informa
/
Commentary

2014: IT's Good, Bad, & Ugly

Take a look back at some of the most memorable IT incidents -- for good and bad -- over the past year.
8 Quiet Firsts In Tech In 2014
8 Quiet Firsts In Tech In 2014
(Click image for larger view and slideshow.)

The things we'll most likely remember from 2014 are all the things in IT that went wrong, and those won't go un-re-noticed here. A couple of those things were just flat-out attributable to human error, and I'll also make a point of calling those out where I think they occurred.

But the year was not all catastrophic. There were a few really cool things that happened in IT, and in technology generally. Those are just as important to remember as the lessons learned from the fiascos.

18 months of credit card breaches
No doubt the biggest story of the year, or at least the longest-running story, was the spate of credit card breaches suffered by some of the country's most notable retailers. We've all read about these, to some extent or another, but since part of the point of this article is to call out the good, bad, and ugly, let's start there.

[Check out The Coolest Hacks Of 2014.]

First, kudos to P.F. Chang's for its rapid response in simply pulling the plug on its electronic credit card processing systems. No kudos for Neiman Marcus, which only reported its breach in June, although it occurred prior to the Target breach in late 2013. So, in fact, it was Neiman Marcus in July 2013 that is due the credit of starting the recent wave of breaches. The ugly goes to Home Depot. I'm still trying to wrap my head around how that stuff got past compliance auditing.

Microsoft names new CEO
I said I'd include some good news. While a good portion of the world was somewhat skeptical back in February, I have to say that for the most part I think Satya Nadella's ascendency to the software throne of the world has been a positive thing for Microsoft. Certainly, the culture of listening to customers has become more open, and it's hard not to be encouraged by the looks of Windows 10.

Unfortunately, the lack of quality in the trenches, particularly with respect to the bad batch of patches released over the past six months, is damaging the memory of what could otherwise have been a great year for Microsoft.

XXII Olympic Winter Games, Sochi, Russia
Despite all the cynical attitudes about the Winter Olympic Games being in Russia, all in all I thought the Sochi event was as good as any other Olympic Games in recent years, and certainly better than a few.

Heartbleed
So, in the midst of all the credit card chaos, we learned something really important about open source software: Apparently open source developers read their peers' source code about as often (and as diligently) as IT professionals read product documentation before implementing software in production.

The good news from Heartbleed, though, is that the damage could have been exponentially worse than it actually was. Kudos to a responsive IT community that plugged the critical holes pretty quickly, and as far as I know, there's still only one actual breach attributed to Heartbleed.

FIFA World Cup, Brazil
Like the Winter Olympic Games, the naysayers had a lot of negativity floating around the airwaves about Brazil hosting the FIFA World Cup. But aside from a couple of minor disruptions early in the tournament, some really bad officiating, and unbelievably unsportsmanlike incidents, it was every bit the success that the Sochi Winter Olympic Games were. It's sad, however, to realize that most of the high points of the year in an article about IT were sporting events.

Celebrity "NSFW" photographs
In September, we learned exactly how important personal passwords are. We also learned (well I think some celebrities learned) that one ought not to store controversial content on somebody else's computer systems. But if you do, encrypt it. And encrypt it with your own keys!

Shellshock
If only the responsiveness to Shellshock had been as strong as it was for Heartbleed. Unfortunately, it was not, and today there are a myriad of active exploits affecting all sorts of Unix- and Linux-based systems that use the Bash shell as their default. Ostensibly, this fix was even easier than Heartbleed: Just turn off the Bash shell! Of course, some systems have only the Bash shell, so this is not practical in all cases. But the fact that exploits are still commandeering entire storage systems because patches that exist have not been applied is just, well, shocking.

Humanity landed on a comet!
It's been a really long time since anybody in the world did anything truly notable in the realm of space exploration. Yeah, SpaceX built a rocket to resupply the International Space Station, but humanity has been building suborbital rockets for 50 years. But this year, the European Space Agency landed on a comet! Well, to be honest, ESA bounced the lander off the comet and then it landed in shade, rendering it functionally useless. But do you have any idea what sort of navigational expertise it takes to hit a comet after 10 years of unmanned spaceflight? I definitely think this is the story of the year.

Sony
And, not to be outdone by any of the above, once again Sony gave us something to think about. I might have a modicum of sympathy for Sony, given the size of the intrusion and the ongoing impact of what was stolen, except we're now learning that (like with Home Depot) much of the damage was due to the company failing to maintain its own computer security. To add insult to injury, we're also finding out that the code that infiltrated Sony was so bug-ridden that it may be a miracle that it even worked at all. Then the hackers make a threat against movie theatres that planned to show Sony's movie The Interview, and Sony pulled the movie from distribution. (Well, really, I'm more inclined to think Sony pulled the movie so it wouldn't have to explain a $10 million opening weekend from the few theatres that actually showed it.)

So, that was 2014. From malware hacking poorly protected credit card systems abetted by dysfunctional corporate security procedures, to malware hacking poorly protected entertainment companies abetted by dysfunctional corporate security procedures, it just seems that nothing ever changes. Shakespearean theatre would refer to 2014 as a "comedy," inasmuch as the year started pretty much like it ended. Let's all learn a lesson or two, or ten, from these rough experiences and make 2015 a little better.

Celebrate your IT team's hard work: Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 16, 2015.