In the late ’90s, I started my tech career as the world was preparing for Y2K. I was one of the only women in my chosen field of security, and even today the proportion of women is still small, only 24%. But we are a strong and mighty bunch, bringing unique viewpoints and experience in approaching cybersecurity solutions. Take Joanna Rutkowska, for instance. She is one of the most famous researchers in the industry, pioneering new attack techniques and demonstrating them at various security conferences.
Security team rosters are not the only thing that has changed in the last 20 years. The evolution of cybersecurity involves changes to network security approaches, the types of attacks and even the cybercriminals themselves. Just as security leaders have made a cultural shift, cybercriminals have also made a technology shift.
The history of cybersecurity
In the beginning, cybersecurity started with a three-zone defense divided by a firewall. The outer perimeter was clearly defined, and the role of security was simple: protect the data inside. This was done by trusting everything within the perimeter and distrusting everything outside, placing a DMZ between the network and the internet as an additional security zone. This was a time of “full trust.”
Full-trust security foiled the cybercriminals of the day. At first, the cybercriminals were a mix of experts who wanted to overcome an obstacle, raise awareness on the use of security and protection, or they were simply “script kiddies.” These were people who broke into computers using programs written by others.
Technology is constantly evolving, and companies have found ways to adopt this into their everyday business like never before. Now, common household goods, like washing machines and dryers, have apps and contain data. This caused the nature of applications to change from monolithic to containerized and they can reside anywhere — on premise, in the cloud or in a hybrid environment. As data has expanded, so have the attack surfaces they are stored on.
Not only has the amount of data being stored grown and the attack surfaces expanded, but how the data can be accessed has also changed. Users can access their data and applications from HQ, branch offices and at home or on the go. The past year has only expedited this evolution.
The evolution of cybersecurity
Who wants one scoop of gelato when you could have three? As the amount of data being stored within a network grows, it becomes an even more tempting target to criminals. The profile of a cybercriminal shifted away from a select few looking for a challenge and toward someone looking for a payout. Today’s cybercriminals attack networks for a variety of reasons, such as espionage, organized crime, terrorism or for profit. Money has been a substantial motivator in encouraging cybercriminals to become more sophisticated, evasive and creative than ever before.
Companies must be ready to rise against the ever-present threat of a hack. Hackers often exploit vulnerabilities inside the code of applications. Security professionals have started to move from the full-trust architecture of the early 2000s to a zero-trust architecture. Security teams must trust nothing, verify everything and find new ways to defend data.
Security experts have devised new tools to support a zero-trust architecture. Intrusion detection or prevention systems are widespread in the network. Together with security information and event management systems and sandboxes, these tools prioritize detecting the unknown.
It is also important to shift away from dumping all the security work on one person or one team. Companies now rely not only on network operations centers (NOCs) for identifying, investigating and resolving system issues, but also on security operations centers (SOCs) for real-time security analysis of endpoints, networks and infrastructure to identify and resolve any security-related issues.
Can current systems meet today and tomorrow’s cybersecurity challenges?
These, days, it is not a question of if you will be attacked, but when a cyberattack will happen and how long will it take to detect, react and solve.
The knee-jerk reaction of some companies is to increase their suite of security products to deter attacks. But this is not the answer. As you increase the number of security products, you also increase the complexity of security operations. People and processes play a fundamental role and without the correct plan in place, these new security products can cause friction between the infrastructure and security teams, thus leaving you more vulnerable to nefarious characters.
What’s actually needed is a shift in the security paradigm away from a zone defense into something built into the infrastructure, as close as possible to the applications and the data they contain. The transition to a zero-trust architecture must be a quick one. The time is now to protect every application and its data — not just the ones you think are at risk.
The evolution of cybersecurity over the last two decades is astounding. Security leaders must move beyond what they’ve always done and focus on facing the challenge of the future with today’s sophisticated software and unified security teams with one goal in mind — protecting the data!
In my next article, I’ll explore today’s security landscape in more detail and examine new threats, attack techniques and defense approaches. Are you ready to get started on your cybersecurity journey? Learn more about VMware’s intrinsic security services today!