This is what you told us about computer security in 2014

Better or Worse

Two weeks ago we asked you to tell us, “Did computer security get better or worse in 2014?

We asked some of our regular writers for their thoughts; then we invited you to vote in our poll and write your own commentaries on the article and on our Facebook page.

The Poll

(We know that our polls are not scientific studies: they are food for thought, so apply your pinch of salt now.)

Only a quarter of you thought that computer security actually improved in 2014, and nearly half of you thought it was worse.

Interstingly, attitudes varied on each side of the Atlantic, with the USA more downbeat about 2014 than the UK:

Better 26% 24% 37%
Worse 43% 44% 41%
Same 31% 33% 22%
Did computer security get better or worse in 2014? - All Did computer security get better or worse in 2014? - USA Did computer security get better or worse in 2014? - UK


Of course, we didn’t just want to know if you thought it was better or worse.

We also wanted to know why, and many of you took the opportunity to comment on the story, both on the article itself and on our Facebook page.

Computer security is a big subject and there was no obvious consensus about whether things were better or worse, but some strong themes did emerge.

Some of you thought that the big stories of 2014 were actually a sign that we had turned a corner, or at least fallen as far as we could.

Heartbleed and Shellshock were old bugs in software that people took for granted every day. Was that a sign that we were finally, rigorously looking into every corner and under every rock?

Many vulnerabilities, such as Heartbleed, existed before 2014, and we fixed them. Additionally, more people are now talking about security, and awareness is half the battle.
David Tsai, from Facebook

While we may be seeing "bigger hits," in 2014, much can be attributed to more active approaches to monitoring and detection. There were few things, this year, that were "new" to the security world.
Cyber_Guy_001, from Comments

Maybe incrementally better. It certainly *seemed* worse, thanks to all the attacks.
Matthew Cotton, from Facebook

I chose better. We may have found a lot of security issues, but finding them is a step in the right direction.
Steve Canaan, from Facebook

Some of you saw it as an opportunity to learn lessons…

Worse - although possibly our perception is catching up with a longer running reality.
Cloudless, from Comments

It certainly was a bad year for retail but a great teaching opportunity on how not to do security. So it seems awareness is increasing but we still have a long way to go before we can claim any kind of decisive victory, so let's call 2014 a draw.
John Shier, Naked Security Contributor

…whilst others saw it as a turning point.

...the scale and frequency of incidents this year feels like it has really pushed us over a tipping point and made security a topic everyone is thinking about, rather than just a few specialists.
John Hawes, Naked Security Contributor

...CEOs, CTOs and CIOs now know their jobs are at stake which means more investment in security and hopefully in a few years time we'll start seeing results in operations as contracts start pushing liability out to third parties and in house cultural changes take hold...
Spork, from Comments

Perhaps we’ll only be able to put 2014 into context when more time has passed.

The encryption snowball that Edward Snowden set rolling in 2013 is still going, and still growing, at the end of 2014.

The projects that spun off from OpenSSL following Heartbleed – projects like LibreSSL and BoringSSL – may not have excited much interest but they could end up almost everywhere, in almost everything.

The Sony Pictures hack could yet change the way that both corporations and governments think of security breaches, and the Lizard Squad’s Christmas day stunt (and the bragging that followed) will have made some very powerful enemies.

Whatever happens in 2015, make the safest start to it you can.

Image of signpost courtesy of Shutterstock.