Cyber-Security Awareness Month turns 20

Arvind Nithrakashyap at Rubrik describes three things that have changed about Cyber-Security Awareness Month over the last 20 years, and three things that haven’t

 

The need for robust cyber-security has become more and more important over the past twenty years, completely changing the way that businesses function.  

 

You may be familiar with Melissa, The ILOVEYOU worm and Code Red as at the turn of the 21st century, they were major news. They formed part of a series of destructive cyber-attacks that surprised the US, a nation that was largely unaware of growing internet security threats.

 

The attacks, which caused billions of dollars in damage, coincided with a heightened focus on cyber-security after 9/11. Together, they awakened global businesses and governments to the need to build up their digital defences.

 

Cyber-attacks have changed techniques, tactics and motivations over the years, however ransomware and phishing methods have become not only disturbing but pervasive, with the risk they bring in an increasingly connected world only growing. In the modern world, cyber-attacks can be politically charged, and can play a huge role in war zones, as we’ve seen with the Ukrainian conflict over the past couple of years. 

 

But that wasn’t the case 20 years ago, which is why in 2004, US President George W. Bush designated October as Cyber-Security Awareness Month.

 

On the occasion of the 20th Cyber-Security Awareness Month in 2023, it’s interesting to reflect on all that has changed in cyber-security over the last two decades, as well as the surprising number of things that haven’t really.

 

Everything is change

Let’s start with three dramatic differences.

 

The mobile revolution. Today, there are more than 4.6 billion smartphones worldwide, according to Statista. Add the more than 14.4 billion Internet of Things devices – connected cars, smart appliances, smart city technologies, intelligent healthcare monitors, etc. – and you have a threat landscape that few could have imagined 20 years ago.  

 

Digital payments. In addition to changing how people interact with money, digital payments have opened up new opportunities for phishing scams, card information theft, and payment fraud.

 

The introduction and rise of cryptocurrency, which didn’t exist until the late 00s, is a haven for threat actors and accounts for the vast majority of payments to ransomware attackers. It is estimated that crypto payments to ransomware attackers totalled $449.1m in the first half of 2023, up $175.8m in the same period last year.

 

Artificial Intelligence (AI). Although still an emerging technology, AI is everywhere and is a double edged sword. A powerful new tool to execute attacks when in the wrong hands, it is also proving to be an effective weapon against threats. 

 

Everything stays the same

Although the world and cyber-security has changed, old habits die hard for many. Here’s a few things that have remained the same:

 

On-prem data. Despite the rise of cloud computing, many companies continue to house critical data in their own private databases and servers. This means protecting on-prem data remains, then as now, a key part of the security equation.

 

Public infrastructure. “By exploiting vulnerabilities in our cyber systems, an organised attack may endanger the security of our nation’s critical infrastructures,” said the White House’s “National Strategy to Secure Cyberspace” in 2003.

 

With an increasing amount of private and confidential information stored in the cloud, such as public healthcare records and payroll information, attacking sensitive data is more enticing for cyber-criminals, so it is paramount that organisations protect it.

 

Security infrastructure. The cyber-security industry used to focus on infrastructure security solutions involving the network, the applications, the end points, the cloud, the logs, etc. It still does. Despite those solutions remaining core to a solid security strategy, there is a growing awareness that data security frameworks like Zero Trust are needed for fully realised defences and protection.

 

Data is everything. You have to protect it these days across a more complex environment (enterprise, cloud and SaaS), but early identification and investigation of threats against data and rapid, complete recovery of workloads​ if a breach occurs remain paramount.

 

The need for cyber awareness

As my lists show, the cyber-security journey has seen many twists and turns over the last 20 years. The field is so dynamic that I think we still need a Cyber-Security Awareness Month. It’s a good time to take stock of where we’ve been, where we are, and where we still need to go.

 

---

 

Arvind Nithrakashyap is co-founder and CTO of zero trust data security company Rubrik

 

Main image courtesy of iStockPhoto.com