Since Aleron was established in 2010, the cybersecurity industry has continued its fast-paced evolution.
To celebrate our seventh anniversary, we’ve made a list of the seven biggest changes we have seen in
the industry in the past seven years.
1. Hacking has gone professional
The cybersecurity game has heated up significantly. Seven years ago threats mostly came from
script kiddies and other individualised attacks. Now, nation states are sponsoring hackers and groups of
sophisticated attackers are working in teams in an almost corporate-like structure to mount sustained,
targeted attacks. Cybercriminals are operating in a full-blown industry with marketplaces and well-
funded sponsors, where the tools to mount attacks can be purchased easily.
For example, phishing scams in the past used to be relatively easy to identify because of red flags like
spelling errors and amateurish content. Even so, people fell for them. These days, phishing attacks have
become much more difficult to identify as cyber attackers have become much more sophisticated.
2. People understand the seriousness of security threats
People and businesses have a better understanding of the ramifications of a successful security breach,
ranging from loss of personal data to inability to operate. The consequences for businesses can be
disastrous, as has been demonstrated by significant attacks on well-known organisations like Target,
Sony, and others. The media has also picked up on attacks, further increasing awareness.
Because of this increased awareness, many individuals and organisations have become more security-
savvy, making it difficult for unsophisticated attacks to succeed.
The development of increasingly sophisticated tools has also shone a light into this previously-dark area,
letting businesses see exactly what’s going on in terms of their security and the attempts to gain
unauthorised access to their network. Most businesses are translating this improved visibility into a
stronger security posture that addresses the organisation’s specific vulnerabilities.
3. Boards are getting involved
As cyberthreats have ramped up, security has become a hot topic at board meetings around the world.
While IT security used to be the domain of the IT team, now boards realise that the ramifications to the
company’s reputation and ability to operate are potentially severe, and that they hold a personal
responsibility to protect the organisation. Consequently, we’re seeing a lot more discussion around
cybersecurity at the board level, which then trickles down throughout the organisation.
4. Funding isn’t just coming from IT teams
In tandem with the expansion of security responsibility from the IT team to the management team,
funding for security initiatives is also coming from various departments within the organisation. For
example, when the marketing team launches an initiative, it automatically includes security
considerations. Customers expect that their information will be secure when they interact with an
organisation, and this is backed up by the Privacy Act in Australia. So line of business managers are more
aware of security requirements and more likely to use their own budgets to strengthen security
This has reduced the burden on the IT department to a certain extent, freeing it up to focus on
innovation and expansion rather than simply keeping the doors and windows locked.
5. Technology has come full circle from mainframe to distributed systems to cloud
In the 1970s and 1980s, corporate computing was usually done using a mainframe system. That changed
to a distributed computing approach and has now come full circle to a mainframe-style approach that
we refer to as cloud. That changes the way businesses need to approach security and some
organisations are only just starting to accept that their data can be secure even in the public cloud.
However, it’s important for businesses not to abdicate their responsibility for security just because they
partner with a cloud provider; it’s still incumbent on the business to keep its customers’ and its own
6. The fundamentals of security are getting lost
Some of the biggest attacks come through very basic vulnerabilities. Some companies still neglect to
update or patch their software and hackers use that gap to enter the network. Because there are new,
exciting tools on the market, and because there are some big threats out there, it can become very easy
to get distracted. But if every company managed the fundamentals of security effectively, the rate of
successful attacks and breaches would slow dramatically.
There are many reasons businesses are failing to focus on these fundamentals. It could be laziness, lack
of awareness, lack of funding, etc. So, it remains essential for the industry to remind businesses to
update and patch their software so they don’t make it quite so easy for attackers to gain entry.
7. The proliferation of threats and tools to protect against them makes it hard for organisations to
The technology and terminology around cybersecurity continues to evolve and develop. The industry is
so broad now that it’s very difficult for in-house IT teams to stay fully across all aspects of it. That’s when
businesses should consider working with a trusted partner that can help navigate the threats and
responses, keeping the company secure.
And one thing that hasn’t changed
People are still any organisation’s biggest risk. Whether it’s human error or deliberate attack, humans
are still the main cause of most attacks.
Security is everyone’s concern and is engrained in most departments’ deliverables. It’s not just up to the
IT department to manage security anymore but other lines of business must work closely with the IT
department to ensure their activities are properly secured.