Advertisment

Enterprise Security—A Dramatic Decade

author-image
PCQ Bureau
New Update


Advertisment





For the purpose of understanding the rapid transformation of the information security industry, I will split the last decade in security into three phases: The annoyance phase, the easy money phase, and the espionage and war phase.

Advertisment



The Annoyance—good old days

During the first part of the decade until about 2004, viruses and other cyber-attacks were relatively juvenile, intended as annoyance and for fame among the misdirected young and the jobless. Although there were many damaging attacks, the authors of the malware only wanted to stoke their own egos and prove their destructive capabilities to the world.

Advertisment



The Easy Money—cyber mafia

Since about 2004 or so, we have seen a major shift in the attack patterns in pursuit of financial gains. The key aspect is the sophisticated nature of the cybercrime infrastructure that developed during the last 8 years. It would be appropriate to call it “organized crime” with a difference — the players were spread across multiple countries, and their reach was global.

During this time spam became a vector for malware and phishing attacks, causing a proliferation of botnets, and creating a sophisticated industry to steal identity of individuals for financial gain.

Advertisment

The Espionage & War phase —the unknown

Since approximately 2008 (in reality this was happening even a few years earlier), research by McAfee and other security experts has revealed significant attempts at cyber espionage, for the purpose of gaining an edge for business, political power or national interest. One just needs to study attacks such as “Operation Aurora” on Google and other companies, “Operation Night Dragon” on the Energy industry or “Operation Shady Rat” on multiple corporations and government organizations to understand the scale and enormity of this danger.

The stakes have gotten much higher and the attacks more targeted. Instead of spreading malware through massive spam mail campaigns and other methods, the focused attacks use elaborate personal information about the potential victims, gathered over time, to get them to click on a malicious file or link.



Conclusion

The information security technology is probably the most dynamic field in the tech industry today. Connected technology will be omnipresent in this decade as we see an explosion of IP addressable devices being utilized in our daily lives. The unexploited weapon against cybercrime for a CIO is well-informed and trained employees. New concerns about cybercrime and the technologies to protect customers will undoubtedly present a gripping cat and mouse game in the current decade.

Advertisment