A Brief, Grimy Chronicle of Cybersecurity Evolution
In the early days of computing, cybersecurity threats were relatively scarce and often originated from malicious insiders. However, as technology advanced, so did the sophistication and frequency of cyberattacks.
The 1970s marked the birth of cybersecurity as a field, with the first computer worm, the Morris worm, created by Robert T. Morris, a graduate student from Cornwell University, in 1988. This worm caused networks to clog and systems to crash, leading to a slowdown of the internet. Despite its disruptive nature, the Morris worm was used for academic research purposes and not for financial gain, a common motive for cyberattacks in later years.
The rise of viruses in the 1990s necessitated the creation of antivirus software solutions. The antivirus industry saw a significant growth in the early 1990s with the retailing of antivirus products. Viruses such as I LOVE YOU and Melissa infected millions of computers, causing widespread email system failures.
The Federal Information Security Management Act (FISMA) was legislated in 2003 to provide organisations with guidance for securing information systems. FISMA defines a complex framework to be applied in securing government IT assets, data, and operations from natural or man-made disasters.
In the 2000s, cyberattacks started becoming more targeted, with one notable attack being the first reported case of serial data breaches targeting credit cards. Anonymous, the first hacker group to come into the limelight in 2003, was known for launching distributed denial of service attacks.
The secure sockets layer (SSL) was developed in 1995 to protect users while browsing the internet. This technology has since evolved into its successor, Transport Layer Security (TLS), providing a secure connection between two systems communicating over the internet.
The EternalBlue vulnerability, a lateral movement attack technique, exploits SMB protocols used for sharing files across a network and is highly attractive to cyber adversaries. The EternalBlue vulnerability was leaked by The Shadow Brokers on April 14, 2017, and was used as an exploit in the infamous WannaCry ransomware attack on May 12, 2017, which targeted health institutions mostly in Europe. The WannaCry attack caused health services to halt for almost a week. The EternalBlue vulnerability was also used in the NotPetya attacks on June 27, 2017, which targeted banks, ministries, electricity, and newspaper firms across Ukraine and spread to other countries, including France, the US, Russia, Poland, Italy, Australia, and the United Kingdom.
In response to increasing cyber threats, regulations such as the General Data Protection Regulation (GDPR), enacted in 2018, have been implemented. The GDPR mandates the use of encryption for both data in transit and data at rest, and requires explicit consent from data owners before using their confidential information. Organisations stand to be fined at least 4% of their annual profits for failing to properly secure personal data or using customer data without permission, or in case of a breach due to inadequate security measures.
As we move forward, it is expected that artificial intelligence, blockchain, and machine learning will be used by cybercriminals to execute stealth attacks in the future. It is crucial for organisations and individuals to stay vigilant and adapt to these evolving threats to protect their digital assets.
Read also:
- Artificial Intelligence with independent agency could potentially intervene in cybercrises.
- UNESCO Recognizes Traditional Board Game from Togaykumalak as Intangible Cultural Heritage
- Germany's digital autonomy remains elusive for now
- Lenovo's Lena AI chatbot potentially transformed into a covert hacker through a single questionable inquiry
