As we prepare to hang up our stockings and breach the eggnog, we are still looking nervously over our shoulders, wondering why some major security disasters haven't yet happened.
Admittedly, Anonymous and LulzSec went out with a whimper rather than any threatened bangs, as law enforcement turned out to be less digitally flatfooted than expected. The courtroom parade of hacktivists continued this week, with Barrett Brown pleading not guilty to charges relating to last December's Stratfor email breach.
But if hacking has taken a backseat, cybercrime for profit continued to flourish, beginning in January with a major theft of data from online retailer Zappos. Cyberwar has been noisily brewing too, with the Flame exploit (successor to Stuxnet), and reported retaliations from Iran.
Mobile apps were under assault too, even -- unthinkable! -- the apps in the Apple Store. Not to mention all the usual worries about the redundancy of passwords, security tokens, and SSL certificates.
So what didn't go wrong?
Quite a lot -- so far, anyway. Here are my top three security disasters which, fingers crossed, are deferred until next year:
Cloud outage
A hurricane came and went on the east coast, but the digital cloud survived. Not a security issue? Wrong. For any enterprise with essential data in the cloud -- especially data retained for legal or regulatory purposes -- back-up and disaster recovery certainly relate to information security.
This time around, at least, the disaster didn't happen.
Cloud breach
Okay, you want to talk about cloud security proper? Despite NIST's warning -- which I still think makes all kinds of sense -- that the complexity of cloud services implies a "large attack surface," we haven't yet heard a true horror story involving a cloud breach.
This doesn't mean, of course, that no such breaches have taken place. There have been whispers and allegations about clouds being vulnerable to attacks on "weakest link" clients, but what we haven't yet had is a jaw-dropping headline about a giant cyberheist involving Amazon Web Services, Windows Azure, or another major vendor.
The national infrastructure
Save your biggest sigh of relief, though, for the tenuous preservation of the national digital infrastructure. Despite consistent warnings from the DoD and the FBI -- despite, indeed, a "dire warning" from Defense Secretary Leon Panetta of a coming "Cyber Pearl Harbor" -- the grid still stands.
No thanks to Congress, of course. Blocking cybersecurity legislation seems to have occupied much of the Senate's time this year. Led by John McCain (R. Arizona), a group of die-hards have resisted the imposition of security standards on the private sector elements of national infrastructure, on the grounds that the costs involved harm the economy.
Not that McCain and his crew don't regard national cybersecurity as a priority. But there they stand, and here we are... and wait... did the lights just flicker?
That's always a problem with risk management. DHagar. Risk is essentially forward-looking: what are the chances of something happening...? But in all walks of life, we find ourselves saying, wow, that was a really big risk we overlooked there.
Great insights, Kim. Your predictions suggest that the professionals may not have even been discovered, let alone deterred!
Risk is always what we don't know. I believe that we have not begun to understand the true risks that exist yet; hopefully the discoveries will pre-empt major events.
I was talking about the pranksters -- Anonymous, LulzSec, etc. It became clear last year that "members" of the groups would inform on other "members" rather than serve jail sentences. The result: plenty of arrests. Going to jail for pranks isn't attractive.
Professional cybercrime is a whole different deal.
I certainly think the main threats now come from agents working for states. The pranksters have suffered heavily from law enforcement clamp downs. Cyber thieves can still pick low-hanging fruit without launching complex attacks.
@aum007 - I wouldn't be suprised if banks and government agencies will see an all out onslaught in the first half of 2013. Also, don't be suprised to see some of your favoriate cloud companies get their share of attacks and breaches in the first half of the year as well.
I don't think its gonna be one of the Big E-commerce vendors(who are known to provide excellent Security throughout like amazon);which will be hit in 2013.
After all,their entire Bread and Butter depends on the Online world.
The Stronger possibility is we see Breaches amongst firms who have an Online Business but its not key to the way they do Business.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
The Murdoch/News International scandal has all the elements of the digital age, from phone-hacking through embarrassing emails to agile digital reporting.
President Obama may soon earn the badge as "Mayor" of the White House, thanks to his joining the mobile check-in service, FourSquare. Let's all sigh in unison, shall we?
Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
RIM is giving in to demands by India to snoop on encrypted BlackBerry data. It's time to develop cheap or free encryption software for BlackBerrys and other cellular phones.
The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Ushering in a new era of cognitive computing systems, IBM announced today the IBM Watson Engagement Advisor, a technology breakthrough that allows brands to crunch big data in record time to transform the way they engage clients in key functions such as customer service, marketing, and sales.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
