In today\u2019s crazy world, where hackers can take down entire companies, cancel projects, and ruin movie night for millions, I have to believe we\u2019ve hit some sort of tipping point. I mean, someone who doesn't like your company shouldn\u2019t be allowed to kill it.I\u2019m not talking about Sony alone. Hackers have been putting companies out of business for years. In the past it\u2019s been smaller firms, but now damages in the hundreds of millions of dollars -- or in Sony\u2019s case, probably half a billion over the long term -- are commonplace. Remember that few of these attacks required sophisticated hacking techniques; it's generally a matter of poor defenses. Almost any company could be Sony.The security state has become so bad, it has to get better. In fact, I see four areas of light in the endless fight against malicious hackers and malware:1. Better training to fight social engineeringMost companies that got pwned this year were hit by skilled practitioners of social engineering.The phishing emails you need to worry about aren\u2019t the ones with typos coming from strange people asking you to get involved in something you\u2019ve never heard of. No, today\u2019s spear phishing emails arrive from someone you know and work with on a regular basis, refer to a project you\u2019ve both been working on for a long time, and ask you to do something that seems highly plausible given the other shared facts and knowledge contained within the request.The only defense against such sophisticated attacks is better training. We have to educate our users about the most common types of attacks and what those attackers will try to get you to do -- such as log on to a website (to steal your corporate credentials) or run a program (usually a Trojan).I'm sure you've seen the stale boilerplate instructions most companies use, such as telling people not to open suspicious file attachments or to avoid "untrusted" websites. In 2015, I think companies will finally update that advice to meet the challenge of today's more sophisticated threats.2. More privacy by defaultOver the last year-plus, thanks to Edward Snowden, everyone has learned they had no privacy.The revelation that most governments are reading our emails and tracking our cellphone calls created a backlash that won't die. Most cloud services have already enabled default encryption in their products or are creating the functionality and plan to release it in 2015. I think by 2016 you\u2019ll be hard-pressed to find a product, cloud or otherwise, that doesn\u2019t include default encryption, where the only person who can access the keys is the owner. That will be a great development.I\u2019m not fazed by the fearmongers who argue default encryption will cause the world to be overrun by terrorists and child pornographers. Sorry, guys, you\u2019ll have to go back and do hard police work -- or at least get a warrant. I'll never be willing to give up my right to personal privacy, along with that of billions of others, to catch a few hundred or thousand bad guys.More and more companies are hiring privacy advocates, including Chief Privacy Officers. Guaranteeing a customer or employee\u2019s data protection and privacy has hit the mainstream. There\u2019s no going back. This horrible period of vicious, Orwellian privacy invasion will finally come to an end.3. More crowdsourced defensesCrowdsourcing has worked for everything from funding inventions to giving to good causes to organizing protests. Crowdsourcing can work for computer security, too.Most of the bad guys carry out their plans with many people at the same time. Spammers send out tens to hundreds of millions of copies of the same email. APT groups usually invade hundreds or even thousands of companies at the same time. Each victim has valuable, detailed information to share about these misdeeds.Why we haven\u2019t shared such collective intelligence with each other more often, not to mention more quickly, has always perplexed me. But in 2014 I came across more organizations that existed solely to share their experiences of being hacked, either among a selected group of business partners or within entire industries. The results were productive.Hackers have long shared different hacking methods and successes with each other. Why shouldn\u2019t the victims do the same?In 2015, more organizations for sharing information will emerge -- as well as more tools that use information learned from the majority. Information readily shared today among antivirus partners will begin to be shared in open forums and feeds. Crowdsourcing of computer security defenses will make it harder for hackers to hide.4. More international cooperationInternet criminals commit crime because they know their chances of getting caught are slim.In today\u2019s Internet, much like in the Wild West, malicious hackers need only slip across the border to avoid prosecution. We know the identities of many hackers who cause damage, but their home countries will not recognize our warrants or arrest them even if we have a great deal of direct evidence.The Wild West was replaced by a safer civilization because communities (look up Tombstone City) decided that law and order had to prevail in order for humanity to succeed. Today, even countries where rogue operators have been allowed to flourish are seeing the light, if only for self-interest. For example, many U.S. companies now block Internet traffic from entire countries due of the actions of a few bad seeds. That can't be good for those countries' economies.In the past, many of these safe-harbor countries have cynically turned a blind eye so long as the hackers focused on foreign victims. Eventually, these thieves couldn\u2019t help themselves and began hitting easy domestic targets, too. Governments that used to tolerate attacks against foreigners are discovering what happens when the chickens come home to roost.Eventually, a border will become less of a jurisdictional blocker than it has proven in the past. I think you\u2019ll see more international cyber criminals rounded up and put in jail. You\u2019ll always have some states, such as Russia, where bribes go a long way to maintaining local protection. But even the old guard will tested as more public evidence comes to light.Real change? Maybe soMy default Grinch attitude won't allow me to believe computer security will improve radically in 2015, but I see glimmers of hope. Heck, I\u2019ll be overjoyed if only one of these predictions came true; even a single success will give us more ammunition to fight cyber crime than we've had before.I have high hopes because something has to change. We can\u2019t let someone who doesn\u2019t agree with a movie take out a company and interrupt the social lives of nearly everyone. That\u2019s way too Wild West.