NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Looking back on information security in 2014

December 16, 2014

  • Blog
  • Archive

dave-shackleford-headshotDave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar.

2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced to reckon with staggering numbers of legacy platforms and code, primarily open source libraries that are embedded in just about every system and product we have. Heartbleed was the start of all this, but we saw one of the first really trivial remote code execution flaws in recent memory with Shellshock…all due to open source issues. Add in POODLE and other SSL/TLS flaws, and you’ve got a real mess on your hands. 2014 also saw an enormous number of breaches - from Home Depot in retail to eBay online, and finally the unbelievable Sony attacks happening right here in December, things could hardly get worse…or could they? The attackers are getting smarter, and malware is definitely getting more sophisticated.

Speaking of malware, 2014 really introduced us to the next generation of “ransomware,” namely in the form of CryptoLocker and CryptoWall. Many enterprise computing users fell prey to this type of malware, with files and operating system directories getting encrypted and/or deleted against their will unless a ransom was paid to the attackers. One company, Code Spaces, even went out of business from failing to pay an attacker that had compromised their infrastructure in Amazon Web Services. Obviously, the attackers are getting serious about getting paid, and organizations everywhere are having to come to grips with the reality that users and systems are at risk from willful and destructive actions should the attackers’ demands not be met.

One of the biggest stories in 2014 was “the Fappening”, or the leak of nude celebrity photos from iCloud accounts. While the leak of sensitive and private data was interesting in its own right, the bigger issue was really that of security controls (or the lack thereof) in cloud storage and other services. Why did Apple have such weak password and monitoring controls in place? Will it take major breaches to get anything built the right way or fixed in a timely manner? Microsoft caused a lot of consternation in 2014 by terminating support for Windows XP. Everyone knew it was coming, but it still hurt! Many legacy systems still require Windows XP, and it’s embedded in kiosk and POS technology, too. Along with the loss of Windows XP, we also lost TrueCrypt, one of the most popular and well-known Windows encryption tools.

Is antivirus dead? According to an interview in the Wall Street Journal with a Symantec executive, it is indeed. While we’ve been joking about this for years, hearing it from an AV exec certainly gave us reason to think about host-based security tools overall this year. 2014 wasn’t a complete bust - we foiled some botnets, indicted some nation state actors over criminal hacking activities, and finally figured out that yes, our connected refrigerators are in fact trying to kill us. OK, just kidding about the last one - but the Internet of Things (also called IoT) became a hot topic this year, and that won’t likely change.

Watch the On-Demand webinar below:

Hacks, Breaches, and Vulns, Oh My! Reviewing this Year’s Top Security Events and Planning for 2015 from BeyondTrust on Vimeo.

Photograph of Dave Shackleford

Dave Shackleford, Cybersecurity Expert and Founder of Voodoo Security

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.