It has simply been one hell of a year. We've seen shocking vulnerabilities in technologies that are
supposed to be the bedrock of our digital lives: the "Heartbleed" SSL vulnerability and the "Shellshock" bash bugs shook our confidence in any software's ability to keep its promises about security. We've seen a continuing and unabated string of high profile credit card breaches. There's a long list of companies falling like dominoes to online bad guys and yet this list includes companies you'd rightly expect to have the right combination of security people, process and technology to keep their names out of the papers. What the hell is going on?
"Our adversaries are out for the whole ball of wax: stealing the ball, setting fire to the wax factory and giving away forty billion free candles."
I've been in this business long enough to approach headline after headline with a degree of cynicism. There's more than enough hysteria to go around about the shifting threat landscape, and with each ever-more-breathless headline I've been shrugging it off with a few tried-and-true themes: "if they want you bad enough they are going to get you." "Retailers haven't been substantially harmed by decades of credit card breaches; they buy identity protection for those affected and they move on." "This is a very hard problem and there's no solving it with technology alone." "You don't have to run faster than the bear, just faster than your buddy." And so on.