The Evolution of Cyber Security

Rohyt Belani
CEO & Co-Founder-Phishme
Thursday, January 2, 2014
Rohyt Belani
Headquartered in Virginia, Phishme is a provider of security solutions through training and awareness against malware and drive by attacks. The company has received a total funding of $2.5 million from Paladin Capital Group.

One of the more remarkable recent developments in the technology industry has been the evolution of the cyber security field. Twelve years ago, cybersecurity was a new phenomenon confined to the realm of computer geeks, and most threats originated from amateur hackers and script kiddies looking for thrills and bragging rights. Fast forward to the present day, cyber security has become a board level issue in the corporate world over attacks being carried out by nation-states and sophisticated cyber criminals that have profound ramifications for businesses. This increased relevance has also spurred a growing industry of cyber security firms that have captured the attention of the venture capitalist community.

Origins of Cyber Threats
In the early days of the Internet, cyber threats were generally perpetrated by geeks and pranksters who were more interested in the thrill of the hack than in gaining economic benefit (think of the characters from the ‘90s movie Hackers). Without significant resources, organization, or clear goals, these early hackers did not pose a systemic threat to private industry, and so cyber threats and security remained low on the corporate priority list. Any cyber security responsibilities were likely added to the CIO's list of duties, and any budget earmarked for cybersecurity was minimal. Venture capital investment in security firms was accordingly sparse, as well.

Today, most organizations recognize that cyber threats present a great risk to their business. No longer are adversaries disorganized amateurs. Threat actors are often backed by nation-states or sophisticated criminal organizations that compromise enterprise networks with economic motives. These attackers will exfiltrate intellectual property and other sensitive economic information, the loss of which can have a negative impact on an organization’s reputation and bottom line, as well as incur fines for regulatory violations. The power shift is striking. Whereas before, organizations possessed far greater resources than their attackers; however in the present day, attackers are backed by organizations (such as nation-states) that have far greater financial wherewithal than even Fortune 500 corporations. Enterprises have necessarily begun placing higher priority on cyber security, with many making the chief information security officer an important member of executive leadership.

The reason for this transformation is simple: adversaries are following the easiest path to the information. As the Internet has grown to contain more and more sensitive information, adversaries have realized how much there is to be gained by relentlessly—and often successfully—targeting enterprise networks. For these adversaries, carrying out a cyber-attack offers access to large amounts of money or information with relatively low risk of retribution or attribution. This has meant that any organization dependent on conducting business over the Internet is a potential target. As a result, the list of large corporations and government agencies that have been breached is as long as it is prestigious. In 2013, prominent organizations including Apple, Facebook, The New York Times, and The Wall Street Journal are just a few of the organizations that suffered data breaches.

Share on Twitter
Share on LinkedIn
Share on facebook
Reader's comments(1)
1:Even though cyber security is enhanced there are loopholes where these intruders make critical situations.The recent arrest of an Intel employee who was suspected for terrorist link,the cyber team could not even manage to find out his social network site pages.So the existing system is not just enough and many more incidents show lack of monitoring.
Posted by: Sri sai - 18th Apr 2015
Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of Infoconnect Web Technologies India Pvt Ltd or its site www.siliconindia.com. Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. Infoconnect Web Technologies India Pvt Ltd can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. Infoconnect Web Technologies India Pvt Ltd reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous, or otherwise offensive or inappropriate.Infoconnect Web Technologies India Pvt Ltd do not endorse the products and services or any other offerings mentioned in these messages.