Making waves and headlines
Making waves and headlines
NSA contractor Edward Snowden's 2013 revelations about the extent of government surveillance capabilities and activities cast a long shadow stretching throughout 2014. Initial disclosures were followed by further leaks that stoked controversy among public and allied governments alike.  When coupled with major data breaches, 2014 has become the year in which cyber-security arrived on newspaper front pages, boardroom agendas and into private citizens' concerns.

We now know GCHQ and NSA bots monitor millions, spy on allies and allied leaders while getting help from 33 governments and a host of private companies providing encryption backdoors.

The UK public appears to accept that spying is something governments do – while being outraged that global corporates surrepticiously gather excessive personal data, while US anger is more focussed on the government, while in mainland Europe the backlash is against both ‘betrayal'  by the ‘five eyes' as well as corporate invasions of privacy.

This has led to more nationalistic approaches to cloud development with Russia and Germany leading the push for local server storage of cloud data, and the Obama government responding by restricting the surveillance activities of its agencies and increasing oversight.

Privacy has become a public topic of debate, with European legislators seeking to protect the rights of their citizens. Regulators are accused of over-reacting by trying to impose their will beyond the geographic boundaries of their remit. The EU's ‘right to be forgotten' is ignored by Google in the US and opposed by the ICO in the UK. It's almost certain that the rest of the proposed EU General Data Protection Regulation will go ahead including proposed data breach fines of up to five percent of global turnover, and demands that data breaches are reported within 72 hours.

But for individuals, the main consciousness-raising events were the ever-bigger security breaches, including leaking of credit card details and personal credentials from the likes of Home Depot and eBay followed by the Celebgate hack and exposure of nude celebrity iCloud back-up images, making even the security-lax digital generation reconsider their approach to sharing of everything online.

In May eBay was asking all its customers to change their passwords following a successful attack by hackers – sending messages to some 145 million active buyers. When Home Depot's card system was breached, financial details were also involved with some reports suggesting as many as 56 million cardholder credentials stolen.

It followed possibly the biggest ever data leak -  a compromise of 4.5 billion records including 1.2 billion unique credentials and 500,000 email addresses, taken from more than 420,000 FTP/websites by a Russian gang dubbed CyberVor, according the revelations by Hold Security.

Target CEO Gregg Steinhafel's departure in the wake of the previous year's massive data breach, put the issue firmly on the corporate agenda. Subsequently three-quarters of CISOs rated senior management awareness as ‘high' or ‘very high' today, up a third from just a year previously according to the ‘Fortinet Security Census 2014'. The report also says that rising data privacy concerns (90 percent) and securing big data initiatives (89 percent) are adding to cyber security demands and causing strategic rethinks, with 50 percent looking to outsource some or all of their security. Interest in cyber insurance has also soared.

Heartbleed OpenSSL code was described as: “Basically everywhere; it's ubiquitous across the net,” according to Ernest Wohnig III, SVP, critical infrastructure security division at consulting firm System 1.