Blog

Security Lessons from 2014

The challenges of true security in an age when everyone simply wants connectivity seem to grow each quarter. Last year the same problems that seem to haunt security systems came back again and we’re predicting that the same kinds of challenges will come back around next year, with breaches continuing and terrible passwords and more serious malware. So what have we learned during 2014 that really changes anything significantly? And how can we use our knowledge in order to avoid making the same mistakes in 2015?

Passwords Matter

Even though a password can be broken, the ease with which it can be broken is still an important factor. Password reuse, smart phishing schemes, and simple guesswork allowed hackers to gain access where a stronger, more robust password would have kept them out. Let’s celebrate the password manager and the realization that a strong and frequently renewed password is still a valuable thing.

Breaches Impact Banking and Finance

And they’re going to continue to happen from time to time. Each time a major breach happens, consumers expect to not be found at fault, and thy aren’t, so banks and companies take up the slack. Those banking and finance hits are being taken seriously and we should see security prioritized as a result.

Surveillance

We know now that nothing is truly private, whether you’re on the phone and overheard by the people at the next table or the government or cyber criminals are tracking your activities online. SSL and HTTPS are more and more common as a result and the services that hide activity are booming, as demonstrated by the number of VPN services available these days. All this means that encryption will be finally given a more central role. We used to assume that we were simply unlucky if someone unknown to us was reading our email and watching us login to our online banking system. Now we know it’s probably happening all the time, so we’d better put in place all the protections we can.

All too often, security is the afterthought. A breach happens, a password is guessed, or a bunch of money disappears from and account and those responsible realize they need to do better. Well, we know we need to do better – on all fronts. Perhaps security will be baked in on the front end going forward, so that we can protect more successfully and before major breaches occur.