In your opinion, what was one of the most impactful happenings or developments in information security?
Avivah Litan
The development of pattern detection and predictive modeling technologies. We can't stop many of the attacks but we are getting smarter in identifying and blocking them through these technologies.
Gunter Ollmann, VP of Research, Damballa
The growing pervasiveness of regulatory compliance on the way in which organizations now have to evaluate the security of digital information within their business has had the most significant impact on businesses to date. While the requirements for public disclosure of corporate breaches have been a very visible consequence of the increasingly well-defined regulations and policies, the internal effect of these regulations has been the rallying both security technologies and the teams responsible for managing them, and a new level of threat awareness throughout an organization. As a consequence, almost every level of an organization better understands their responsibilities and obligations in protecting digital systems, and the implication of failure. That said, as witnessed in many of the largest data breaches disclosed thus far, there is still a substantial gap between meeting the bare minimum regulatory requirements and actually protecting systems in a meaningful way against professional cybercriminals.
Ravi Sandhu, executive director of the Institute for Cyber Security at the University of Texas at San Antonio
Two things actually: the emergence of a highly innovative and deeply organized criminal underground economy in cyberspace, and the botnet as a facilitator of lucrative attacks. Regrettably, this scores as Attackers: 2, Defenders: 0.
Michael Murdoch, president and CEO, AppRiver
Continual advancements in cloud technologies highlight the rapid pace of innovation and increasing demand for cloud services. Cloud ideologies and practices are a few of the more impactful developments in information security.
Amit Yoran
The thought leaders in security have come to realize that even strong defenses are penetrable. They understand that in spite of the millions of dollars spent and their best efforts, that enterprises are already compromised and will continue to be compromised for the foreseeable future and that all of the vendor and marketing claims and promises are not about to change that very cold and stark reality. If anything, the increasing complexity of technology has increased the ease with which easy-to-use advanced threats can impact enterprise business environments with little care for their state of compliance with meaningless regulatory mandates. While expecting perfect protection is a failed strategy, many on the leading edge are learning to operate in environments they suspect of being partially compromised and increasingly focus their efforts on the ability to understand incident scope, impact and validate cleanup.
Robert Holleyman
BSA was on the front line in the 1990s in the battle against attempts by the U.S. government to restrict the use of encryption (by controlling exports and mandating use of government-provided encryption). Our industry's victory in these “encryption wars” demonstrated that technology development is a global phenomenon that governments cannot prevent, control or regulate, but instead can influence by partnering with the private sector. Allowing stronger encryption has advanced greater computer security, promoted consumer confidence and expanded online commerce.
Paul Wood
Over the past 20 years, the adoption of email via the internet as a mainstream communications medium has had the greatest impact. Before then, malware would spread slowly in a matter of weeks and months via infected floppy disks and then later via infected CD-ROMs.
Roy Tuvey
The wide-scale adoption of the web is, without a doubt, the single most impactful development in information security, as well as the technology industry as a whole. The ability to reach anywhere on the internet from anywhere in the world turned information security from a layered architecture, involving both physical and digital security, to one that was entirely digital. Hackers didn't have to gain physical access to premises in order to steal or corrupt data. The adoption of using the web was a driving force that created not only huge business benefits in terms of how and where people work, but also created a mass of targets – individuals and businesses – that could be exploited for financial gain.
Click here for PDF version
