What is cybersecurity?
It’s safe to assume that back when computers were first invented, no one could foresee the ultimate creation and enormous growth of the cybersecurity industry that exists today. Cybersecurity is a term that just about everyone has heard and it’s now a part of our everyday lives.
Webster’s dictionary defines cybersecurity as “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.” While accurate, that definition seems a bit rudimentary. At a deeper level, cybersecurity is the combination of people, policies, processes, and technologies to protect networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and the availability of information.
But when you look at cybersecurity from a corporate view, that definition can be expanded even further. Cybersecurity can also be defined as the optimal level of security present at each organization as defined by business leaders with the goal of balancing the resources required with usability, manageability, and the amount of risk offset. In a corporate context, subsets of cybersecurity include IT security, IoT security, information security, and OT security.
The start of something big
For most of the 1970s and 1980s, when computers and the internet were still under development, computer security threats were easily identifiable. Most threats came from malicious insiders who wanted to gain access to documents they weren’t authorized to access.
Network breaches and malware existed at this time. But they were used for purposes other than financial gain.
For example, Marcus Hoss, a German computer hacker, hacked into an internet gateway. Hoss used the gateway located in Berkeley to connect to the Arpanet. He then proceeded to access 400 military computers, including the Pentagon’s mainframes. An astronomer, Clifford Stoll, however, used honeypot systems to detect the intrusion and stop the attack.
In the 1970s, Robert Thomas, a researcher at BBN technologies, realized the possibilities of creating a program capable of moving in a network and leaving behind a trail. This discovery led to the invention of the first computer worm. The worm was called Creeper, and it was designed to travel in between Tenex terminals. It printed the message “I’M THE CREEPER: CATCH ME IF YOU CAN.”
Subsequently, Ray Tomlinson (who is credited with creating the first email program) tinkered with the Creeper worm and made it self-replicating. Then he wrote another program—Reaper, the first antivirus software—which chased Creeper and deleted it.
The creation of these viruses and worms had severe repercussions. They almost led to a complete wipeout of the early internet. Virus attacks subsequently spurred an immense growth of the antivirus industry.
Viruses and antivirus programs
Viruses were more aggressive programs that came into light in the 1990s. Viruses, such as I LOVE YOU and Melissa, infected tens of millions of computers, causing a worldwide failure of email systems. Most of the virus attacks were primarily concerned with financial gains or strategic objectives. However, inadequate security solutions at the time caused a huge number of unintended victims to be affected.
The development of these viruses, cyberthreats, and the associated attacks gave birth to antivirus software solutions. The programs were designed to detect the presence of viruses and prevent them from accomplishing their intended tasks.
Initial antivirus products scanned computer systems for the presence of viruses or worms. At the time, the available antivirus solutions scanned business IT systems and tested them with signatures written in a database. Although the signatures were initially file computed hashes, they later incorporated strings similar to those present in malware.
The rise of SSL
In light of the increasing virus and worm attacks, security professionals needed to develop a way to protect users when browsing the internet. The secure sockets layer (SSL) protocol, developed by Netscape, was adopted in 1995 to enable users to access and traverse the web securely. SSL became a core component for developing languages, such as Hypertext Transfer Protocol Secure (HTTPS).
The secure perimeter
As computers and computer networks began to dominate the business landscape, those devices were under the control of a company’s IT team. Employees used corporate-owned desktops (and eventually laptops, tablets, and other devices) and all data was secured in the corporate data center. With all employees working at headquarters, IT could easily maintain control of who was accessing data and which applications and data was being accessed. Just about all organizations functioned in a typical castle-and-moat configuration—everything is kept inside the castle (data center) with a moat around the outside (security perimeter) to keep unauthorized individuals out. Security at these early data centers generally consisted of access control lists (ACLs), firewalls, and intrusion detection systems (IDS).
Going outside the perimeter
As business grew and expanded, the lone corporate headquarters office was no longer the only place to work. Organizations opened branch offices all over the globe. This led to a rise in the popularity of the hub-and-spoke enterprise network model. This model is predominantly based on a centralized hub (typically the corporate HQ) with many decentralized access nodes (typically branch offices). The hub-and-spoke model worked to connect distributed users to proprietary applications hosted in corporate data centers using an MPLS backbone. And the number of security appliances in the data center grew. The typical data center stack included:
- Web/URL filter
- DLP inspection
- SSL interception
- Sandbox analysis
Yet, despite massive appliance investments, breaches continue. That is, in large part, due to the enormous time and effort it takes to continually upgrade hardware-based security systems each time a new cyberthreat arises. And as cybercriminals have transformed from lone hackers to sophisticated criminal organizations, these bad actors can change tactics and methods more quickly than security teams can update their systems.
The rise of the cloud
Traditional network security made sense when all applications were hosted in the data center and users were all on the network. But with apps moving to the cloud, and users increasingly mobile, the stacks of appliances sitting in the data center have become increasingly irrelevant. It no longer makes sense to force all traffic through the centralized data center for security and access controls, as this often results in bandwidth issues and inconsistent access to applications. And it still isn’t keeping users or the network safe.
In response to cloud adoption, many organizations initially tried to “virtualize” their security appliances. However, these virtual machines suffered from the same limitations as their counterparts in the data center—an inability to follow users, bandwidth and performance issues, and an inability to scale to user demand.
Cloud-based security quickly became the clear and best solution. In short, cloud-based security moves security out of the data center and into the cloud. With cloud-based security:
- Employees get the same protection whether they’re in the HQ, branch offices, on the road, or at home.
- Integrated security controls and cloud services correlate information to give organizations a complete picture of everything happening on the entire network.
- Traffic is no longer backhauled to the corporate data center, eliminating much of the performance lag when accessing cloud-based applications and data.
- All of the previous individual security appliances are integrated into a single platform.
- Threat intelligence can be updated much more quickly than with appliances. Any time a threat is detected in a cloud platform, that information is shared with the entire network instantaneously and protection is deployed everywhere.
- Costs can be controlled as there are no more appliances to buy, maintain, or upgrade.
Just as computers and networks have changed over the years, so has cybersecurity. It has grown from simply preventing users from accessing unauthorized files to sophisticated cloud-based platforms that can protect seemingly endless amounts of data and unlimited users anywhere in the world.