With cybercrime costing the Australian economy billions of dollars each year, and data breaches on an unending rise; it’s no wonder cyber security has become one of IT’s most lucrative and prevalent sectors today.
The field is a constantly evolving area of technological practices and innovations; moving in time with the rising trend of cyber-attacks. From mere anti-virus programs to sophisticated detection-and-response systems, the industry has undergone numerous leaps in development.
Below, we dive into the origins of this thriving sector – and it’s growth from an exclusively IT-based issue to a worldwide business priority.
Early day viruses – the Creeper and the Morris Worm
The modern computer virus stemmed from relatively innocent origins; its concept first explored by BBN Technologies engineer Bob Thomas in the early 1970s. Thomas had coded a program with the ability to travel between computers, which would display the harmless text message: “I’m the creeper: catch me if you can!”
In response, Ray Tomlinson (Thomas’ friend, colleague, and later – the inventor of e-mail) created his own program; one that would move and copy itself among computer networks, deleting Thomas’ “creeper” and acquiring itself the name of “reaper”. The Creeper has since been considered the first computer “worm” in IT history, with the Reaper inspiring an early programming game known titled “Core War”.
While harmless, experimental codes, these two would only set the stage for sophisticated, yet damaging developments. In 1989, Robert Morris created his own computer worm, one designed gauge the size of the internet. His work was successful, with the Morris Worm propagated across networks, infiltrating devices and replicating itself at a rapid rate.
In turn, however, it effectively slowed both the early internet and each computer it infected, resulting in crashes and unmeasured damage. This was considered the first widespread instance of a denial-of-service (DoS) attack.
Though created with research-based intentions, Morris work has paved the way for more malicious creations – eventually leading to the rise of anti-virus as a commodity.
Rise of anti-virus companies
Though the first anti-virus solutions were dated back in the late 80’s (starting with German company G Data Software, and followed by the now-cyber security beast McAfee) – the 90’s skyrocketed this industry, spurred by the rapid trend of anti-virus “scanners”.
While viruses had relatively harmless beginnings, their potential threats were soon realised; and users began adopting preventative and counter-active methods to secure their data.
Anti-virus scanners were designed to perform such measures – examining computer systems and testing their codes against a database of malware-related “signatures”.
The approach was effective in its early days, when malware samples were at a mere tens of thousands in number. These figures soon reached an annual five million new samples by 2007, and grew to an estimated daily 500,000 by 2014.
New methods were thus a necessity for users and organisations alike. The following years birthed innovative software and strategies to curb the unrelenting wave of malware viruses – forming the now-lucrative field known as cyber security.
The birth of EPP and EDR
To battle oncoming threats of malware, ransomware, and other cyberattacks; endpoint protection platform (EPP) and endpoint detection and response (EDR) solutions came to the fore. These methods were designed to detect and respond to the latest cyber-threats, establishing precautionary safeguards.
EPP measures prevented attacks from reaching sensitive data, blocking both traditional and more advanced, complex threats. Statistics have reached over 100 million in new malware samples added each year; but the tougher your security forces, the more likely hackers are to move on to easier prey.
At the same time, EPP strategies also lighten the workload of your IT security team, relieving them the stress of constant malware removal or device remediation.
These methods, however, are not 100% foolproof. Some threats are still likely to bypass both your firewall and EPP – and here’s where EDR solutions come in.
EDR tactics secure your data once your safeguards are compromised; performing as “sensors” to identify any malicious behaviour among normal user activity. This is typically done through collecting and analysing behavioural data, investigating any patterns or anomalies. The resulting information is then submitted for further examining or remediation.
Skilled professionals are required to carry out successful EDR strategies, and may be required to guide employees in effectively responding to both common and complex cyber-threats.
Moving beyond IT
Today, Australia’s most-experienced cyber-crimes include malicious software, unauthorized bank access, and unauthorized e-mail access.
Cyber Security has now evolved into an enterprise-wide issue, rather than an exclusive concern for IT departments. The widely publicized, major hacker breach on Sony in 2014 made cybercrime a worldwide business priority, with companies realising that it not only affects performance – but their reputation and finances, to boot.
Australian Criminal Intelligence Commission (ACIC) statistics show that such crimes cost our economy up to an annual $1 billion in direct costs alone. This damage is expected to reach a global $6 trillion by 2021.
As such, business leaders must keep security a primary business function, rather than an isolated IT responsibility.
Companies are now encouraged to empower all workers across departments in basic cyber security skills. Employees are regarded as the “weakest point” in an organisation’s cyber defences; as plenty are likely unaware of proper security practices, these including good password hygiene, avoiding unsecure networks, and identifying phishing e-mails. Investing in additional training thus strengthens a businesses security forces, with each doing their bit in keeping data protected.
Businesses are also encouraged to retrain and upskill their existing IT staff, rather than outsourcing security expertise to those who lack a thorough understanding of their infrastructure, systems, and organisational priorities.
The future of cyber security
Cyber Security is a widespread concern for both IT experts and users alike; set to only grow in prevalence for the years ahead. In fact, Australia’s cyber security sector is expected to triple in size by 2026, with a revenue of $6 billion.
With cyber-attacks constantly evolving in their methods, the security industry should expect new challenges headed their way – likely greater in risk and complexity. Fortunately, cyber security has also gained priority in global innovation; continuously developed to improve “speed of service”, secure data access in the Internet of Things (IoT), and protection among software-defined networks (SDNs).
We can also expect artificial intelligence (AI) to play a key role in future strategies, with automation increasing the speed at which cyber attacks are detected, monitored, managed, and prevented. As explained by Attila Tomaschek, cyber security researcher at ProPrivacy, “Legacy systems simply do not have the capabilities to keep up with the evolving security threats, and relying solely on human oversight would prove woefully inadequate.”
Businesses are recommended to embrace new technologies as they come, and take a proactive – rather than reactive – approach to cyber security. A continuous effort to improve their current tools and processes is critical to keep both current and new threat tactics at bay.
Keep your data safe with proper training
As mentioned, cyber security skills have expanded beyond the IT unit, becoming an enterprise-wide necessity. To ensure the safety of your company data (and that of your workers), the Australian Institute of ICT (AIICT) offers a thorough, certified course in cyber security – training both you and your team in best security practices, common key threats, and establishing protective network systems.
The program provides 100% online learning, helping you and your employees upskill according to your personal schedules.
Ensure your data’s safety with modern-day tools and techniques, and enquire with AIICT today.