10 Top Security Stories of 2014

In 2014 we saw cyberthreats and data breaches on a scale we’ve never experienced before. Retailers, banks, gaming networks, media and entertainment titans — all felt the hit.

Perhaps it is no surprise, then, that the most popular CIO.com security story of the year was a look into the future at security trends that are likely to dominate the coming year, and number two was a step-by-step exploration of how the Target breach likely occurred. Security issues around mobile, cloud and the Internet of Things all piqued your interest. Here are CIO.com’s most-read security stories of 2014.

10) How to Test the Security Savvy of Your Staff, by Kim Lindros and Ed Tittel, published Feb. 24, 2014

How do you know your employees retain what you teach them in company-required security awareness training? You don’t — unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.

9) How to Explain the Cloud to End Users, by Kim Lindros and Ed Tittel, published Aug. 27, 2014

‘Nobody understands the cloud,’ says a lead character in the summer comedy ‘Sex Tape.’ The cloud and cloud computing have become an essential part of IT infrastructures — but could your employees use a Cloud 101 primer? Put another way: Do they really know where they’re putting sensitive data?

8) Will Healthcare Ever Take IT Security Seriously?, by Brian Eastwood, published Feb. 26, 2014

A recent threat intelligence study reports widespread security vulnerabilities in healthcare organizations, many of which went unnoticed for months. In December, a developer pulled unencrypted data from a ‘certified’ mobile health app in less than a minute. Why is it so hard for healthcare to get security right?

7) The Next Heartbleed: 5 Security Vulnerabilities to Watch, by John Brandon, published June 9, 2014

By and large, the major websites hit by Heartbleed have recovered. So have the bad guys, who are undoubtedly plotting their next move. Here, security experts offer their take on five large-scale, Heartbleed-level vulnerabilities for which CIOs should prepare.

6) Everything You Know About Enterprise Security Is Wrong, by Rob Enderle, published Feb. 28, 2014

Whether you’re talking about your network, your company’s building or your home, a perimeter approach to security is no longer adequate. As McAfee discussed at this week’s RSA Conference, you can’t provide physical or electronic security simply by trying to prevent unauthorized access — you have to rethink all types of security to protect data and lives.

5) 7 Enterprise Mobile Security Best Practices, by Ed Tittel, published Feb. 13, 2014

There’s no denying the potential for mobile devices to improve efficiencies and lower costs for workers in industries of all types. You also can’t deny the potential security vulnerabilities that mobile devices present. These seven tips will help you secure your mobile environment without placing a burden on your workforce.

4) Cybersecurity Expert and CIO: Internet of This is ‘Scary as Hell’, by Al Sacco, published March 25, 2014

Jerry Irvine, Prescient Solutions CIO and member of the National Cybersecurity Partnership, spoke with CIO.com about “Internet of Things” (IoT) security, the connected home, and why consumers and enterprise should be wary of both.

3) Security, Payments Experts Talk Apple Pay, by Al Sacco, published Oct. 23, 2014

Three security and payments industry experts discuss the pros and cons of Apple’s new iPhone-based contactless payment system, Apple Pay.

2) 11 Steps Attackers Took to Crack Target, by Thor Olavsrud, published Sept. 2, 2014

Aorato, a specialist in Active Directory monitoring and protection, delivers a step-by-step report on how attackers used the stolen credentials of an HVAC vendor to steal the data of 70 million customers and 40 million credit cards and debit cards from the retailer.

1) 5 Information Security Trends That Will Dominate 2015, by Thor Olavsrud, published Dec. 10, 2014

Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2015, information security professionals must understand these five trends.