Cyber-attacks are continuously evolving into smarter, relentless and unforgiving incidents. They are forcing businesses into conjuring a three-part defence mechanism: prevent, detect and respond. The likes of worms, viruses and data breaches have advanced rapidly in the past 25 years, thus becoming increasingly sophisticated and tenacious. It’s been a tremendous challenge for cyber-security professionals, technology vendors and law enforcement to keep up with these advancements.
Many high-profile cyber-attacks throughout the years have served as a reality check for corporate firms which essentially highlights that prevention and detection solutions are simply not enough. At this present moment in time, evidence shows skilled, determined, and well-funded hackers seem well able to access any network. A lot of focus is being devoted to having a strategy for the aftereffect of any cyber-attack and recovering quickly. A prime example of where this was needed is the recent cyber-attack on the NHS, due to the catastrophic fallout of the event.
The first worm – 1989
What is a computer worm?
A computer worm is a malware computer program that replicates itself to spread to other computers. Most of the time, this type of malware uses a computer network to spread itself, relying on security failures on the target computer to access it. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help.
1989 saw the creation of the first computer worm, which was crafted by Robert Morris to test the size of the internet. Unfortunately, the manipulating virus spread aggressively, essentially terminating the internet. The impact of the initial worm was not on the same level of devastation that could be created by harmful malware today. However, it was the first of many to come and shaped how viruses were managed for decades. Furthermore, this meant businesses had to invest in the first defensive security products, such as firewalls. It was cyber security’s first step to counter the threats.
The first viruses – 1990-99
What is a computer virus?
A computer virus is a type of malicious code or program written to alter the way a computer operates and that is designed to spread from one computer to another. In contrast to worms, viruses aren’t a standalone software and require a host program or human help to propagate.
Melissa and ILOVEYOU were both fast-spreading macro viruses which were distributed as an e-mail attachment. When the attachment was opened, it disabled a number of safeguards in Word 97 or Word 2000. Furthermore, if a user’s system ran the Microsoft Outlook e-mail program, it would essentially cause the virus to be re-sent to the first 50 people in each of the user’s address books. This malware infected a numerous amount of PCs; damaging email systems worldwide without a clear intention. This was the first issue of cyber-vandalism on a massive scale.
These threats of viruses initially highlighted how employee mistakes can damage cyber security. So, to take action, the industry tried to remove the human element through technology. This was implemented using an auto-updating anti-virus software designed to spot the signature of the virus and prevent it from executing.
Credit card cyber attacks – 2005-2007
2005-2007 saw cyber attacks become bigger with end-goals relating to financial benefits. Hacker Albert Gonzalez conducted an operation that stole information from nearly 50 million cards used by customers of US retailer TJX, costing the company $256m. Businesses realised hackers could deceive their existing security tools and operate within their networks for years. This is one of the main reasons as to why detection solutions became a top priority for existing companies. Businesses learned the dire consequences of investing the minimum amount into their cyber-security and began arming themselves with more sophisticated security systems.
Target and Sony – 2014
During 2014, there were massive recent data breaches of Target and Sony. This situation emphasised that today’s cyber-threat is ever-growing and reaching astonishing new heights. Cyber criminals took their skills to new levels, whether they were individuals or part of a criminal organisation. This time round there was a lot more at risk than money; company reputation and jobs were lost in the process.
Target booked $162 million in expenses throughout 2013 and 2014 related to the data breach, in which hackers broke into the company’s network to access credit card information and other customer data, affecting some 70 million customers. Moreover, Sony’s data breach was inflicted by North Korea, which shows that you don’t have to be part of a criminal organisation to cause this damage.
2017 & beyond
This year saw the outbreak of the “biggest ransomware outbreak”. The attack saw the likes of the NHS and FedEx dismantled. Spanish telecommunications company Telefonica was among many targets in the country along with German railway operator Deutsche Bahn.
In this day and age, technology is enhancing by the day, which means that cybersecurity is top of the agenda. By protecting valuable information and acting swiftly and effectively when it gets in harm’s way, the backlash from regulators and customers can be avoided. By building its resilience, businesses can gracefully manage cyber attacks and the business can continue to succeed
At Fresh01 we are experts in helping companies implement an appropriate training strategy. We have worked with corporate giants such as British Gas, Prudential, and JP Morgan. Here, we provided advice and guidance for their cyber-awareness strategies and deployed exceptional interactive learning courses through the use of learning management software, gamification and video.