How cyber security has changed over the years

Since the very first cyber-attack; 1988’s Morris Worm which originated from MIT, the IT industry and users have faced the ongoing challenge of protecting devices and services.

Back in 1970, well before computers became prevalent in everyday life, a team of computer scientists published the Ware Report. This paper marked the beginnings of the field of computer security, outlining potential vulnerabilities that networks could face - many of which are still relevant today.

It has been argued that many recent cyber hacks could have been prevented if the report’s warnings had been addressed, including:

• Administrative mistakes or system failures that led to the exposure or destruction of data
• Weak passwords or software exploits that attackers were able to exploit
• Stopping the collection of data as it moves through a network, which is often most attractive to serious attackers

Today, smartphones, computers and the internet have become integral to modern life, and with vast amounts of information stored online, cybercrimes have evolved with the potential to cause catastrophic impacts.

The past 25 years have seen some incredibly high-profile data breaches and security failures, from NASA’s systems being shut down for 21 days by a 15-year-old hacker in 1999 to Sony’s Playstation Network attack in 2011 which leaked the personal information of 77 million users. More recently, the growth in ransomware attacks has impacted organisations ranging from the NHS to Nvidia - and even the Costa Rican government.

As technology advances, so do the techniques of hackers, who work to stay one step ahead of the software security industry. Predicting what new threats hackers will adopt is a constant challenge for IT security teams and governments.

Ransomware, where criminals extort an organisation to unlock their networks after encrypting them is one of the most significant threats of the moment. These ransom demands can be hugely costly - not only to reputation but also financially. Many ransomware demands are in millions of dollars - as in the case of Garmin’s rumoured $10 million payout in 2020 after falling victim to a ransomware strain known as WastedLocker which encrypted internal systems and stopped customers from accessing online services.

Phishing, which originated in the mid-90s and aims to trick users into providing sensitive information, may be less newsworthy but still presents a significant threat due to its simplicity and effectiveness.

The rise in hybrid and remote work has been hugely popular among employees - but has also provided attackers with additional opportunities to access networks. Whether through the poor setup of cloud applications, deemed by ZNET as the ‘biggest cyber security challenge for cloud computing' or the age-old issue of weak or compromised passwords which can grant access to entire servers.

Finally, applying security patches swiftly is vital for effective cyber security today. IT teams often struggle to keep up with software updates for the many systems they use, and security flaws can be quickly exploited by cybercriminals. Turning on automatic updates is relatively easy and vitally important - as Dr Ian Levy of the National Cyber Security Centre said in 2021;

"The sort of things we've seen over the last six to nine months like the big vulnerabilities and the big incidents, a lot of them come down to people not patching properly.”

As the pace of technological change shows no sign of slowing, and cyber threats continue to evolve in the game of cat-and-mouse between organisations, consumers and cybercriminals, ensuring cybersecurity basics are adhered to is the best defence.