Hi everyone! Happy New Year's Eve!
Time for the 2012 recap (and some predictions for 2013). It's been a long year for pentesting and computer security, from South Carolina and Kansas facing damning audits of their security as a result of heinous breaches, to the beginning of cyber war with China and Iran. We're still unsure where it's all going, but we have the ability to maybe project a little into the future of our country's information security.
As for the burgeoning reality of cyber war, reality and movies that depict "hacking" are starting to dovetail towards one another. This year, "The Dark Knight Rises" featured a subplot in which Bane uses a virus to create chaos within the Gotham financial system. Just a few months after, this article revealed that Iran was attempting to do the same to the US financial system. In a world where our most vital resources are kept electronically, physical war becomes a more expensive option to do less damage. We are in open war right now; it's just it isn't the death of individuals that will end up deciding the victor. In the end, it will be who has the strongest computer security, who has the ability to protect their economy. Our virus (remember Stuxnet? It's still a thing...) targeted power plants. When computers run your world, the greatest weapons are the quietest, most insidious ones.
As for your business' security, you have a much better chance of surviving an attack than the US government because you have the ability to donate more resources to strengthening your defenses. As we found recently, a private sector business spends up to ten times more on computer security and pentesting than the average government agency. I would suggest that we all make a 2013 Information Security Resolutions Checklist. Start with a penetration test! Test your security. Hire a consultant, or barring that cost, get a consultation on how to better utilize your system. Very often, we find that businesses and individuals have the ability to increase their protection from attack tenfold simply by changing their habits (I'm looking at you, Guy Who Keeps His Passwords On His Desktop). Businesses have the means to protect themselves from attack and needless costs, and in this economy, anything that saves you money and time is worth the effort.
For a little more meat to chew on, enjoy this article on further 2013 predictions in the world of cyber security.