The Evolutional Need for Cybersecurity
When ENIAC, the first modern computer, came online in 1945, the term “cybersecurity” wasn’t even in the dictionary. Back then, interacting with the building-sized computers required physical presence, making virtual threats non-existent. Access control was primarily a matter of physical security.
The word “hacker” often conjures images of mysterious individuals in dark rooms, manipulating information on multiple screens. However, the origin of the modern hacker lies in a counterculture of people tinkering with technology and finding innovative ways to share information. Hacking wasn’t initially about breaking into computers; it was about working within systems to produce unintended behaviour. For instance, in 1963, an early example of hacking involved manipulating a phone system to make free long-distance calls — a far cry from the Hollywood portrayal of cyber villains.
The 1960s: Time-Sharing and Increased Connectivity
As connectivity grew, so did the importance of Cybersecurity. Time-sharing, popularised in the 1960s, allowed multiple users to access a single large computer simultaneously. With expensive and bulky computers, precautions were necessary to prevent unauthorised access to files and the computer itself. Password protection emerged during this era, and it remains relevant today.
The 1970s: ARPANET and Academic Exploration
The creation of ARPANET—the precursor to the Internet—provided hackers with a new playground for experimentation and exploration. ARPANET was seen as a cooperative academic endeavour, and secure practices had not yet been established. Academic communities developed and prototyped new technologies, including email. The first computer worms (such as Creeper and Reaper) appeared as computer security still wasn’t a significant concern.
The 1980s: Public Awareness and Cybersecurity Boom
The 80s also saw the foundation of significant hacking groups. Legion of Doom, Masters of Deception, Cult of the Dead Cow and Chaos Computer Club all started in the 80s. They were known for hacking into government and military systems, including NASA, the Pentagon, and the White House. CDC was well-known for introducing Back Orifice, one of the earliest, easy-to-use remote administration tools (RAT). These people did what they did not for extortion but because they believed information should be free. Many of these groups stayed around for 20 years or more.
Because of the targets involved in these series of events, Cybersecurity was thrust into the public consciousness during the 1980s. People became concerned about how governments, businesses and financial institutions would protect against these attacks, and the dangers of inadequate security became a common talking point for the first time.
The 1990s: The Internet Boom and New Threats
The 1990s witnessed the explosive growth of the Internet, with the World Wide Web becoming more accessible to the public, who now face new cybersecurity challenges.
Malware Proliferation: The rise of viruses, worms, and Trojans posed severe threats and infected millions of computers worldwide, highlighting the need for robust defences. During my time at college in the mid-90s, I started collecting and trying to analyse viruses and malware and became interested in computer security.
Firewalls and Antivirus Software: Organisations adopted basic firewalls to protect their networks. Antivirus software became essential for detecting and removing malicious code.
E-Commerce and Privacy Concerns: Towards the end of the 90s, securing customer data and financial transactions became critical as online shopping became a thing.
The Millennium Bug: The Millennium Bug, 1999 into 2000, was a real threat to computer systems worldwide. It was a problem caused by abbreviating four-digit years to two digits. The fear was that when 2000 arrived, computers would interpret the “00” as 1900 instead of 2000, causing widespread errors and system failures1. The bug was a genuine concern for governments, auditors, airlines, and passengers. The cost of preparing for the consequences of this bug was huge, but it was worth it. The crisis failed to materialise, the planes did not fall from the sky, and power stations did not melt down. However, there were many failures in January 2000, from the significant to the trivial. The millennium bug is now seen as a bit of a joke. Still, it highlighted concerns in software and systems and about becoming too complacent about their vulnerabilities.
Social Engineering: Famous Hacker Kevin Mitnick introduced us to Social Engineering in the 90s. His exploits were well known, and he used social engineering on several hacks. Until recently, Kevin gave talks worldwide on social engineering and how to educate your users to protect your organisation from people like him.
Denial of Service Attacks: of course, in one kind or another, denial-of-service attacks have been around for a long time, but in the late 90s, yahoo got hit with what was thought to be the first major distributed denial-of-service (DDoS) attack in history. The attack flooded Yahoo servers, making the once-popular service unavailable for hours. The attack was launched by a 15-year-old and his associates, who claimed he wanted to demonstrate the vulnerabilities of large organisations on the Internet.
The Millennium Years: Cyber Warfare and Nation-State Attacks
The 21st century brought cyber warfare to the forefront. The Internet was far more widespread, and hackers became more sophisticated.
Cyberterrorism: the threat of cyber-attacks by terrorist groups or rogue states increased, especially after 911 in 2001. So, countries went to cyberwar. Notable incidents include Stuxnet, a sophisticated worm that targeted Iran’s nuclear facilities. This was just one example of the potential cyber weapons being developed.
State-sponsored Advanced Persistent Threats (APTs) began to appear. In the private sector, cybersecurity frameworks such as the NIST Cybersecurity Framework and ISO/IEC 27001 (originally BS7799) have increased to enhance security practices.
The rise of online banking, e-commerce, and social media has led to cybercriminals stealing personal and financial information and committing identity theft. Botnets, a network of compromised computers, started to appear. Significant malware such as ILOVEYOU, Code Red, Slammer and CryptoLocker.
Phishing has become more prevalent and sophisticated. Many of the problems we still face today were born in the 2000s when the Internet spread into our homes and workplaces.
2010: The approach of today’s dangerous world and professional maturity
This period was a changing time for cyber security. The Internet became more advanced, permanent connections were much more common, and bandwidth increased, as did the services offered on the Internet.
Mobile phones began to offer internet-based services in a significant way. Cloud security, IOT security, mobile security, and even early AI and machine learning became a thing security professionals had to sit up and take notice of.
Massive attacks started to take place. Sony Pictures, Equifax, Wannacry and SolarWinds brought new learning opportunities, and those in the industry and business noticed.
CISOs were appointed, and dedicated security teams outside IT purview were built. Cybersecurity professionals became established as a professional career choice.
The Present: Vigilance and Adaptability
Today, Cybersecurity is an ongoing journey. Ever-evolving technologies meet increasingly sophisticated threats. Staying ahead requires vigilance, adaptability, and a proactive approach to security.
There are several key areas that you could say have transformed Cybersecurity:
Cloud Security: Securing data and applications became paramount as businesses migrated to the cloud. Cloud providers now offer robust security features, but they must.
Machine Learning and Behavioural Analytics: AI-driven tools analyse vast amounts of data to detect anomalies and predict threats. This will continue to be a growing area for us.
Zero Trust Architecture: The principle of “never trust, always verify” gained prominence. Zero trust architectures limit access based on strict authentication and authorisation.
Internet of Things (IoT): The proliferation of interconnected devices—smart homes, wearables, industrial sensors—creates a sprawling attack surface and brings specific challenges.
The Human Factor: Amidst technological advancements, humans remain the weakest link but potentially your greatest strength. Social engineering, phishing, and insider threats persist. Education and awareness are crucial. Cyber hygiene—strong passwords, regular updates, and scepticism are our armour, and people can indeed be our first line of defence if educated.
Ethical Hacking and Bug Bounties: The introduction of utilising hacking skills for good plays a pivotal role. Bug bounty programs incentivise researchers to find vulnerabilities before malicious actors do. Collaboration between security experts and organisations strengthens our defences.
The Uncharted Beyond:
As we venture into quantum realms, more robust AI-driven frontiers, and, who knows, interconnected galaxies of data, one truth remains: Cybersecurity is a perpetual journey. Adaptability, innovation, and resilience will define our success.
So, fellow professionals, let us work together to raise our shields, adapt, innovate, and find new and exciting ways to improve ourselves to prepare for the coming threats; remember, security is a journey and not a destination.
ALSO PUBLISHED AT: https://www.linkedin.com/pulse/evolutional-need-cybersecurity-andrew-cardwell-xyetc/?trackingId=iZ8%2FNqkuRlqwUk8dC%2F%2BnqA%3D%3D