10 Things InfoSec Pros Can Celebrate About 2016

There were a few items that passed for good news this year.

Lets not rehash all the miserable DDoSes of the past several months or predict the horrors IoT has in store for us next year. For now, lets snuggle up with some hot chocolate and think comforting thoughts. Lets prepare our champagne toasts for New Years Eve and celebrate the good times (or what passed for good times in this industry) from 2016:
Feds And Hackers Became Friends
:
This year, the federal government opened its doors to vulnerability researchers, establishing their very first bug bounty program,
Hack the Pentagon.
After
paying 117 hackers
anywhere from $100 to $15,000, it went on to create
Hack The Army
too.
Apple Finally Launched a Bug Bounty Program:
Perhaps jealous of how cool the federal government is,
Apple finally came around to launching a bug bounty program
. It wasnt just them.
Fiat Chrysler also did
, showing the automotive industrys increasing recognition of the importance of cybersecurity.
Google Added Kernel-Level Protections To Android:
According to an HP study earlier this year, the Android operating system is the second-most heavily targeted operating system with the second-most vulnerabilities, after Windows. Fortunately, in July, Google
announced new measures
to increase memory-level protections and reduce the overall attack surface of Android’s Linux kernel.
The Worst Security Laggards Got Slapped For Their Bad Security:
Its no secret that breaches cost companies a pretty penny, but so often the costs are residual -- lost business, breach notifications, fines for late breach notifications -- but not punishments for the bad security itself. This year, however, some companies felt an extra sting for failing to protect their customers in the first place.
Morgan Stanley
was hit with a $1 million fine by the SEC.
Catholic Health Care Services
got stuck with a $650,000 fine for a HIPAA violation. And
Ruby Corp., which runs the website for breached online dating site Ashley Madison
, was found guilty of lax security and agreed to pay a multi-state and Federal Trade Commission settlement of $17.5 million
Some Old Business Got Taken Care Of:
Josh Samuel Aaron, one of the
alleged masterminds
behind the monstrous JP Morgan breach/stock manipulation case of 2014, was indicted in November 2015; he was eventually
arrested
this month. The US
auctioned off
another $1.6 billion in Bitcoin forfeited from Silk Road and other illegal exchanges.
Someone Stood Up To Ransomware Operators:
Congratulate the San Francisco Municipal Transit Agency (SFMTA) for
sticking up to ransomware operators
, despite most likely losing money in the process. Instead of paying their $73,000 ransom demands, SFMTA gave passengers free rides at affected stations for days while they dealt with the situation. Take that, ransomware operators!
Some Privacy Victories Were Made (Among the Defeats):
If you ignore some other major threats to privacy, (like the signing of the UKs Snoopers’ Charter) there were some things for privacy advocates to be happy about. The
EUs General Data Protection Directive
was officially approved. And after a long, long, long haul, Microsoft finally
won a landmark case
over the US Department of Justice that prevented the DoJ from subpoenaing emails of Irish citizens located on Microsoft servers in Ireland.
The Federal Government Finally Decided It Needed a CISO:
Sure, maybe the job description and pay grade arent super-attractive, but nevertheless there is now someone officially charged with keeping the federal governments IT systems secure. President Obama
called for the creation of the new position
this year, and for increasing cybersecurity spending to $19 billion (a 35 percent boost) in fiscal year 2017 as part of a
new Cybersecurity National Action Plan
.
Security Vendors Started Taking Responsibility For Their Products:
Security companies are beginning to make stronger committments to customers that yes, in fact, their products will actually provide security. SentinelOne upped the ante this year, by
offering a $1 million guarantee
it could stop or remediate ransomware.
Still Plenty of Job Security:

Half of cybersecurity pros are solicited weekly
about a new job, according to an October report by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA). (That doesnt happen in many, or any, fields, take it from me.) The average American chief information security officer is
making a cool $273,03
3 per year, according to a new study by Security Current. The need for more security people is so great that the industry is always looking for ways to
clear a path
for more people to enter the field,
improve diversity
, and attract
more women
to the job. Its now even possible to be a full-time
super bug hunter,
taking full advantage of bug bounty programs.
So chin up, cybersecurity industry. There might have been a lot of rough moments throughout 2016, but it wasnt all bad.
Related Content
21 Biggest Cybercriminal Busts Of 2016
8 Boldest Security Predictions For 2017
Greatest Hits Of 2016: Readers Picks For The Years Best Commentary

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
10 Things InfoSec Pros Can Celebrate About 2016