Cybersecurity is a journey. The last three decades show that hackers and security teams have continually competed with each other, adapting to a changing environment. Both have learned from each other, but cybersecurity has—perhaps inevitably—always had to catch up to the threat. In the coming years, the transformation will continue and become even more rapid. New vulnerabilities and new threats will emerge and decades-old tactics will have to change; because the magnitude of future threats owing to quantum computing: cybersecurity has never been more important.
The origin of cybersecurity goes back to the first cyberattacks, which technically began in the second half of the 1980s. Some of the most noteworthy examples of cyberattacks are the 1987–1988 Cascade virus, the 1988 Morris worm, and the 1999 Melissa virus. With the advent and spread of internet access, cyber threats began to diversify and multiply in the 2000s, but the attacks were still largely fragmented even if disruptive. Viruses, worms, and other malware spread through the web, but they were not fully implemented as part of organized cybercrime campaigns. The attacks targeted laptop and desktop devices, trying to intercept breaches in a defined and controlled access perimeter. On the other ‘side’, cybersecurity efforts focused on scanning and detecting known malware, through their signatures, and blocking spam, viruses, and simple web attacks. Static signature analysis was soon joined by heuristic analysis–that is targeting viruses by looking for suspicious characteristics in the code, designed to identify the growing number of hitherto unknown malware variants. But as ever, technological development is not often circumscribed to one area, and while cyber security focused on computers, waiting on the sidelines and about to make its global debut was Blackberry.
The first BlackBerry terminal with push services was released in 2002 and freed employees and data from the traditional confines of the workplace. A short time later, other devices, technologies, and applications followed and everything changed rather critically from a cybersecurity perspective; especially in the period between 2003 and 2009 when mobile devices, services, and software forced their way into the data landscape. Hackers quickly realized the huge potential to inflict damage that the Blackberry revolution set off. It did not take long for financial fraud, phishing, ransomware, spyware, botnets, and denial of service (DoS and DDoS) to make their unwelcome arrival on the scene—and they have not yet left.
Some of the attack tactics that first appeared around that time, such as SQL injections, are still used today. Still, hackers are not known for being idle. From 2009 to 2012 (coinciding with the wildfire-like spread of social media), web-based and social engineering attacks became the norm and we began to see hackers transition from engaging in minor criminal activities to orchestrating nation-state-backed attacks targeting governments while social and political groups, so-called hacktivists, also entered the cyber-arena. And by 2021, the phenomenon of the cloud and as-a-service data consumption models were firmly established technologies driving the need, at the enterprise and government level, for scalable, accessible, real-time cybersecurity with the ability to be upgraded in real-time.
The growing use of cloud and AAS tools also expanded the range of vulnerabilities that cybercriminals could potentially exploit. Microsoft responded promptly by implementing necessary countermeasures through its Azure cybersecurity platform. However, many within the industry still grapple with the ongoing challenge of updating their cloud security tools.
Simultaneously, cyberattacks have become more prolific and more destructive in tandem with the spread of Internet of Things (IoT) systems and hybrid cloud/on-premise IT environments. Simply put, as automation and information systems became more pervasive (if not outright invasive), cybercriminals had a much wider ‘attack area’ at their disposal. Hackers use fileless malware and legitimate or built-in IT tools to bypass security measures and detection. The year 2017 played a pivotal role in the landscape of cyber threats as well. It marked the emergence of EternalBlue, a potent exploit tool that targeted the SMB protocol. Additionally, two attacks with global ramifications, WannaCry and NotPetya, came to the forefront during this period.
And what about mainframes?
As if the internet and social media hadn’t transformed the world enough, for better or worse, the transformation of society continues, and the 2020 Pandemic only served to accelerate the path toward the cybernetic era. Voice and facial recognition are already available in one form or another to millions of people. Yet, despite these advancements, the ‘old’ mainframe continues to occupy a role, if not at center stage, not very far from it. Mainframe systems are still here and still evolving. They remain the best way to process huge quantities of data in total safety in an era where data grows disproportionately and where cybersecurity becomes ever more crucial. Indeed, the new IBM z15 can process 19 billion encrypted transactions per day, at a speed of approximately 220,000 per second. Comparable powers are difficult to find in the entire Information Technology landscape.
There are many built-in (if you will), security aspects of the mainframe which is one reason why information-intensive organizations such as financial and government institutions continue to invest. Most of the malware we find in the distributed world does not work on the mainframe. If such malware does get developed, installing it remains another hurdle in the way. Mainframes’ security potential has prompted re-evaluation by even the most enthusiastic adopters of cloud technologies, especially those with an interest in reducing cost or fearful of the much higher costs of a data breach. In an era of cybersecurity fears, the protection of data may well be the mainframe’s principal advantage.
Cybersecurity in 2023
The world has shifted from IoT to the IoE: the Internet of Everything and artificial intelligence. Cybersecurity integration simply struggles to keep up. It’s a constant cat-and-mouse race where hackers always find security gaps that they can target and then exploit. Indeed, AI and machine learning are used by attackers and defenders alike, just as bank robbers once used the very same type of cars as the police who chased them. Attackers use AI to craft even more convincing social engineering and malware attacks while defenders have to develop even smarter cybersecurity tools to detect and block threats. Security has adapted through the implementation of single-vendor end-to-end network cybersecurity platforms known as Secure Access Service Edge (or SASE), which bring advanced security to the edge and enforce access controls based on Zero Trust, threat intelligence, incident response, and 24/7 Security Operations Center. Barracuda experts say that the widespread adoption of AI will continue, which will have significant repercussions on companies, society, and geopolitical stability. AI will also enable Security Operations Centers to be more intuitive and responsive, improving the speed of detection, understanding, and mitigation of complex incidents.
Beyond AI there is quantum computing, which could have a major impact on cybersecurity, even compared to the ability to crack traditional cryptography. In December 2022, US President Joe Biden signed into law the Quantum Computing Security Preparations Act, which sets out a number of obligations for federal agencies to prepare for their transition to quantum cryptography. Still, it’s unclear to what extent quantum computing will achieve its purported capabilities. Current research has shown that the inherent instability of qubits has limited performance and, therefore, high-performance and reliable quantum computers capable of tackling and breaking cutting-edge encryption algorithms are still more of a probability than a certainty. Still, given the tandem development of virus and anti-virus, it has become ever more important to remain ahead of the curve. Quantum security must be developed before quantum viruses. Quantum computing may offer unprecedented cybersecurity, but it also has the potential for quantum-level threats. Cybersecurity must tackle quantum computers before these become a reality.