2014: IT's Good, Bad, & Ugly - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Digital Business
Commentary
12/29/2014
08:06 AM
Lawrence Garvin
Lawrence Garvin
Commentary
50%
50%

2014: IT's Good, Bad, & Ugly

Take a look back at some of the most memorable IT incidents -- for good and bad -- over the past year.

8 Quiet Firsts In Tech In 2014
8 Quiet Firsts In Tech In 2014
(Click image for larger view and slideshow.)

The things we'll most likely remember from 2014 are all the things in IT that went wrong, and those won't go un-re-noticed here. A couple of those things were just flat-out attributable to human error, and I'll also make a point of calling those out where I think they occurred.

But the year was not all catastrophic. There were a few really cool things that happened in IT, and in technology generally. Those are just as important to remember as the lessons learned from the fiascos.

18 months of credit card breaches
No doubt the biggest story of the year, or at least the longest-running story, was the spate of credit card breaches suffered by some of the country's most notable retailers. We've all read about these, to some extent or another, but since part of the point of this article is to call out the good, bad, and ugly, let's start there.

[Check out The Coolest Hacks Of 2014.]

First, kudos to P.F. Chang's for its rapid response in simply pulling the plug on its electronic credit card processing systems. No kudos for Neiman Marcus, which only reported its breach in June, although it occurred prior to the Target breach in late 2013. So, in fact, it was Neiman Marcus in July 2013 that is due the credit of starting the recent wave of breaches. The ugly goes to Home Depot. I'm still trying to wrap my head around how that stuff got past compliance auditing.

Microsoft names new CEO
I said I'd include some good news. While a good portion of the world was somewhat skeptical back in February, I have to say that for the most part I think Satya Nadella's ascendency to the software throne of the world has been a positive thing for Microsoft. Certainly, the culture of listening to customers has become more open, and it's hard not to be encouraged by the looks of Windows 10.

Unfortunately, the lack of quality in the trenches, particularly with respect to the bad batch of patches released over the past six months, is damaging the memory of what could otherwise have been a great year for Microsoft.

XXII Olympic Winter Games, Sochi, Russia
Despite all the cynical attitudes about the Winter Olympic Games being in Russia, all in all I thought the Sochi event was as good as any other Olympic Games in recent years, and certainly better than a few.

(Source: Chris/Flickr)
(Source: Chris/Flickr)

Heartbleed
So, in the midst of all the credit card chaos, we learned something really important about open source software: Apparently open source developers read their peers' source code about as often (and as diligently) as IT professionals read product documentation before implementing software in production.

The good news from Heartbleed, though, is that the damage could have been exponentially worse than it actually was. Kudos to a responsive IT community that plugged the critical holes pretty quickly, and as far as I know, there's still only one actual breach attributed to Heartbleed.

FIFA World Cup, Brazil
Like the Winter Olympic Games, the naysayers had a lot of negativity floating around the airwaves about Brazil hosting the FIFA World Cup. But aside from a couple of minor disruptions early in the tournament, some really bad officiating, and unbelievably unsportsmanlike incidents, it was every bit the success that the Sochi Winter Olympic Games were. It's sad, however, to realize that most of the high points of the year in an article about IT were sporting events.

Celebrity "NSFW" photographs
In September, we learned exactly how important personal passwords are. We also learned (well I think some celebrities learned) that one ought not to store controversial content on somebody else's computer systems. But if you do, encrypt it. And encrypt it with your own keys!

Shellshock
If only the responsiveness to Shellshock had been as strong as it was for Heartbleed. Unfortunately, it was not, and today there are a myriad of active exploits affecting all sorts of Unix- and Linux-based systems that use the Bash shell as their default. Ostensibly, this fix was even easier than Heartbleed: Just turn off the Bash shell! Of course, some systems have only the Bash shell, so this is not practical in all cases. But the fact that exploits are still commandeering entire storage systems because patches that exist have not been applied is just, well, shocking.

Humanity landed on a comet!
It's been a really long time since anybody in the world did anything truly notable in the realm of space exploration. Yeah, SpaceX built a rocket to resupply the International Space Station, but humanity has been building suborbital rockets for 50 years. But this year, the European Space Agency landed on a comet! Well, to be honest, ESA bounced the lander off the comet and then it landed in shade, rendering it functionally useless. But do you have any idea what sort of navigational expertise it takes to hit a comet after 10 years of unmanned spaceflight? I definitely think this is the story of the year.

Sony
And, not to be outdone by any of the above, once again Sony gave us something to think about. I might have a modicum of sympathy for Sony, given the size of the intrusion and the ongoing impact of what was stolen, except we're now learning that (like with Home Depot) much of the damage was due to the company failing to maintain its own computer security. To add insult to injury, we're also finding out that the code that infiltrated Sony was so bug-ridden that it may be a miracle that it even worked at all. Then the hackers make a threat against movie theatres that planned to show Sony's movie The Interview, and Sony pulled the movie from distribution. (Well, really, I'm more inclined to think Sony pulled the movie so it wouldn't have to explain a $10 million opening weekend from the few theatres that actually showed it.)

So, that was 2014. From malware hacking poorly protected credit card systems abetted by dysfunctional corporate security procedures, to malware hacking poorly protected entertainment companies abetted by dysfunctional corporate security procedures, it just seems that nothing ever changes. Shakespearean theatre would refer to 2014 as a "comedy," inasmuch as the year started pretty much like it ended. Let's all learn a lesson or two, or ten, from these rough experiences and make 2015 a little better.

Celebrate your IT team's hard work: Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 16, 2015.

Lawrence Garvin, head geek and technical product marketing manager at SolarWinds, wrote his first computer program, in RPG-II, in 1974, to calculate quadratic equations. He tested it on some spare weekend cycles on an IBM System 3 that he "borrowed" from his father's ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
batye
50%
50%
batye,
User Rank: Ninja
2/3/2015 | 11:34:49 AM
Re: Response
@kruseej good observation, I could not agree more... but with security it never ending game...
kruseej
50%
50%
kruseej,
User Rank: Apprentice
1/4/2015 | 1:38:38 PM
Response
Great Post,

 

You hit the nail on the head when speaking of Heartbleed and Shellhock.  I have to think that the I.T. community's rapid reaction to HeartBleed was notable.  I feel like that took a lot of major organizations by surprise which resulted in critical change's being implemented to ensure that everyone felt comfortable their organizations were protected.

 

What I want to point out is the reaction from the media and the consensus of colleagues at different organizations is that Shellshock was viewed as less of a threat by leadership.  Now, one could say that this was due to the timing and the understanding that the organizations now know how to deal with this problem.  I think the issue was that the support was just not there for which is, and was a more critical issue of the ShellShock exploit.

It all comes down to communication and ensuring the risks are presented in a way that makes sense, and that the people that need to be talking, start talking.  No 12-24 month compliance checks, it's a get it done now mentality that needs to be understood for organizations to protect themselves.

 
batye
50%
50%
batye,
User Rank: Ninja
1/2/2015 | 2:39:07 PM
Re: Leassons Learned
#kbannan100, I trust you are right as in security chain, human factor is always is a weekest point...
batye
50%
50%
batye,
User Rank: Ninja
1/2/2015 | 2:36:18 PM
Re: Leassons Learned
i trust this days we should never ovelook security... as evil in the little details... how I see it...
mejiac
50%
50%
mejiac,
User Rank: Ninja
12/31/2014 | 3:39:59 PM
Re: Leassons Learned
@kbannan100,

I would agree, and this is more something that will really never go away.

Before it was ilegal copies of VHS, then DVDs, then digital copies... so it's something that simply evolves with the technology.

I think this is why many companies seek low tech for there communication needs (like airports that rely on radio communications versus cell signals)
mejiac
50%
50%
mejiac,
User Rank: Ninja
12/31/2014 | 3:37:28 PM
Re: Leassons Learned
@PedroGonzales,

Thank you for your comment,

Here's an interesting notion...perhaps companies think that by confiding in a 3rd party vendor they think they're security protocals are in check?

I don't think companies make the bad decision of not thinking about having good security procedures, and it's perhaps more that because so many companies may rely on third parties, that identifying one exploit could lead to exponantial consequences, since it would be the same exploit that could leave many companies vulnerable,

 

What do you think?
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
12/30/2014 | 6:09:36 PM
Re: Leassons Learned
Yes, you can put all the safeguards in place but people still have to do business, and in the course of doing so, you often open yourself to breaches like the ones we've seen recently.

I think people instinctually play the odds and often decide to take the gamble if they think the liklihood of something happening is low.  And if the cost of plugging up any holes that may exist or trying to discover those that currently do is prohibitive, plus there's nothing TANGIBLE to gain...the route usually taken is to do nothing.

Am I wrong?
kbannan100
50%
50%
kbannan100,
User Rank: Strategist
12/30/2014 | 1:40:18 PM
Re: Leassons Learned
I think as long as people have access to the network and to resources we're always going to have the threat of stupid human mistakes. Maybe DaaS and VDI can mitigate some of these problems?


--KB
Karen J. Bannan, commenting on behalf of IDG and VMware.
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
12/30/2014 | 9:55:50 AM
Re: Leassons Learned
companies should really place security as one of their priorities.  It seems many companies ignore this.  Such breaches put a strain on their customers because they can't trust their information with them.  As for the interview movie, the breach helped SONY get a lot of movie for it in their online sales.  They made more money than if they would have release it in theaters.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
12/29/2014 | 7:39:47 PM
Re: Different year same indifference to consumer data breaches
I totally hear what you are saying @LawrenceGarvin - it seems reasonable to assume that the two go hand-in-hand - but the reality is much different in practice than on paper it seems.
Page 1 / 2   >   >>
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Commentary
Enterprise Guide to Multi-Cloud Adoption
Cathleen Gagne, Managing Editor, InformationWeek,  9/27/2019
Commentary
5 Ways CIOs Can Better Compete to Recruit Top Tech Talent
Guest Commentary, Guest Commentary,  10/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll