2014: Greater awareness of security breaches
2014 will be seen as the “Year of the Breach,” or at the least, the “Year of Raised Awareness of Breaches,” according to observers of IT security trends over the course of the year.
Keith Graham, CTO of SecureAuth, writes in Government Technology that the year has seen an unprecedented exposure to issues surrounding the lack of IT security in both the private and public sectors.
“You didn’t have to look too hard in the media throughout the year to see that we’re still learning that no matter good an organizations security strategy is, or how strong its preventative measures are, attackers will always find a way into a victim’s networks,” he writes.
The problems with this, according to Graham, are two-fold:
First, the legal repercussions for hackers are small, and usually non-existent, but the cost in damage to the victims of hacking can be huge.
According to HomeLand Security News Wire, a survey by the Ponemon Institute revealed that in 2014, the average cost of a cyber attack was $20.8 million for a company in the financial services sector, and $8.6 million for a retail store – costs which ultimately affect the public at large.
Secondly, recent Apple iCloud attacks and the much publicized leak of celebrity personal photographs in 2014, have revealed that the traditional password model of security in user devices is still lacking. Even two-factor authentication saw an array of breaches, indicating that cyber criminals were advancing with the technology itself.
“We even saw a well-orchestrated attack where attackers were able to bypass two-factor authentication – arguably the most significant and well-publicized attack against two-factor since 2011,” Graham adds. With this, he points out, the attacks continued throughout 2014, impacting a large number of victims to the point where the breaches were hardly shocking or newsworthy anymore.
The solution, Graham says, is to throw out traditional models of security and be creative.