If 2013 was the year information security got personal, some believe 2014 will be the year it gets political. Witness moves by California lawmakers to ban state agencies from providing any support to the NSA – whose privacy intrusions made it the bane of privacy advocates' existence last year – or the boycott by eight different security experts who pulled out of the RSA's coming US conference after revelations the company had built a backdoor into its Bsafe product at the NSA's request.
Some felt singling out RSA for its NSA indiscretions was distracting from the bigger picture, with others asking whether the boycott was going to be effective and advocacy groups planning a broader day of protest against the NSA's surveillance.
Many UK and Canadian businesses have moved their operations out of the US based on the NSA scandal. Some were arguing that governments should set up global bounty systems to buy security vulnerabilities from hackers, while others were just hoping the European Union would have someone to pick up the phone as its search for a data-protection czar came up empty handed.
Compromises of personal data continued, with travel insurance provider Staysure relieved of 100,000 customers' data and US retailer Target hit with a data breach that is estimated to have affected 70 million people. US retailer Neiman Marcus was also in mea culpa mode after advising of a data breach that compromised an as-yet unknown number of credit cards.
Snapchat, which was recently hit with a data-farming attack, added an opt-out feature to its app in a conciliatory gesture for users. A survey of 60 mobile banking apps from around the world found significant weaknesses in many of them. Little wonder that IT security has become far more important to businesses over the past two years than executives expected it would. Many are dropping the security ball far more often than their minions, one expert argues.
Vulnerabilities to security problems will increase as cyber-criminals develop insidious file-encrypting ransomware, researchers are warning; as if to confirm their point, a small New Hampshire town government had eight years' worth of files scrambled by the Cryptolocker Trojan.
Also in US local-government news, a sheriff has been put on probation for two years and fined $US1000 ($A1107) after installing a keylogger on her computer during their divorce. Along similar lines, a Trojan has been hijacking World of Warcraft accounts – even when protected with two-factor authentication that isn't necessarily as strong as it's supposed to be. Indeed, gamers were attacked 11.7m times during 2013, according to research from Kaspersky Labs. Little wonder password-management tools are getting a closer look by many concerned users.
Recognising the growing need for easier security, Yahoo followed the lead of Gmail by encrypting connections to its email service, although not everyone was convinced its implementation was spot-on. With the 2014 Consumer Electronics Show (CES) in full swing, some were opining that it is time to reconsider the security implications of having everything online – with the Internet of Things (IoT) posing its own risks.
Revelations emerged that default setting on some Asus routers left files on connected hard drives open to the Internet at large, while Microsoft will fix a vulnerability that can allow Windows XP machines to be totally compromised by attackers.
Splashing out for some new-year bling was Palo Alto Networks, which acquired startup company Morta Security, a company whose founders trace their roots back to the NSA. Intel rebranded its McAfee subsidiary with the name Intel Security, ending one of the industry's longest-running brand names.