Cyber Security: How has it changed over time?

Cybersecurity has been a concern for as long as there have been computers. The main focus of cybersecurity concerns has, however, shifted over time.

Here, Luke Watts, Managing Director at RoundWorks IT shares a quick guide to how cybersecurity has developed from the early days of IT to the present.

The earliest days of IT

In the very earliest days of IT computers were standalone devices with very limited storage. The lack of internal storage meant that most data had to be stored separately. Data security therefore essentially meant applying robust access controls to physical media.

Similarly, there was a need to protect the actual computers themselves. This was partly out of concern that they could be abused by malicious actors. It was also partly because they were expensive. Again, cybersecurity precautions mainly took the form of access controls.

The start of networking

In 1969, the DARPA project team created the Advanced Research Projects Agency Network (ARPANET). This was what would now be called a Wide Area Network (WAN). As such it created a blueprint for both modern private networks and, ultimately, the internet.

At the time, however, the ARPANET was mainly of interest to academics and government agencies. It made relatively little difference to cybersecurity. This continued to focus on protecting storage devices and local hardware.

The arrival of Microsoft Windows and the internet

The 1980s saw three inventions that would change computing forever. These were the launch of Microsoft Windows (1985), the invention of the first computer virus (Brain, 1986) and the invention of the hyperlink (1989). The 1980s was also the era when mobile phones and laptops started to go mainstream.

Luckily for the cybersecurity personnel of the time, however, wireless internet connectivity was a long way off. In fact, mainstream internet connectivity was a long way off. Networking was still very much focused on private networks. The endpoints of these private networks were desktops (and the occasional laptop). They were linked to the network by physical cables.

This meant that most cybersecurity was still focused on protecting storage media and physical hardware. Cybersecurity personnel were, however, well aware of the growing threat from what is now known as malware. At the time, the only known form of malware was viruses and they were mainly transmitted through email attachments.

People accidentally downloading malware from the internet was a very minor consideration. This was mainly because so few people had access to the internet. The 1980s, therefore, saw the development of what we would now call security software. At the time, that meant antivirus software and firewalls.

The rise of mobile devices

The 1990s saw the rise of mobile devices. Mobile phones were very much still dumb. They were, however, smaller, lighter and more affordable. They were hence becoming much more widespread. It was also becoming much more common to pair them with the decade’s must-have gadgets, the personal digital assistants (PDAs).

Back in the 1990s, pairing a phone and a PDA meant using the phone as a way for the PDA to connect to a network. This did, sometimes, mean the internet. It was, however, far more likely to mean an email server.

By the 1990s, email had very firmly established itself as the new way forward for business communications. As such, it was becoming an increasing point of attack for cybercriminals. This meant that the focus of cybersecurity was still very much on blocking malware (viruses) in emails.

There were, however, growing concerns about ensuring that data remained private when it was accessed outside of the workplace. At the time, IT staff were unable to wipe devices remotely. This meant they had to rely on users implementing local controls, usually PINs.

The internet becomes easier to access

The dawn of the 21st century saw two major developments in the IT landscape. Firstly, internet connectivity improved significantly. Secondly, mobiles and PDAs combined into smartphones. Both of these developments fuelled the development of the internet.

Up until that point, the internet was essentially a place of simple, text-heavy websites and forums. It had to be as the internet connections of the day couldn’t cope with anything more. As internet connections improved, businesses (and private individuals) moved to take advantage of its capabilities.

Ecommerce had been around since the 1990s. (Amazon was launched in 1994). The noughties, however, were when it took off. (Amazon reached profitability in 2001). The noughties also saw the launch of the social media giants (including Facebook in 2004). Its latter end saw the launch of early mobile apps.

The increased traffic on the internet also created huge opportunities for cybercriminals. Internet security, therefore, became the hottest topic in IT. Cybersecurity professionals had two top priorities.

The first was to stop business websites from being used as a backdoor to their internal systems. This saw the development of the modern web security industry. The second was to find ways to protect consumers so that they could use the internet safely and confidently. This was achieved through the increased use of security software.

The rise of smartphones and the mobile internet

The 2010s saw the rise of smartphones and the mobile internet. Both of these developments were enabled by the adoption of Android. Mobile device manufacturers (other than Apple) standardising on a single platform make life much easier for developers. This encouraged the development of mobile apps.

As the range of mobile apps increased so did the odds of people finding apps that made a real difference to their lives. This encouraged them to use apps more. As people became more comfortable with using mobile devices, they started to use them in place of PCs. This encouraged developers to build websites that were created with mobile usability in mind.

With so much growth in mobile usage, it was only to be expected that mobile devices would become targets for cybercriminals. Apple and Google both policed their own app stores (with varying degrees of rigour). Google also worked on its ability to identify dangerous websites and flag them up to users before they landed on them.

At the same time, device manufacturers started to include more security features and software on their devices by default. Likewise, the security software industry began to push products and services specifically intended to keep mobile devices safe. These performed many of the same functions as traditional security software.

The growth of the IoT and social engineering

Right now, the biggest concerns in cybersecurity are the growth of the internet of things and the increase in targeted social engineering. At present, the lack of standardisation in smart devices makes it more difficult to create effective security policies. Governments, regulators, and other stakeholders are now pushing the industry to address this.

The increased risk of targeted social engineering is being addressed through a combination of security software and user education.