This week the US will celebrate Thanksgiving, which historically means drastic increases in cranberry consumption, football (US-style) viewing, Friday morning shopping related trampling of little old ladies in the rush to grab $99 tablet computers - and some actual giving of thanks.
2013 has not been one of your better security years. The year started out with the focus on advanced persistent threats from China but in June all that was wiped out by Edward Snowden's leaking of classified documents detailed advanced persistent threats launched by the United States. Throw in sequestration and the government shutdown and 2013 looks like a good year to try to forget. But, from all the Kardashian-like publicity that surrounded those sets of events a few things to be thankful for did emerge:
- Companies like Google, Twitter, Yahoo and others decided that the risk of government snooping somehow outweighed all the previous risks of attack and compromise by actual criminal - leading them to increase there use of transport security, both on their own networks and in customer communications.
- Since so many of the Chinese and US government sourced attacks took advantage of glaring lacks of security hygiene, we saw dramatically increased focus on and interest in the Critical Security Controls effort. A SANS survey found that over 30% of CEOs were aware of the Critical Security Controls.
- DHS awarded the $1.2B Continuous Diagnostics and Mitigation contract, making funding available for federal, state and local government agencies to increase their level of security despite sequestration and other budget pressures.
- Microsoft's Security Intelligence Report actually found drops in vulnerabilities and compromised PCs this year - the type of news that tends to get downplayed:
There were also a lot of people hard at work, keeping their companies safe and increasing the overall quality of security practice - despite all the negative headlines and breathless publicity about every attack that got through.
SANS also plans to give thanks to a dozen or so people and groups in cybersecurity who made a difference in 2013 at the SANS Cyber Defense Initiative event in Washington DC on 16 December.