Today we complete our look back at the development of cyber-crime by beginning in the 1980’s. We will then move through each decade until we arrive at the present. This is part two of cybersecurity history, when things really start to expand…

Cybersecurity throughout the times

Read about the 1940’s to the 1970’s in last week’s article.

  • 1980’s -> Antivirus makes its bow
  • 1990’s -> Welcome to the online world
  • 2000’s -> Internet uptake grows and cyber-criminal activity follows
  • 2010’s -> Large-scale cyber-attacks wreak havoc
  • 2020 and beyond -> The next generation

The world’s first commercial antivirus

The 1980s saw an increase in high-profile attacks and 1983 introduced terms like ‘Trojan Horse’ and ‘Computer Virus’. Two years after that, the US Department of Defence published the ‘Trusted Computer System Evaluation Criteria’ to offer guidance with:

  • Assessing the degree of trust in software used to process sensitive information
  • Deciding the security measures commercial products must have

1987 saw commercial antivirus products launched, including one for the Atari ST from Andreas Lüning and Kai Figge. John McAfee founded McAfee as part of Intel Security in the U.S. and then released VirusScan.

Everybody’s surfing…

On the internet, of course. The 1990’s proved to be an incredibly fertile period for digital transformation in general. Just as the 2020’s has largely dealt with viruses of the Covid-kind, the ’90’s saw a great deal of activity with other sorts of viruses including the first polymorphic viruses. The code within these mutates whilst the original algorithm remains intact, thus evading detection.

1990 welcomed in the European Institute for Computer Antivirus Research (EICAR). In 1992 the first anti-antivirus programs appeared, including ‘Peach’. This was able to avoid detection and infect entire systems.

New viruses and malware truly exploded throughout the 1990s, growing from tens of thousands to millions. By 1995, the public were in need of cybersecurity measures and the first firewall program was then developed. The proliferation of email towards the end of the decade also represented a new entry point for viruses.

Hello, internet

Internet availability accelerated hugely across the globe in the 2000’s. This led to a growth in devices, software and instant messaging services and it also meant that more data was being held digitally. In other words, cyber-criminals now had even more targets to infiltrate. 2001 heralded the arrival of a new infection technique too, where users could be affected by simply visiting an infected website. ‘Zero-day attacks’ also came to prominence. These take advantage of ‘holes’ in security measures for new software and applications and render antivirus far less effective.

As if in response to this, Avast released free antivirus software in 2001. This fully-featured security solution saw their user base grow to over 20 million in just five years. Antivirus was certainly a crucial element in the digital world throughout the 2000’s but it has one drawback – it often slows computer performance. This then led to cloud technology being embraced in 2007, when Panda Security combined it with threat intelligence in their antivirus product. The next year, McAfee Labs did much the same and in 2009, the Anti-Malware Testing Standards Organisation (AMTSO) was created to develop a method for testing cloud products.

The 2000’s also saw the rise of OS security, cybersecurity that is built into a computer’s operating system. OS security offers additional protection via secure accounts, regular patch updates and updated antivirus engines, software and firewalls.

Cyber-attacks and data breaches cost businesses millions

The 2010’s saw a large number of high-profile security incidents, including that involving Edward Snowden in 2013. Between 2013 and 2014, hackers also compromised the personal information of Yahoo’s 3 billion users. In 2017 the ‘WannaCry’ ransomware infected 230,000 computers in one day.

It is fair to say that digital transformation provided cyber-criminals with more targets. As many accepted the new challenges, this then led to cybersecurity companies in the UK and beyond developing more offerings aimed at foiling the attacks. This then saw criminal elements changing their tactics to regain the upper hand, with social engineering techniques thus emerging. In short, a vicious circle played out over and over again, leading to ‘next generation’ innovation and next-gen cybersecurity.

2020 and beyond

Next-gen cybersecurity typically involves multi-factor authentication (MFA), back-up and mirroring plus web application firewalls (WAF). There is also an emphasis on ‘real-time protection’, sandboxing – constructing isolated testing environments in which to execute suspicious files – and deeper methods, including:

  • Network Behavioural Analysis (NBA, identifying malicious files based on behavioural anomalies)
  • Threat intelligence and update automation
  • Forensics (replaying cyber-attacks to help mitigate future breaches)

Only time will tell how the next 10 years will play out but one thing is for sure; cybersecurity is evolving. It has to, in order to stay on top of the many malicious threats that exist.

And so ends ‘cybersecurity history’, the second part of our look back at IT security throughout the years. Which eras do you remember? Were you amongst the antivirus pioneers of the 1980’s? Were you beating the drum for OS security some 20 years ago? Do let us know in the comments section below.

Book a cyber-risk assessment with CRIBB Cyber Security today.

CRIBB Cyber Security specialises in certifications, vulnerability scans and pen testing. We are a UK cyber security company and part of theICEway ecosystem of companies. This gives us a worldwide reach and enables us to keep on top of the different data protection legislations and regulations from around the globe.