2012 was an interesting year. In the UK it was all Olympic Games and Golden Jubilees, while in the US, Barack Obama was reelected for a second term. The Mayan calendar came to an abrupt end—but the world did not—and we saw the final flight of NASA’s Space Shuttle. Amid all this, someone found the time to start up a new tech venture—a company anticipating massive transformation in networks, cloud, and cyber security. That company was Netskope.
2012 was also the year I first took on a CISO position. That year, I found myself at a roundtable sitting opposite John Kindervag, a Forrester Analyst. The CISOs in the room were all preoccupied with the question of how best to support and secure a wave of new BYOD devices—Androids and iPhones—that were taking over from the fleet of corporate BlackBerry devices and being used for both personal and corporate purposes. John was sharing new research about a concept he had helped define: zero trust.
Fast forward to 2014 and we entered the year of the Big Data Breach. That year a long line of big brand names including Home Depot, JP Morgan Chase, and Sony all became victims to a growing barrage of sophisticated cyber threats. These attacks prompted a renewed focus on data protection among my peers, and data loss prevention (DLP) saw a resurgence in popularity among savvy organisations that realised they needed to detect and prevent data theft.
2014 also gave birth to the NIST Cybersecurity Framework (NIST CSF), a unified framework created by both private-sector and government experts. It became so successful in that first year that it was incorporated into legislation and quickly established itself around the world; built upon the principles of Identify, Protect, Detect, Respond, and Recover.
2016 was the year when audiophiles around the world demonstrated against the removal of the headphone jack from the latest iPhone. In the security world, we witnessed the weaponization of email breaches of political candidates by organisations such as WikiLeaks, being used to influence voters.
Also in 2016 we finally heard about a 2014 breach at Yahoo affecting 500 million accounts, which the company had failed to disclose sooner. And the Mirai botnet emerged, unleashing DDoS attacks so large they endangered the internet itself and hinted to us all about the security challenge that the Internet-of-Things