The term pervasive insecurity defines widespread and unwelcome instability or weaknesses in standardized systems. These systems are usually complex and can include poverty, political landscapes, or civil unrest. It's also a fantastic term to illustrate the train wreck of information systems security failures and publicized vulnerabilities last year.  Over the last year we've seen booming trends against embedded device exploits, data ransoming, and similar public displays of nefarious behavior.  Why was 2016 such a banner year for exploitation?  Who got pwned? What's our next steps to not protect ourselves but prevent our selves from being unknowing agents in coordinated attacks across the internet?   The Data Didn't Look Good Then, Do You Think It Got Better? In 2010 researchers at Columbia University published results of a internet scan including basic analysis of connected devices and their potential for exploit using only low or basic levels of effort.  Researchers were trying to discern past exploits, large scale attack feasibilities, amount of discoverable devices, and potential methods of securing devices.  The numbers they published would be intimidating by today's standards but given we've had 6 years to continue the trend of inscurity, it's only getting worse. Creepy Results Of Default Credential Scan (2010) IP's scanned: 3,223,358,720 Devices Targeted Post Discovery: 3,912,574 Vulnerable Devices: 540,435 Vulnerability Rate: 13.81% Section 4.1 of the paper specifically calls out the DDoS potentials of devices identified in the study.  Remember... 2010 people.  If this threat isn't new and was well documented back in 2010, why is 2016 special?   Infecting the Internet Of Things In You House Mirai was your big news source of late 2016 not because it exploited what the Columbia researchers knew in 2010, it was the largest publicized example that insecure connected systems pose.  First KrebsOnSecurity experienced a ~620Gbps DDoS attack and shortly after OVH Cloud Solutions experienced a 1Tbps peak bandwidth attack.  The reported 150,000+ connected home devices participating provided from 1Mbps to 30Mbps of bandwidth; together it was the largest known DDoS attack published to date.  The true reasoning theorized by Brian Krebs may or may not be true but we didn't witness the potential Mirai posed.  By releasing the source code Mirai's secret weapon of quietly locking systems could be outdone by someone willing to modify the code further.  Diluting the compromised devices with multiple sources  reduce each command and control servers effective attacking potential and so far, exploiters haven't been known to work together yet.   You Didn't Do What To The Database?!?  And Our Data Is Where?!? Poor MongoDB.  It was the first public name associated with a string of database ransom requests starting late in 2016 and extending to... well... it's still going. Bleepingcomputer's coverage on security researchers Victor Gevers and Niall Merrigan investigation of multiple groups responsible for deleting databases and leaving ransom notes (not per the norm of encrypting and leaving on service).  To date the attacks are against MongoDB, CouchDB, Hadoop, and Elastic Server services.  Reading the tweets by Victor and Niall, the fever pitch of updates is comparable to race track announcers.  And just like the Columbia researchers warned, these are not high level complex attacks.  The systems compromised were exposed instances with no modified access controls or elevated authentication and the combined tally of pwned systems is hitting 50,000.  As of today, Cassandra databases are now receiving threats to secure data.  This is becoming a Game Of Thrones nailbiter and I want to keep reading! Someone is warning unaware unprotected Cassandra database (https://t.