Now back to business. In January we consider the challenges and opportunities that lay ahead; the accelerating speed of change, old threats in new clothes, genuinely new concerns and business opportunities to be grasped.
If the basics are properly covered, we might slash the incidence of incursions, and in this issue Paco Hope reminds readers of the five most common security development errors. People remain the biggest vulnerability as they're unpredictable, not doing as they're told, doing it wrong, or failing to do it at all – from establishing vulnerable passwords to leaving the firewall switched off.
Money has superseded bragging rights to motivate hackers, as Rob Buckley reports, but while criminal gains rise, CISOs strive to secure the funds needed to meet new challenges of the cloud, mobile, APT, BYOD and more. Thomas Brewster argues that enabling roll-out of secure new services is a more effective tactic than seeking minimum compliance.
Compliance doesn't equal security, but it is the first priority for many, especially those accepting online credit card payments, who must meet the latest card scheme regulations. SC talks to merchants, issuing banks, merchant acquirers and the vendor community, as well as the PCI SSC itself, to look at the impact and implementation of PCI DSS version three.
While mobile data presents new challenges, it also enhances location and context-based analysis of usage, helping identify anomalous patterns, as Vijay Dheap explains. And post-Snowden, it's not just the Chinese, but also the US government that we're wary of, with Alan Kessler potentially identifying where cryptography has been compromised.
But for every threat faced, there's a countermeasure – and counter threat. Whether that reassures or terrifies it's what our industry's built on.