It turned out that 2014 saw at least 20 highly publicized security breaches (that's more than one every three weeks on average). Just as we learned the details of one breach, another one would hit the news. I don't know about you, but it kept my head spinning.
Let's look back at some of the highlights, to put things in perspective.
That comes to over 453 million -- the grand total of all the card numbers and personal information records stolen during the year 2014 (that we know about to date -- millions more may be disclosed in the coming months). There are 316 million people in the United States. Looking at these statistics, I'd say the chances are pretty good that nearly all of us have been affected by the breaches of 2014. You can safely bet that your own card numbers, passwords, email addresses, contact information and other personal information were compromised in at least one of these breaches.
It's a new day for information security practitioners -- a dark, cold, serious day. The world we live in has changed. Our job used to be to defend against reasonably foreseeable, potential, theoretical threats. It still is -- but we no longer need to rely exclusively on risk models and threat prediction to determine where and how to place our defenses. We know where and what the threats are now. They're out there, in plain sight, organized and deadly efficient, boldly smashing and grabbing. We have seen the enemy, and this is war.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at jf.rice@engineer.com.
Join in
Click here for more security articles.