Cybersecurity was traditionally aligned most closely with the networking side of IT. The focus was on keeping attackers out of the network using technologies that either blocked traffic or granted access to specific users. The network was flat and generally tied to a single corporate campus. 

“It used to be that if the endpoint got flagged, IT would reimage the machine and move on. If the firewall saw the bad traffic, block the IP address and move on,” says Fernando Montenegro, vice president and practice lead for cybersecurity and resilience at The Futurum Group. But as the infrastructure became more complex — different types of devices, geographically disparate, and diverse applications — the defender’s mindset had to shift.

“You can have all the network security in the world, but if everyone has domain admin [privileges], there is no point.”

Short History of Technology Advancements

And infrastructure changed dramatically over the past two decades, starting with cloud and mobile, the rollout of Internet of Things into pretty much everything, to AI, says Richard Stiennon, founder of cybersecurity analyst firm IT-Harvest, who writes for The Security Industry Substack newsletter, and a former Gartner vice president. 

The early 2000s brought cloud computing and software-as-a-service to the forefront. Salesforce, arguably the first modern software-as-a-service company, was founded in 1999. Amazon established Amazon Web Services in 2002 to help developers build applications and launched both Simple Storage Service (S3) and Elastic Compute Cloud (EC2) in 2006. Organizations considered the promised cost savings, operational efficiencies, and performance improvements as they developed their cloud migration plans. 

Mobile was not far behind. The first BlackBerry with phone functionality debuted in 1999, the first iPhone in 2007, and the first Android (HTC Dream) in 2008. Security teams now faced the reality that the organization had many applications running on servers outside their control, and the bring-your-own-device trend meant much of the data was no longer behind corporate walls.

Then came the Internet of Things — Dark Reading’s first mention of IoT dates to 2013 — and enterprise defenders had to deal with the fact that the organization’s attack surface had expanded significantly and was continuing to grow. An increasingly remote and mobile workforce made identity and data protection more prominent. 

Technology Drove Security Innovation

Cybersecurity’s expansion is directly tied to technological innovation, Stiennon notes. New security startups were founded to address new challenges, and technology companies added security capabilities and services to their existing platforms. Security teams sought diverse telemetry to understand what was happening in their environments and partnered with managed security service providers and other solution providers to address increased complexity.

A system compromise now raises a whole new set of questions: which identities were involved, which other systems were affected, and which data were accessed. Security teams assess what else the attacker can do from the compromised device and determine whether the incident falls under disclosure rules set by the U.S. Securities and Exchange Commission (SEC). They also need to make sure their data strategies remain compliant with the European Union’s General Data Protection Regulation (GDPR).  

Two decades ago, the industry was small enough that most people knew each other, or knew someone who could broker an introduction. Threat intelligence was collegial and relied on these informal communications channels. Then iSIGHT Partners came along in 2007, and Recorded Future in 2009. Threat intelligence became a commercial product as companies comprehensively mapped threats, tracked attacker motivations, tools, and infrastructure, and analyzed the information to predict and identify threats. 

But despite all of these changes, cybersecurity principles remained the same: protect the infrastructure, update systems, and train people to behave securely. 

“Cybersecurity today looks nothing like it did 20 years ago, but cybersecurity also looks exactly the same,” says Ross Haleliuk, a startup advisor behind the Venture in Security Substack newsletter, noting that while teams now have to think about cloud provisioning and assigning proper access privileges, they still have to apply security updates and remind employees not to reuse passwords. “Bad ideas are still bad ideas.”





Source link

#

Comments are closed