In Computer Weekly's review of the best of the IT year in 2010, we look back on the top 10 IT security stories for 2010.
The focus on IT security has not gone away, but the profile of cyber-threats is higher than ever after the Stuxnet worm that attacked Iran's nuclear facilities.
Disclosures of cyber-attacks on Google, Adobe and more than 20 other companies in December 2009 provide evidence that cyber-espionage is a real and present danger.
IT security policies are vital in reducing corporate liability risk under a raft of new and coming information security laws and regulations, says Stewart Room, partner at law firm Field Fisher Waterhouse.
A decade after the LoveBug computer virus caught the online world by surprise, social engineering is still a popular element of cyber-attacks, but it has become far more sophisticated, says Paul Fletcher, a member of the first security team to intercept and name the virus.
The Conficker worm continues to be a threat and businesses need to be aware of two vulnerabilities it may have introduced to their IT systems, says Rodney Joffe, director of the Conficker Working Group.
Passwords are fundamentally insecure and represent the biggest security threat facing organisations, says Jason Hart, senior vice-president for Europe at security firm Cryptocard, with hackers able to use easily available software to capture every username and password of any user on a network.
Many organisations are unaware they are being targeted by advanced cyber-attacks and are failing to respond effectively, according to the Ponemon Institute, with 41% of US organisations unable to determine if they were being targeted by zero-day and other advanced cyber-threats designed to evade countermeasures.
Attacks on third-party applications have become a major threat to enterprise information security, says security firm NGS Secure of the NCC Group, and with operating system suppliers having reasonably effective patching regimes, falls to businesses to also check that all their other software is fully patched at all times.
Security must evolve to support the transition from virtualised datacentres to private cloud computing infrastructures, according to research firm Gartner, which predicts that by 2015, 40% of security controls in enterprise datacentres will be virtualised, up from less than 5% in 2010.
Hailed as the most sophisticated malware ever found, Stuxnet is widely seen as a prototype cyber-weapon, pushing the concept of cyber-warfare into the realm of the possible. As worrying as that is, most business IT security managers have dismissed Stuxnet as something that has no relevance to them.
The UK government should focus its cyber-efforts on resilience and defence rather than attack, an expert panel has told the House of Commons science and technology committee, hearing evidence on cyber-attacks as part of its inquiry into scientific advice and evidence in emergencies.