When Turing was decoding the Enigma machine in World War II, his only cybersecurity concern was that the Germans would break in and cart the 7x6’ machine away on a truck. With every new technology comes businesses that innovate, followed closely by those who seek to exploit it. The term “computer virus” was not uttered until 1983 and “cybersecurity” wasn’t in the vernacular until 1987. Of course, at that time, it was hard to imagine that a front doorbell would become a hackable computer.
Since then, we have been engaged in a relentless digital arms race against hackers, extortionists, blackhats, and various other bad actors. Cyber threats have evolved significantly since the inception of the internet. But so have cyber defense mechanisms. So, who’s winning? What is the most effective cybersecurity paradigm to protect your data, your customers’ data, as well as your systems, networks, endpoints, and applications? Let's explore key milestones in cybersecurity history, the evolution of digital threats, and what it all means for our lives and businesses today, to find the answer.
Cyber incident history
Like a decades-long digital tennis match, malicious actors and cybersecurity innovators bandy the advantage. The 7-Layer OSI Reference Model was created in the late 1970s, at a time when only two computing layers truly existed! This was mostly an abstract academic framework that envisioned the future of network communication. Criminals targeted the physical (Layer 1) and data link (Layer 2) layers of business networks, where data flowed through physical connections like cables and Ethernet. Then, they developed malware that mutates to evade detection.
When computers became ubiquitous in the office workplace in the 1980s, Trojan Horses, worms, and viruses were unleashed on the business world, primarily targeting massive mainframes. In 1987, the Christma Exec virus became one of the first denial-of-service worms to spread by email among IBM mainframes. This social engineering attack exemplifies a tactic that remains a favorite of cybercriminals to this day. That same year saw the emergence of the first significant commercial antivirus programs, including Anti4us, Flushot Plus, and the renowned McAfee VirusScan. Remarkably, this was all before widespread internet connectivity, when the only way into a personal computer was through floppy disks.
The next chapter in network security history was antivirus scanners and firewalls to protect the increasingly vulnerable network layer (Layer 3). The most notable hacking incidents (it was actually an experiment), such as the Morris Worm in 1988, highlight early cybersecurity challenges. Originating at MIT, the Morris Worm rapidly spread across the early internet (60,000 computers mostly connected at universities). It invaded Unix terminals and replicated itself. By the time the 1990s rolled around, the attack surface remained relatively manageable, allowing for more effective defense.
Internet security evolution
When the World Wide Web went mainstream in 1995, the ISP Netscape introduced the Secure Socket Layer (SSL) to secure internet transactions, web browsing, and online data. SSL encrypts the link between a web server and a browser at the transport (Layer 4) and application (Layer 7) layers. Eventually, SSL evolved into the more familiar HTTPS.
Advances in cryptography – aka encryption – have played a crucial role in protecting sensitive information over the decades. IBM created the Data Encryption Standard (DES) to secure financial transactions, but it was designed for an earlier stage of computing power. The Advanced Encryption Standard (AES), developed in 2001, is a symmetric cryptography algorithm that provided more effective data security, particularly as wireless internet became widespread. AES is six times faster than triple-DES and remains widely used today.
More to attack, more to defend
Trojans and worms never went out of style, and new vectors emerged, like distributed denial-of-service (DDoS) that attacks the application layer (Layer 7). These attacks involve multiple machines flooding a targeted host or network until it crashes. The attack surface widened exponentially in the 2000s, providing cybercriminals with more vectors to exploit. Web 2.0 gave us social networks like Facebook, but in 2007 it also brought the Zeus Trojan, which used drive-by downloads and spam emails to steal login credentials for bank accounts, email, and other online accounts.
The digital transformation accelerated in the 2010s and has surged year-over-year since, revamping most industries with mobile technologies, new software, applications, platforms, and the emergence of cloud computing and big data. Every advance made our systems more sophisticated, and the cybercriminals scaled their efforts to exploit these new complexities with more advanced malware, ransomware, spoofing, hijacking, and other malicious activities.
Intrusion detection history
Cybersecurity technologists leveraged the same modern technologies that were widening the attack surface. They began using data analysis and AI/ML algorithms to enhance antivirus software, enabling it to detect malware by taking a holistic view of user behaviors, network traffic, and application activity. Modern cyber defense mechanisms now include multi-factor authentication, zero-trust approaches, and artificial intelligence-based threat detection.
The digital arms race continues today, with advancements in blockchain, IoT, traditional and generative AI, and quantum computing expanding capabilities on both sides. For example, while the mainstreaming of cloud, hybrid-cloud, and multi-cloud computing has helped businesses automate with fully digital vendor services, it also means that a cyber breach or ransomware attack on a vendor can cause widespread damage to the client - or all clients, creating a value chain reaction.
Mistakes and human error still account for most incursions. These include socially engineered phishing schemes, poor password hygiene, configuration errors, errant security updates (such as the recent CrowdStrike debacle), and identity verification errors like the 2015 Experian data breach that compromised 15 million records.
XDR is the most advanced cybersecurity technology
Today, speed, simplicity, and threat intelligence are essential as the volume of data and network traffic continues to grow. Machine learning and AI automation is indispensable for identifying, assessing, and investigating threats. Moreover, an effective cybersecurity platform will integrate all of a company’s systems, network infrastructure, and cloud solutions together into a single view, providing a comprehensive understanding of the entire IT landscape and its vulnerabilities.
This is why Extended Detection and Response (XDR) software is the cutting edge of cybersecurity. XDR represents the evolution of technologies like Network Detection and Response (NDR), Endpoint Detection & Response (EDR), and Security Orchestration, Automation and Response (SOAR). Our Samurai XDR solves the data problem: there is too much disjointed and unorganized data, making it hard to analyze, and more importantly, not all of it aids in detection. XDR consolidates relevant data into a single location and analyzes it to surface the critical alerts.
For more information on Samurai XDR, visit here.
About the Author:
Greg Garten is the Chief Technology Officer of NTT Security Holdings and Samurai XDR, with 25 years of experience ranging from telco/carrier to advanced technology startup environments, focusing on the creation and delivery of global managed services. Greg has been with NTT for over 10 years, focusing on the engineering and product development of their cybersecurity platforms, products, and services. Greg has also held various engineering and executive roles at companies such as Intuit, Cisco, Silver Lake Sumeru, Exodus Communication, Cybera, and several overseas technology startups and multinational technology companies. He is an active Member IEEE, ISC2, and ISSA.
Key takeaways:
1. Cybersecurity is a continuous arms race. The evolution of technology has created new vulnerabilities, leading to a constant battle between attackers and defenders.
2. Human error remains a significant factor in cyberattacks. Despite advancements in technology, mistakes such as poor password hygiene and social engineering attacks continue to be exploited by cybercriminals.
3. XDR is a promising solution to complex cyber threats. By combining data analysis, AI, and automation, XDR offers a comprehensive approach to detecting and responding to cyberattacks.
Featured articles
How to Build a Resilient Cybersecurity Strategy for MSPs
26 September 2024 | Webinars
In today's rapidly evolving threat landscape, MSPs are on the front lines of cybersecurity. As threats become more sophisticated, MSPs...
MSP Blueprint: Proactive Threat Hunting with XDR for Enhanced Cybersecurity
12 September 2024 | Cybersecurity 101
This article explores how Managed Service Providers (MSPs) can leverage Extended Detection and Response (XDR) to enhance proactive cyber threat...
The Importance of XDR for Regulatory Compliance
5 September 2024 | XDR
The SEC's 2024 cybersecurity disclosure rules mandate public companies to disclose incidents and detail their risk management strategies. Even non-public...