Security Zeitgeist 2010
Security topics that reached the mainstream audience over the last year.
With the end of this year approaching, I'd love to look back at those security topics that reached the mainstream audience. In 2010, there was no lack of incidents of prominent importance, privacy breaches, or buzzwords for the marketing departments. At the same time, we had no shortage of reports spreading fear, uncertainty and doubt.
In order to sum up briefly the last year, I've queried Google Trends for the average worldwide traffic generated over this period by relevant search terms. Security incidents can be specially interesting to look at. Often, popular security breaches coincide with stories from which we can learn some valuable lessons. Other times, insights arise from understanding events that have not stirred public outcry. Reviewing these events gives an opportunity to introduce some of the lesson learned this year, to which I will turn again in few of the upcoming posts.
Here, I present the main search terms grouped in two categories: security incidents and buzzwords. For each category, I've removed the outliers, which I mention separately when they are of interest, and I've tried to target their four or five most googled items.
The Main Incidents
The year opened with Google breaking the shame barrier and disclosing it had been hacked - and, as later emerged, other companies experienced the same, including Yahoo! and Symantec.
Though, the series of attacks dubbed Operation Aurora were not the only high-profile hacks and security incidents observed over the 2010. They included they privacy concerns around Google Buzz, Stuxnet, demonstrating the viability of malware attacks on process control systems, and, few weeks ago, the Gawker hack, the second largest public compromise of a website’s password file. The average traffic generated by these events is depicted below and more data are available from Google:
But 2010 was also the year of Albert Gonzalez's conviction, who played a leading role in the largest computer-crime case ever prosecuted, the dismissal of Matthew Crippen Xbox-modding case, and the Google WiFi snooping. Yet, the most notable outlier is Wikileaks, first with the release of the "Collateral Murder", then with the Afghan War Diary, the Iraq War Logs and, dulcis in fundo, the Cablegate.
Each of these security events lead to feedback to decision makers, industry councils, and security offices about what worked and what didn't, suggesting future security mandates - which are not necessarily right, well focused or inexpensive. It already happened with the more stringent rules demanded by the revision of the PCI-DSS about wireless access points, log files and front-end applications.
Some Buzzwords and Popular Topic We Have Been Hearing
Among the most searched buzzwords and popular security topics notable mentions are deserved by terms like 'cloud security', 'Facebook privacy', 'body scanner', 'pat down' and 'PCI DSS'. The outliers for this category include: 'critical infrastructure', 'cybercrime', 'cyberwar', and 'APT'. Here is a graph by Google Trends depicting the main ones:
Facebook privacy stayed hot topic in people's browsers across the whole year, after the last privacy breaches and increased scrutiny by regulators. The most interested regions was Singapore and Hong Kong, followed by the anglophone world.
Airport security topics have also been widely searched, as full body scanners progressively arrived in airportsserving U.S. airliness and invasive and questionable pat-downs procedures made headlines in the news, traumatizing survivor to sexual assault or rape, "hand searching" kids, and dislodging a urostomy bag of a passenger, leaving its wearer in urine-soaked clothes. More here.
Moving to two of the main industry buzzwords, the Indian cities, to whom we outsource a large number of information technology projects, have inevitably showed an high interest about cloud security, followed by Singapore and Taiwan. In a similar way happened with PCI DSS related searches, for which they joined the interest expressed by some of the main financial cities.
Finally, the spike in the number of looked up resources written in Italian should not come to a surprise, as the xenophilous Italians prefer the English privacy to riservatezza, and body scanner to scansionatore del corpo.