3. We’re getting other benefits on the coattails of new security technology
It’s always a good sign when adopting something for security reasons winds up having other benefits. New protocols like Transport Layer Security (TLS) 1.3 and HTTP2 will make the web safer, but there are clear performance improvements as well. It’s very likely the uptick in adoption of TLS 1.3 and HTTP2 by web developers will be spurred by the increased speeds the protocols enable, said Ryan Kearny, CTO of networking company F5 Networks. “In 2017, the increase in web speed will spur rapid adoption of TLS 1.3 —- and that will, in turn, make the web more secure,” Kearny said.
4. We’re getting more realistic about security
Security was one of those things people never really understood. TV shows and movies didn’t help, with slick graphics and fancy dramatizations of what hacking supposedly looks like. Then, along came the TV show “Mr. Robot,” and the show’s star, Rami Malek, winning an Emmy for his portrayal of Elliott Alderson. “Out of all the attempts that Hollywood has made to tell a compelling story using cyber as the backdrop, Mr. Robot is the most complete,” said Rick Howard, CSO of networking security company Palo Alto Networks.
If nothing else, nonsecurity professionals now have a better understanding of just how bad things can get. It’s no longer just that one weak password, one link in an email, or that one old software application that hasn’t been updated. There is no need to oversensationalize the security issues in “Mr. Robot” — the reality is bad enough.
That better understanding should help users understand why they need to pay more attention to at least security basics. And why they keep getting breach notices from the likes of Yahoo and Dailymotion.
But it doesn’t help that there’s still a culture of silence about breaches among security pros and the companies they work for. No one likes to talk about their failures or to be a headline. But because no one is sharing what mistakes were made, the same breaches keep happening over and over.
That’s why the formation of new Information Sharing and Analysis Centers (ISAC) is a positive — though small — development, a sign of realism creeping into the security professionals’ culture, too. Although existing ISAC and commercial information-sharing platforms are expanding to include more enterprises, they need to become even more widespread.
Developers have plenty of places where they can post code snippets and get programming help. IT and security professionals should have forums where they can share their security stories, ask questions without judgment, and learn about what worked for their peers, said Jeannie Warner, a security strategist at WhiteHat Security. “The bad guys have Tor, Reddit, and other social networks to share information and tools. The good guys need to adopt theirs just as freely,” Warner said.
Sign up for Computerworld eNewsletters.