Cybersecurity evolution continues: seven changes in seven years

Since Aleron was established in 2010, the cybersecurity industry has continued its fast-paced evolution.

To celebrate our seventh anniversary, we’ve made a list of the seven biggest changes we have seen in

the industry in the past seven years.

 

1. Hacking has gone professional

The cybersecurity game has heated up significantly. Seven years ago threats mostly came from

script kiddies and other individualised attacks. Now, nation states are sponsoring hackers and groups of

sophisticated attackers are working in teams in an almost corporate-like structure to mount sustained,

targeted attacks. Cybercriminals are operating in a full-blown industry with marketplaces and well-

funded sponsors, where the tools to mount attacks can be purchased easily.

 

For example, phishing scams in the past used to be relatively easy to identify because of red flags like

spelling errors and amateurish content. Even so, people fell for them. These days, phishing attacks have

become much more difficult to identify as cyber attackers have become much more sophisticated.

 

2. People understand the seriousness of security threats

People and businesses have a better understanding of the ramifications of a successful security breach,

ranging from loss of personal data to inability to operate. The consequences for businesses can be

disastrous, as has been demonstrated by significant attacks on well-known organisations like Target,

Sony, and others. The media has also picked up on attacks, further increasing awareness.

Because of this increased awareness, many individuals and organisations have become more security-

savvy, making it difficult for unsophisticated attacks to succeed.

 

The development of increasingly sophisticated tools has also shone a light into this previously-dark area,

letting businesses see exactly what’s going on in terms of their security and the attempts to gain

unauthorised access to their network. Most businesses are translating this improved visibility into a

stronger security posture that addresses the organisation’s specific vulnerabilities.

 

3. Boards are getting involved

As cyberthreats have ramped up, security has become a hot topic at board meetings around the world.

While IT security used to be the domain of the IT team, now boards realise that the ramifications to the

company’s reputation and ability to operate are potentially severe, and that they hold a personal

responsibility to protect the organisation. Consequently, we’re seeing a lot more discussion around

cybersecurity at the board level, which then trickles down throughout the organisation.

 

4. Funding isn’t just coming from IT teams

In tandem with the expansion of security responsibility from the IT team to the management team,

funding for security initiatives is also coming from various departments within the organisation. For

example, when the marketing team launches an initiative, it automatically includes security

considerations. Customers expect that their information will be secure when they interact with an

organisation, and this is backed up by the Privacy Act in Australia. So line of business managers are more

aware of security requirements and more likely to use their own budgets to strengthen security

measures.

 

This has reduced the burden on the IT department to a certain extent, freeing it up to focus on

innovation and expansion rather than simply keeping the doors and windows locked.

 

5. Technology has come full circle from mainframe to distributed systems to cloud

In the 1970s and 1980s, corporate computing was usually done using a mainframe system. That changed

to a distributed computing approach and has now come full circle to a mainframe-style approach that

we refer to as cloud. That changes the way businesses need to approach security and some

organisations are only just starting to accept that their data can be secure even in the public cloud.

However, it’s important for businesses not to abdicate their responsibility for security just because they

partner with a cloud provider; it’s still incumbent on the business to keep its customers’ and its own

data safe.

 

6. The fundamentals of security are getting lost

Some of the biggest attacks come through very basic vulnerabilities. Some companies still neglect to

update or patch their software and hackers use that gap to enter the network. Because there are new,

exciting tools on the market, and because there are some big threats out there, it can become very easy

to get distracted. But if every company managed the fundamentals of security effectively, the rate of

successful attacks and breaches would slow dramatically.

 

There are many reasons businesses are failing to focus on these fundamentals. It could be laziness, lack

of awareness, lack of funding, etc. So, it remains essential for the industry to remind businesses to

update and patch their software so they don’t make it quite so easy for attackers to gain entry.

 

7. The proliferation of threats and tools to protect against them makes it hard for organisations to

keep up

The technology and terminology around cybersecurity continues to evolve and develop. The industry is

so broad now that it’s very difficult for in-house IT teams to stay fully across all aspects of it. That’s when

businesses should consider working with a trusted partner that can help navigate the threats and

responses, keeping the company secure.

 

And one thing that hasn’t changed

 

People are still any organisation’s biggest risk. Whether it’s human error or deliberate attack, humans

are still the main cause of most attacks.

 

Security is everyone’s concern and is engrained in most departments’ deliverables. It’s not just up to the

IT department to manage security anymore but other lines of business must work closely with the IT

department to ensure their activities are properly secured.