We are in the year 2018 and Cybersecurity is not only important but a necessity for every business. In the olden days (the 80s and 90s) data security as it was called then was perceived more of a necessary ‘evil’ as it costed resources, money, time and effort with little tangible value-add for the business. Although it is impossible to believe it now, in the earlier days, the solution to any cybercrime was to temporarily suspend the internet services. But not anymore in today’s scenario. With the ever-changing cyber threat environment, it is a business imperative to put in place a strong cybersecurity program. While no one can assure fool-proof security, yet a matured cyber security program can reduce risks, minimize impacts from security incidents, recover business operations faster and revert to business-as-usual mode.
The birth of the first computer virus
The first computer virus was born because of an innocent mishap. If we look at the early 1970s, BBN Technologies engineer Bob Thomas, created a code which would result in an easy movement of the program between computer systems that were connected by ARPANET, the foundation version of the internet. The program code had no intention of causing any harm, but it displayed a funny message, “I’m the Creeper: catch me if you can!”. In a response, Bob Thomas’s friend Ray Tomlinson (inventor of e-mail) coded an advanced version of the program which would be able to duplicate itself on the connected computer systems. Now, this program called Reaper, would delete Bob Thomas’ original program and copy itself on it. The war between the Creeper and Reaper was a significant moment in the history of cybersecurity.
Role of a cybersecurity program
Cybersecurity is evolving at a rapid pace and certainly, there is no slowing down. From the time of the first virus attack in 1989, The Morris Worm which infected around 6000 computers then to today where cybersecurity has become a board-room level concern, we have come a long way. Today, cybersecurity is viewed as a business enabler. Progressive organizations integrate cybersecurity with their business and the matured ones make security a part of their culture.
Given the criticality of data and its supporting IT infrastructure, the executive helming the organizational cyber security program often titled the Chief Information Security Officer (CISO) is among the most notable members in the boardroom.
Changing Threatscape requires a new approach to Cybersecurity
“There are only two types of companies: those that have been hacked, and those that will be.”
– Robert Mueller, Former FBI Director
In today’s evolving cybercrime scenario, , sooner or later, cyber security incidents are bound to happen. With the proliferation of end-user technology devices/services using new-age technologies like IoT, Artificial Intelligence, Robotics, Machine Learning, Blockchain and others, the cyber security landscape is fast changing and evolving to meet the new challenges posed by cyber criminals. The intent and lethality may vary in degrees but there is no denying the fact that new-age cyber threats require unconventional new-age cyber security approach, defenses and response. The emergence of the dark web as a haven for organized cybercrime syndicates has only made it worse. The involvement of various malicious groups with the active support of nation-states has only compounded the problem. Today, no one can prevent a cyber security incident but can build cyber security capabilities to stay resilient by responding intelligently and recovering fast from such attacks.
The way computer security has evolved over the years – from data security of organizations to the development of smart cities is enough proof that the domain needs new age solutions to emerging threats. In response to the prevailing threat scenario, the Government of India is considering setting up of unified tri-services organizations to handle threats of the cyberspace.
Beyond the Digital Age
Enormous antivirus empires were established in the 1990s which remained on the top of the industry for the next two decades, however, the recent transformation in the kind of cyber attacks has demanded more innovative and strategic solutions to deal with the cyber war. Whether it is the data breach of personal information of Target customers or the WannaCry Ransomware which badly impacted the National Health Service are some of the sophisticated cyber attacks that have posed newer challenges and created much chaos.
A strong cyber security program helps the business entity meet regulatory requirements depending on the industry sector, data sensitivity, and location of the business operations. Most importantly, a working cyber security program provides assurance to customers – existing and prospective enabling them to repose trust and confidence on the company’s ability to handle sensitive data, respond to cyberattacks and deliver almost uninterruptible services as per their requirements. The right mix of people, process and technology for a well-designed cyber security program is a bulwark against cyber threats which is a clear and present danger with its ever-evolving tactics, techniques and procedures.