The day PRISM came to light in 2013 is an event etched in most people's memory.
I clearly remember sitting on the train into work as the original stories chronicling the NSA and GCHQ's mass surveillance strategies broke, thinking, "this is it, this is as bad as it gets."
After all, what other reaction is there to the news that the agencies designed to protect you are collecting en-masse people's personal information, without their knowledge or consent, using secret courts that block any chance of a public debate?
These fears escalated throughout 2013 as a steady stream of fresh revelations emerged showing the rabbit hole goes deeper than any of us imagined.
As a result I never thought I'd come to the end of 2014 thinking things have gotten worse, but they have. Over the past 12 months we have seen some of the most dangerous and widespread vulnerabilities and cyber attacks ever.
This started in April when researchers from a Finnish company called Codenomicon reported uncovering the Heartbleed vulnerability.
A flaw in the OpenSSL encryption used by open-source web servers such as Apache and Nginx, which host 66 percent of all sites, Heartbleed's potential for harm was huge and justifiably made it a milestone moment in the technology industry's history.
As if this wasn't bad enough security researchers then found another separate critical flaw, codenamed Shellshock, in the Bash code used in numerous Unix-based or Unix-like systems' operating systems, including Linux and Mac OS X.
You would have thought the discovery of these critical flaws would have spurred any self-respecting CTO, CIO, CSO, IT manager or end user to reassess the need for security and start working hard to protect themselves, but no.
As proven by the ongoing Sony #GOP hacking nightmare, most firms and people are still woefully ignorant or recklessly unconcerned about cyber security.
Reports of the Sony hack broke on 25 November when a group operating under the #GOP hashtag attempted to blackmail the firm to not release controversial comedy The Interview, claiming it had managed to steal sensitive data from the firm.
Since the claim, a lot of material has been leaked, including Sony's remake of Annie, and even Sylvester Stallone's social security number.
While this is terrible for the people directly affected, what makes it worse for me is the fact Sony reportedly made it all too easy for the hackers to breach their systems and actually stored all their passwords in an unprotected file named "passwords".
It seems that even in the face of all the dangerous campaigns doing the rounds, such as Regin, Operation Snowman and Energetic Bears, Sony still regarded security as a problem to be offloaded on the IT department or security vendors.
This attitude that security problems can be solved using a silver-bullet product from a vendor cannot be allowed to continue.
Attacks like the one on Sony, or even the iCloud hacks on celebrities, succeed not by overcoming defence technology but by duping individuals using social engineering or taking advantage of simple mistakes, like an unpatched system or miss-stored password.
As users, we must all stop looking to offload our personal security to a vendor, or view it as a purely IT concern. Everyone from the CEO to the mailroom assistant must start taking security seriously and following best practice guidelines.
Hopefully the fate of companies like Sony and the emergence of critical vulnerabilities over the past 12 months will help to spur action on this front in 2015, but considering the past inertia I've seen within most companies when it comes to security, I'm not holding my breath.
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"
Looking to boost your career in IT? Here are the best-earning roles out there!
The BlackBerry KeyOne is a strange device that brings the best of BlackBerry and Android together in a Qwerty-equipped package, but it won't be for everyone