From the early 80’s to the first decade of the new millennium, security has evolved very fast, however it is in the last decade that the fastest and biggest shift has happened. We all remember the famous movie ‘Hackers’, with the exotic Angelina Jolie and that punk look of the golden times. These hackers were moved by their own intelligence and their need to know. Their need to master the technology and possibilities that the end of the last century provided to all of us.
Unfortunately or I should say fortunately technology started its expansion to all areas of our daily life, from personal to business and that is how security also evolved in parallel. Always in tandem with the new technologies, it is only in the last 10 to 15 years when security has become a real economy engine, not only creating new employment and new professions but also becoming an institutionalized tool used by governments, mafia, terrorist, hackers, and other groups around the globe.
Security has gone beyond curiosity and it is now a tool that creates and generates big money fortunes in the underground economy whether it is scamming, hacking or stealing intellectual property. It is widely used today in cyber conflicts, although we prefer to read about the last scandals in the sector such as the Ashley Maddison data breach or the unfortunate Sony hack in the last years. The reality is that today security is a powerful weapon that has gone beyond technology and is now a tool to spread a message, support terrorists, bring down market competitors as well as states, steal intellectual property for gain, or save a substantial amount of capital in the process to develop new products and technologies to the market.
Security has also been involved and it will continue to be involved in global conflicts such as the the Iranian uranium enrichment program, the ‘first’ usage of ‘cyber weapons’ in history by a foreign power to disrupt the program. I quoted first because probably Stuxnet was more of a commercial gain for those in the AV industry who discovered the malware. For those of you like me, who have been following this industry for long, you know that for the public opinion Stuxnet is the first used cyber weapon. However back in 2007 Estonia was left in the dark by 3 waves of cyber attacks. These are the news that little by little will be filling up the newspapers in the near future, at the moment ‘we know’ they are there, they are covered operations carried out by different groups however we are still entertaining ourselves with news which have less disastrous consequences and primarily motivated by financial gain. All these are just a matter of time, a smoke curtain until the next technology leap happens and a new group of threats become real such as the so called and feared attacks to critical infrastructures that the industry is currently getting ready to mitigate.
This is a very basic timeline of the context surrounding security in the last 2 decades, but how has this evolved from the perspective of technology? What are the implications in the way we have to approach the defense of our information assets?