Did you know that the beginning of cyber security was as a research project? In 1971, researcher, Bob Thomas discovered that it was possible to make a computer program move across a network and leave trails wherever it went.
He named the program Creeper and designed it to leave the message “I am the Creeper: Catch me if you can”. Ray Tomlinson, another researcher, saw this and was intrigued. He changed the program and made it self-replicating, thereby creating the first computer worm. He proceeded to create another program and called it Reaper, designed to go after Creeper and delete it, thus creating the first antivirus.
Since the creation of Creeper and Reaper, cyber security and technology have grown by leaps and bounds. Threats have become exponentially more complex. Part of the reason why there are so many gaps in the cyber space is because the Internet wasn’t built with security in mind. The goal was to get a few computers to talk to each other. That later exploded into the Internet we know today. Harmless programs evolved into basic targeted attacks and later into complicated attacks on organisational networks. This evolution cemented cyber security’s place in technology.
Initially, fending off cyber criminals was a task left to the IT department. The widely publicised Sony Pictures attack in 2014 forced the company to shut down their entire network and changed the narrative around cyber-attacks. Businesses realised that cyber-attacks had the potential to have a hugely detrimental impact on their brand, performance and financial standing. More recent ransomware attacks such as NonPetya and WannaCry show that these attacks aren’t necessarily targeted to specific organisations. WannaCry spread over 150 countries and infected over 230,000 computers within 24 hours. WannaCry was not the first large scale attack, and will not be the last. We can be sure that attackers will find new ways to compromise organisational security perimeters.
Taking the cyber security conversation to the Board
The security conversation should no longer be contained to a bunch of technocrats; it should be a board level concern. A seemingly simple act of staff and board level Cyber Security Awareness training could be the thin line that determines if an organisation gets hacked or not. The board should be aware of the cyber security landscape and prepare adequately to prevent and mitigate attacks when they happen. Partnering with security companies can help organisations stay afloat and maintain cyber resilience.
A cyber resilient organisation is one that is capable of identifying, assessing and managing risks related to its network. It ensures that its information is protected from attacks, unauthorised access and system failures. It’s even better if an organisation continuously monitors the network to detect oddities that could be potential cyber security incidences. The point of cyber resilience is to outlive an attack and return to normalcy without hurting business operations.
Anyone that is interested in learning more about cyber security can do this, either through a University course or one of the many cyber security courses that are offered online. The job market for cyber security professionals has widened hugely over the past few years, illustrating how market perception has changed and continues to progress in the wake of risks posed by cybercrime and the ever evolving threat landscape.
Ensuring cyber resilience
We are at a point where cybercrime is so sophisticated that it’s no longer a question of if, but when you are going to get hacked. As technology advances, so do cyber criminals. At this rate, prevention, while extremely important, cannot be assumed to be an organisation’s entire security defense strategy. All it takes is a tiny gap, a small mistake which cyber criminals will exploit and use to harm the organisation. What we do have complete control over is what to do after a breach has occurred. How soon it is discovered depends on the choice of security equipment and skill level of the security personnel involved. It is important to be prepared and trained in incident response procedures to ensure that breaches are managed efficiently and effectively.
It is critically important to have the right cyber security infrastructure and road map. Health checks on the entire organisational network should be done continuously. By looking into these pointers, an organisation drastically reduces its risk of attack. After understanding what needs to be done, organisations can achieve cyber resilience and a good security standing in two ways; building internal capacity or outsourcing cyber security services. Many companies tend to opt for the latter because it’s a more efficient option in terms of expertise required, costs and resourcing and allows organisations to focus solely on their core businesses. What’s your posture?