We are in the year 2018 and Cybersecurity is not only important but a necessity for every business. In the olden days (the 80s and 90s) data security as it was called then was perceived more of a necessary ‘evil’ as it costed resources, money, time and effort with little tangible value-add for the business. Although it is impossible to believe it now, in the earlier days, the solution to any cybercrime was to temporarily suspend the internet services. But it is not the case anymore in today’s scenario. With the ever-changing cyber threat environment, it is a business imperative to put in place a strong cybersecurity program. While no one can assure foolproof security, yet a matured cybersecurity program can reduce risks, minimize impacts from security incidents, recover business operations faster, and revert to business-as-usual mode.

The birth of the first computer virus

The first computer virus was born because of an innocent mishap. If we look at the early 1970s, BBN Technologies engineer Bob Thomas, created a code which would result in an easy movement of the program between computer systems that were connected by ARPANET, the foundation version of the internet. The program code had no intention to cause any harm, but it displayed a funny message, “I’m the Creeper: Catch me if you can!” In response, Bob Thomas’ friend Ray Tomlinson (inventor of email) coded an advanced version of the program that can duplicate itself on the connected computer systems. Now, this program called Reaper, would delete Bob Thomas’ original program and copy itself on it. The war between the Creeper and Reaper was a significant moment in the history of cybersecurity.

Role of a cybersecurity program

Cybersecurity is evolving at a rapid pace and certainly, there is no slowing down. From the time of the first virus attack in 1989, The Morris Worm which infected around 6000 computers then to today from where cybersecurity has become a board-room level concern. We came a long way. Today, cybersecurity is viewed as a business enabler. Progressive organizations integrate cybersecurity with their business and the matured ones make security a part of their culture.

Given the criticality of data and its supporting IT infrastructure, the executive helming the organizational cybersecurity program often titled the Chief Information Security Officer (CISO) and among the most notable members in the boardroom.

Changing Threatscape requires a new approach to Cybersecurity

“There are only two types of companies: those that have been hacked, and those that will be.”

– Robert Mueller, Former FBI Director

In today’s evolving cybercrime scenario, sooner or later, cybersecurity incidents are bound to happen. With the proliferation of end-user technology devices/services using new-age technologies like IoT, Artificial Intelligence, Robotics, Machine Learning, Blockchain and others, the cybersecurity landscape is fast-changing and evolving to meet the new challenges posed by cybercriminals. The intent and lethality may vary in degrees but you cannot deny the fact that new-age cyber threats require unconventional new-age cybersecurity approach, defenses and response. The emergence of the dark web as a haven for organized cybercrime syndicates has only made it worse. The involvement of various malicious groups with the active support of nation-states has only compounded the problem. Today, no one can prevent a cyber security incident but can build cybersecurity capabilities to stay resilient by responding intelligently and recovering fast from such attacks.

The way computer security has evolved over the years – from data security of organizations to the development of smart cities is enough proof that the domain needs new-age solutions to emerging threats.  In response to the prevailing threat scenario, the Government of India is considering setting up of unified tri-services organizations to handle threats of the cyberspace.

Beyond the Digital Age

Enormous antivirus empires were established in the 1990s which remained on the top of the industry for the next two decades, however, the recent transformation in the kind of cyberattacks has demanded more innovative and strategic solutions to deal with the cyberwar. Whether it is the data breach of personal information of Target customers or the WannaCry Ransomware which badly impacted the National Health Service are some of the sophisticated cyberattacks that have posed newer challenges and created much chaos.

A strong cybersecurity program helps the business entity meet regulatory requirements depending on the industry sector, data sensitivity, and location of the business operations. Most importantly, a working cybersecurity program provides assurance to customers – existing and prospective by enabling them to repose trust and confidence on the company’s ability to handle sensitive data, respond to cyberattacks and deliver almost uninterruptible services as per their requirements. The right mix of people, process and technology for a well-designed cybersecurity program is a bulwark against cyber threats which is a clear and present danger with its ever-evolving tactics, techniques and procedures.