Here is a brief article on a few predictions John McAfee, the creator and a leader in security, has for the upcoming year. As always, regardless of whether one likes him personally of professionally, he is usually spot on.
Despite what defenses an IT department or individual may put into place today, they typically fall very short of offering any real protection from attacks and offer little in the way of minimizing vulnerabilities. Too much focus is placed on outdated best practices and ideals regarding security (part of the whole issue with much of the US certifications processes and such) such as securing phones, restricting access to websites, relying on default or lightly modified firewall rules, etc. while the main targets (people, networks, servers, etc.) are almost completely missed and left open to attack. This is especially true in the government sector where I have seen far too often people with good or great talent were passed over for a position and the role was given to, at many times, a far less talented individual due to the simple fact the person did not have an ‘active’ security clearance. So, the organization sacrificed getting good talent and having potentially better security over the cost of a few dollars and a month of waiting for a check to be completed. This almost forced recycling of candidates not only perpetuates a pool of under-qualified and outdated talent, but creates a far more dangerous situation such as the mass shooting that arose in Washington D.C. at the NAVSEA HQ on 2013.
We need to rely more on actual talent, skills and ideas and less on certifications, clearances and the like; especially in the realm of cyber security. The background process has become a joke as even in the case mentioned above at NAVSEA the check was done, but barely. The contractor who did the checks, USIS, skipped so many steps a tragedy occurred. Why were steps skipped, simple cost cutting to increase revenue. The real fix in the US will come when money/companies are not treated as entities that are placed before people in value.