A Look Back At Information Security in 2014

With the major financial card breaches at global retailers, as well as a number of SSL/TLS vulnerabilities, it’s possible you may have missed a few other under-reported security issues that provided valuable lessons to the general technology community in 2014.

The following topics shed light on how information security is still evolving, from both research and risk mitigation perspectives.

Data for Ransom: Bitcoin Accepted

Bitcoin is known to be used for black market transactions on the online platform Silk Road that keeps getting raided by the federal government, but it’s also being demanded as payment in the latest data breach ransom scams.

That is, people have convinced “hacked” organizations that they’ve stolen passwords, intellectual property or financial card numbers - but more often than not, these data dumps turn up either fake, previously released or they’re never provided to the organization after payment.

As a pinnacle year for data breach coverage, the media has made it easy for scammers to read about breaches in the news and claim ownership, as well as execute phishing campaigns and other scams. While data has always been sold online, the increasing visibility of data breaches and the adoption of Bitcoin have indoctrinated a brand new era of crime.

Saving Security Research

The information security research field isn’t free from its own fair amount of political discourse - the legal threats, defamation, prosecution and stress add up, and keep great researchers from completing more than a few projects a year.


A few federal acts have deemed some researcher activity to be construed as felony, including the U.S. Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA). The confusing scope of these acts may limit or censor research, particularly when it comes to publishing or discussing their work for the fear of legal retribution.

In 2014, security researchers Jeremiah Grossman, Jay Radcliffe, and HD Moore spoke up and reached out to those in power in attempts to change the security researcher’s plight - all in an effort to advance the safety and security of industries while educating technology innovators on better security design.

Another effort was carried out by law professor and former FTC policy advisor, Dr. Andrea Matwyshyn who organized a White House Petition to reform CFAA/DMCA, laying out complex steps that are necessary for real change in information security.

While we live in a promising time of change in which companies are realizing the positive impact of information security research, it’s also crucial we value and encourage efforts of researchers that are trying to keep us safer and more secure.

Executive Order for More Secure Retail Transactions

President Obama signed an executive order dubbed BuySecure in efforts to expedite the adoption of EMV-payment cards, a standard already in use worldwide, starting in Europe in 1992.

Data breaches in the U.S are most commonly attributed to stolen data from magnetic-stripe cards. EMV-enabled payment cards process transactions with greater security and integrity, reducing fraud and allowing for more control of offline transaction approvals.

Chip-and-PIN is one secure model, and while not mandated by law, the chip-and-signature design does significantly improve the security of a consumer’s payment card data. Overhauling and upgrading old payment terminals to this new system nationwide will be no small task, but a necessary one to ensure more secure transactions in the future.

Although about 22 years belated, the federal push behind adopting EMV technology is a welcomed initiative by the security industry, and a much-needed improvement that will see its return in the economy as consumers resume confidence in their purchasing power, driving both jobs and business growth.

About the Author

Read more: Identifying the visibility gaps in your security

Thu Pham covers current events in the tech industry with a focus on information security. Prior to joining Duo Security, Pham covered security and compliance for the infrastructure as a service (IaaS) industry at Online Tech. Based in Ann Arbor, Michigan, she earned her BS in Journalism from Central Michigan University.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags VulnerabilitiesOnline Techeremiah GrossmanDuo SecurityDr. Andrea Matwyshyncomputer fraudCSO AustraliaSSL/TLSChip-and-PINBitcoinEnex TestLabJay RadcliffeInformation Security 2014card breachesCFAA

More about CSOEnex TestLabFTC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thu Pham

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place