Defense Technologies Shaping Cybersecurity
Many people assume that cybercrime is a concept that’s only become a threat to businesses and individuals in the last decade. However, the seeds of cybercrime were sown back in the 1970s, before most people even had a computer.
As we move through the next decade, of one thing, we can be sure ‒ cybercrime will remain a chaotic force. For businesses, industry bodies, and security vendors, the task at hand is to ensure that cybersecurity risks and solutions receive the attention they deserve and that our defensive strategies and tools are fit-for-purpose.
In this blog post, we’ll look back at the history of cybercrime and consider how cyber-defensive technologies have evolved to combat each new breed of threat. We’ll also explore what’s required to ensure that the industry remains on the front foot as threat actors’ tactics and tools become more diverse and dangerous.
Cybercrime ‒ A Sombre Trip Down Memory Lane
Cybercrime and cybersecurity have long and complex histories, full of changing methods and technologies.
Creeper is widely accepted as the first known computer worm. It was an experimental computer program written by Bob Thomas at BBN Technologies back in 1971. Its original iteration was designed to move between mainframe computers; its second was able to copy itself between computers rather than simply move. While it didn’t result in data loss or damage, targeted users were met with an ominous teletype reading, “I’M THE CREEPER. CATCH ME IF YOU CAN!”
In the late 1980s, we saw the first Denial-of-Service (DDoS) Attack, the result of an experiment by a 20-something graduate student and cryptographer, Robert Morris. The code caused the worm to replicate exponentially, significantly slowing down the internet and causing damages running into millions of dollars.
1989 saw the first-ever ransomware attack in the form of the AIDS Trojan created by disgruntled evolutionary biologist Joseph Popp. He distributed the malware via floppy disks, which he sent to his postal mailing list of 20,000 doctors and AIDS researchers, intending to extort money from his targets.
To their credit, Governments and regulatory bodies were relatively quick to respond to these new forms of criminality. In 1990, the UK passed The Computer Misuse Act, which made any unauthorized attempts to access computer systems illegal.
In 1999, the release of Microsoft Windows 98 introduced a new level of accessibility to computer systems and the internet to businesses and everyday people. Recognizing the increased potential for cybercrime incidents that this introduced, security vendors released more sophisticated anti-hacking software for home and business users.
The new millennia ushered in a wave of new cybercrime incidents and challenges. Notable examples include The ILOVEYOU worm, which infected millions of computers around the globe within just a few hours of being released. In 2003, the international hacktivist group Anonymous raised its ugly head for the first time, carrying out various cyberattacks against governments and private sector organizations. Then there was the Wikileaks email scandal involving Russian intelligence agency hackers seeking to interfere with the 2016 US election. In the last five years, cybercrime has made the headlines for all the wrong reasons, more frequently and at an escalating cost.
From a technological standpoint, one common theme over the last 20 years is that threat actors are successfully targeting not just individual computers but also entire networks of systems and devices. In response, security vendors began developing new methods of protection, such as firewalls, intrusion, endpoint detection systems, and more. We’ll review some of the more recently adopted technologies and protocols in the next section before considering what our next generation of technology cyber-armour requires.
The Anatomy of Today’s Business Cybersecurity Defenses
Firewalls
Firewalls were one of the earliest security technologies available to organizations seeking to seal their digital perimeters and stop attempted cyberattacks in their tracks. In recent years, we’ve seen what’s known as next-generation firewalls entering the mainstream. These offer an extra layer of protection to initial firewall iterations in the form of web filtering, antivirus services, and intrusion prevention.
- Web filtering allows companies to automatically block potentially unsafe websites and assign categories to filter out the types of content allowed.
- Antivirus protection applications can be loaded onto network servers and end users’ devices. They’re designed to detect viruses and stop them before they have a chance to cause any damage.
- Intrusion prevention systems detect and prevent what might be attempts to exploit system vulnerabilities.
Modern firewall solutions are designed to protect businesses’ on-premises and cloud-based infrastructure and data.
DDoS Protection
DDoS attacks are cyberattacks originating from multiple locations aimed at a central target with the goal of compromising existing security protections such as firewalls and/or web or application servers. The objectives of DDoS attacks are usually to cause interruptions to an organization’s business continuity or make some form of political statement. Here’s how a DDoS tool can thwart successful DDoS attempts:
- The DDOS tool identifies unusual or suspicious traffic flows that may signal the buildup to a DDoS assault.
- This traffic is diverted away from its target via Domain Name System (DNS) or Border Gateway Protocol (BGP) routing.
- DDoS traffic is filtered out by identifying patterns that distinguish it from legitimate traffic and known visitors.
- System logs help IT teams gather information about the attack to identify the offender(s) and perform analysis to bolster future resilience.
Endpoint Protection
As the name suggests, endpoint protection solutions are designed to protect the endpoints (such as desktops, laptops, and mobile devices) connected to a network.
They do this by encrypting internet traffic to and from those endpoints, examining files as they enter the network, authenticating log-in attempts from each device, and blocking the use of applications that are unsafe or unauthorized.
Zero-trust Access Policies
A zero-trust principle adds an additional layer of security by disallowing any connection to a network or application without first receiving confirmation about who is connecting, what their role is, and that they have the need and authority to access that network or resource. Just like when you’re at the airport, the zero-trust security mindset is, “We trust no one” until:
- They’ve proven (and we’ve re-verified) that they are who they say they are
- We’ve established that they’re legally permitted to travel
- We’ve checked that they’re only carrying authorized luggage and items with them
Only once you’ve been thoroughly and repeatedly authenticated are you granted access to the aircraft.
Leading Edge Cyber-Defense Technologies are Emerging
Even when correctly implemented, the traditional security solutions we’ve covered still focus on detection, leaving the burden of managing incidents, hunting, and investigating on security operation teams. This often results in an overly reactive approach to cybersecurity that leaves networks and people vulnerable to threats. Meanwhile, ongoing technological advancements and releases aren’t always making life any easier.
Case in point: ChatGPT, released in November last year, was, from all accounts, initially introduced for positive use. Touted as the most intelligent, AI-driven chatbot to be released, in a short period, it’s already been linked to cyberthreats as criminals have hastened to seize on its advanced capabilities for nefarious means.
To prevent cyber threats from affecting entire networks, a new generation of defensive tools ‒ that focus on the intelligent correlation of data, include platforms that can stop attacks across all vectors, and make it simple for administrators and analysts to understand and use ‒ is the ultimate objective. Let’s look at some recent encouraging developments in this quest.
Extended Detection and Response (XDR)
XDR is a movement driven by the growth of a more advanced, multi-vector threat landscape and enterprise prevention solutions that are still often siloed and fall short in their ability to fend off advanced threats.
XDR introduces a more orchestrated and integrated approach to threat prevention by taking a holistic view of a company’s data – not just traditional security data but also data from other sources, such as network and application data. XDR provides a more comprehensive picture of threats and helps security teams better detect and respond to attacks.
Security Orchestration, Automation, and Response (SOAR)
SOAR offers a platform that allows organizations to automate and streamline their security operations, improving the efficiency and speed of responses to attacks. Businesses are already seeing impressive results in using the solution for:
- Integrating security information and incident response tools
- Building security response workflows
- Automating incident management and response tasks
AI-powered Cybersecurity Solutions
AI-powered cybersecurity solutions can work 24/7/365 behind the scenes, constantly adapting and learning, which makes them highly effective in detecting and halting attacks.
AI is also a scalable resource and can be powered up and down by businesses as required.
Conclusion – Collaboration is Vital in the Fight Against Cybercrime
We believe that, ultimately, even the best emerging cybersecurity tools will only go so far – we need more buy-in and collaboration among stakeholders across the cybersecurity value chain. From research and development organizations, suppliers of security products and services, and in-house IT professionals, to boards, regulatory bodies, and governments, we need to create a united front to fight the good fight. And from a business perspective, where necessary, we should be leaving any competitive inclinations at the door.
Cybercrime affects every one of us in some way in both our professional and personal capacities. Ultimately, the success of our battle against this scourge hinges on how effectively we cooperate and collaborate.