So many of the serious security flaws we see in software today are as a result of simple human error. Training people makes a fundamental difference when it comes to protecting our online systems.
In security, we can't simply decry everything that doesn't meet the strongest possible criteria, we have to balance this off against the upsides of the approach.
The information security world is full of serious incidents that have already occurred but as yet, we have no idea of. These "unknown unknowns" are rampant and we'll see many of them again in 2017.
We like to get all retrospective at the end of the year and look back at the last 12 months. For 2016, my biggest takeaway is that we've learned how little we know.
We often see account compromises occur en masse on other websites after a data breach due to customers reusing credentials. How responsible should those other sites be for defending against this pattern?