Welcome to 2017.
This is the time of year when technologists examine the past and pontificate about the future. Although many websites share their top predictions for the coming year, I don’t pretend to know what the future holds, so I won’t attempt to predict 2017. Frankly, I’m still digesting 2016. Given its complexity, I think it’s worthwhile to reflect on the last year and understand how our understanding of cybersecurity has changed.
Rise of Cybersecurity
Not long ago, cybersecurity was the domain of IT staff, some academics and a few government agencies. Deploying firewalls and updating anti-virus systems constituted state-of-the art practices for securing our networks. Notably, cybersecurity was an operational responsibility. It was something individuals and enterprises did to secure their data. Cybersecurity was an internal-facing function to protect ourselves.
Over the last few years, however, we’ve seen an increased public awareness in cybersecurity issues. High-profile retail breaches, car hacking and personal privacy concerns became above-the-fold issues. Although still the domain of technical experts, cybersecurity became dinner table conversation.
In 2016, the situation really changed as we watched cybersecurity become a societal issue. Concerns about foreign involvement in U.S. elections, criminals’ use of “unbreakable” encryption, protection of national secrets and government surveillance abuse of citizens weren’t just above-the-fold stories, they were daily stories. It’s hard to remember a day last year when major news outlets didn’t cover a story with a major cyber component.
What If vs. What Now
What’s interesting about the last year is that cybersecurity has transformed from a primarily internal function and the domain of technologists to one that has a profoundly external impact and is debated by global policymakers and business executives. Previously, individuals who built the tools and operated the networks were the focal point of security discussions. Debates about products deemed to be weaker such as a car, pacemaker or web browser led to public outcry on what could happen if these things were actively compromised. However, in 2016, the public at large was exposed to non-retail attacks—attacks that affected our daily lives and the views of those around us.
This stitching of cybersecurity into the fabric of our daily lives is a big change. In 2016, we left the land of “what if?” and entered the land of “what now?” How do we secure our society and ourselves from an increasingly connected and skilled adversary that’s interested in far more than our credit card and social security numbers? And how will the cybersecurity industry evolve now that we face even greater expectations to help secure society?
I wish I had answers to these questions. I don’t, but I do think 2017 will be incredibly interesting and full of opportunities. It’s not the next big hack in 2017 that I’m interested in. It’s the impact of the attack and how we react to it. Building more secure systems and better defending the systems we have is a responsibility we all share, now more so than ever.
Join me in a New Year’s resolution to do our part in making the world a more secure place—and feel free to shoot me a note with your personal thoughts on this.