we’re privileged to have helped you see that decade unfold – and we hope to be a light that will help you navigate the next decade as well.

 

Related Content:

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
macker490
50%
50%
macker490,
User Rank: Ninja
6/11/2016 | 9:05:41 AM
two things
1. transactions need to be authenticated

2. operating software nneds to be secure

 

just "proper formatting" of a transaction -- does not pass as authetication.    nor does the use of a symetric key such as a credit card number.    the authentication has be be good 1 time only for the instant transaction --- and has to be such that only the proper user can produce it.     this is the story behind Public Key Encryption.    we need to integrate it into what we do -- think 'packaged technology':   for example: think Forms 1040 and tax prep. software.

 

a secure operating system is one which will not allow itself to be compromised by un-authorized programming, nor will it allow un-authorized access of data from one application to another.   we need to insust on this.   we may not achieve perfection overnight but we cannot go on with business the way it has been thus far.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...