From KP Nut and Hula Hoop shortages, to state-sponsored cyber attacks in Ukraine – set to end a 30-year-drought from traditional warfare in Europe – cyber security is at the centre of 21st Century social, political and economic power wielding.
The impact on the lives of individuals, small businesses, and global supply chains becomes apparent with every new attack, and cyber is a new frontier for hostility and aggression on a global scale. As more people connect through virtual environments, cyber security will remain at the forefront for many businesses.
With the latest stream of cyber attacks occurring in Eastern Europe and other parts of the world, it seems important and prudent to examine the history of cyber, how we’ve got to where we are today and how we can make a difference for the future.
The ‘cyber’ issue may seem new, but it’s taken a half-century to develop, gaining salience and recognition in the mid-1990s. But first, let’s go back to the 1970s where cyber security originated – though ransomware, spyware, viruses, worms, and logic bombs did not exist.
1970s-2000s: from academia to criminality
Cyber threats in the 1970s and 1980s were not nearly as pervasive as today because the internet and computers remained comparatively undeveloped, making threats easily detectable – most of which came from malicious insiders who gained access to documents they weren’t supposed to view.
Therefore, computer security in software programs and the security involving risk and compliance governance evolved separately. It may surprise some to hear that network breaches and malware existed at this time. However, they were used for purposes other than financial gain.
Then came the ‘computer worms’ of the 1980s – a tactic designed to measure the size of the internet gone-wrong. The first of its kind erupted out of Cornell graduate student Robert Morris’ computer. He unleashed the first ever computer worm clogging thousands of computers with numerous copies of that same ‘worm’, bringing a fledgling network to its knees and permanently changing the face of the internet overnight.
This incident opened up an entirely novel field in cyber security, creating an industry-wide eruption of antivirus solutions in the form of products helping to scan computer systems for the presence of worms. However, the effectiveness of such products quickly came under question because they needed to scan IT systems and test them with signatures written in a database.
During the same period, the malware samples produced every day increased in size and scope.
The growth of malware samples climbed exponentially at the same time, with the 1990s hosting just a few thousand samples, but by 2007 at least 5 million were produced annually. As a result, the legacy antivirus solutions could not handle such a capacity as security professionals were unable to write signatures that would keep up with the problems as they emerged.
The rise of the hacker
Cyber related scams have become even more prolific in the age of pandemic-induced lockdowns. With a 31% increase in cases where businesses lost over £6.2 million to cyber scams over 2020, cyber crime shows no sign of slowing down.
Increasing reliance on virtual environments makes it all too easy for hackers to exploit vulnerable systems as well as individuals that lack the training to know that they are being hacked. And as the Internet of Things (IoT) fully takes off, the lack of physical hardening of softwares will only serve to create an increasingly insecure environment for data storage and with it a lack of visibility and device management.
Cyber security has always been the exploitation of emerging technologies, and its function today is to prevent devastating attacks from occurring. Employees at every level of a company can be targeted by scams, and the statistics prove those outside of the IT department are likely to be any businesses’ achilles heel. One of the most important elements in cyber strategy is therefore the power to arm your business and its employees with the knowledge that ‘strange’ attachments can be serious and have severe consequences.
Assembling a team of cyber-attack response units equipped with the necessary threat hunting tools and experience is crucial. In addition, every company must have their own cyber security training programmes, which give employees the skills to know when they are being attacked.
According to the NTT Security’s Global Threat Intelligence Report 2019, education, finance, technology, business and government are considered the most vulnerable sectors when it comes to cyber breaches. The question remains though: as our reality morphs into an increasingly virtual one – will the future of cyber remain limited to these industries? And how prepared are we to tackle novel threats as emergent technologies continue to evolve rapidly, and with them new and unknown cyber risks?