So it looks like we survived 2013! No comets came crashing into Earth, the zombies stayed and the sun didn’t explode.
It’s always at this point in the year we see those blogs – “Retrospective on 2013” Well to save you the bother of reading them, here’s a little tip. Everything in 2012 happened again but to various different degrees.
- Instead of Sony being attacked it was Target
- Instead of Wikileaks it was Snowden
- Instead of 123456 being the most common password to be leaked it was … 123456
And herein lies the problem with information security.
We spend all year inventing new technologies .. Web Application Firewalls, APT threat detection, Cloud Based anti-DDoS solutions – the list of tin and “solution” is vast. As an end user you now have a bewildering array at your disposal. But does it work ?
Well .. to put it bluntly .. no.
- It’ll never work when the user thinks to be safe I’ll use 123456 for a password.
- It’ll never work when users post photos of their debit cards on social media.
- It’ll never work when companies store credentials plain text.
- It’ll never work when vendors can be swayed by $10million from the NSA.
You can surround yourself with as much defence and attack capabilities as you like but if you are compromised before you start then save your money.
So that was 2013 …
A lot happened and the infosec community cannot say we won this year. If anything .. we took a bad battering. Take stock of what you learned and face 2014 with new energies to this year get it right.
Start with yourself,
then your family,
then your friends,
then the company you work for.
Do something. Anything … but do SOMETHING.