The difference ten years can make can be profound. 1966 looked nothing like 1976, and in each decade since, almost everything has changed. The Internet and globalization has meant that cultural shifts are less stark these days, but in terms of cyber security, 2006 feels like a long time ago.
This was a one year before the iPhone was launched, where 3G was just rolling out, and there was no such thing as apps. Streaming music, photo sharing, social networks were all in their infancy. In 2006, cyber security threats were very different to those today, as what was accessible to attackers was pretty limited.
Now, every aspect of our lives is stored in the cloud – from our banking and health records to our more personal identities – and we are generating significantly more data than ever before.
Evolution of threats
The type of threat has evolved to keep pace with this explosion in valuable data. Back in the early 2000s, most threats and malware were a nuisance, designed to simply disrupt or frustrate users.
Then in 2008, the Zeus Trojan was unleashed, that grabbed banking details via key-logging and form grabbing. Years later, 100 people were arrested for having stolen over $70 million thanks to the software.
This was the start of a much more professional approach to cyber-crime. Viruses, Trojans and worms started to be created to steal money or sensitive corporate information. Variants of the Zeus Trojan still plague computers to this day, and played a part in one of the biggest consumer hacks to date, that of Target in 2013.
It is key to remember, that as soon as something connects to the Internet, it becomes vulnerable. As we add connectivity to new things, everyone involved should be aware of the risks. Take connected cars for example. In car Wi-Fi and streaming video entertainment systems are becoming big selling points, but as demonstrated last year, weak security can let intruders in.
Shifting consumer perception
With such high profile breaches regularly hitting the news over the news, it has been interesting to witness how consumer attitudes have changed. Since 2013, there have been almost four billion records lost, and people are no longer shocked. At this scale, everyone from companies, to employees and everyday consumers now accepts that it’s a case of ‘when, not if’ they’ll be hacked.
Yet all is not doom and gloom. We surveyed millennials’ opinions to data security recently, in our Connected Living 2025 report. Two thirds said they would feel vigilant in the face of threats, well ahead of complacent and paranoid. This suggests people now understand the importance of protecting their data.
Breach prevention is dead (and so is the perimeter)
If the past ten years have taught anything, it is that perimeter defenses will be breached. No matter how tall or big the wall is, the enemy will find a way around it or under it.
Despite the increasing number of data breaches, companies continue to rely on firewalls, threat monitoring and other breach prevention tools as the foundation of their security strategies. Yet most IT professionals readily admit that their corporate and customer data would not be safe if their perimeter security defenses were compromised.
This is not to say that perimeter security is not important. It just means that it should not be the only thing companies do to keep the bad guys out. Instead, IT professional should accept the fact that breaches are inevitable and work to secure the breach by placing security measures closer to the data and the users with encryption and multi-factor authentication.
Encryption and Multi-Factor Authentication Are King
Two additional developments have also made the dents in the capabilities of cyber criminals. Multi-factor authentication has shown its power in keeping records safe, and encryption is also becoming the norm so if data is lost or stolen, it’s useless.
Cyber security threats will continue to pose a significant problem. But as those born after the Internet hit the mainstream in 1995 approach adulthood, we’re well placed to face these threats head on. It’s a far cry from 2006, when 26.5 million U.S. military records were stolen, and the agency responsible waited three weeks to say anything to those affected.