11 Apr The Beginnings Of Cyber Security, And The Next 30 Years
Philadelphia, Pa. — Apr. 11, 2018
Can you remember 30 years ago? Back when Madonna was playing on the radio, Arnold Schwarzenegger was still wearing spandex, and Ronald Reagan had announced the Strategic Defense Initiative? The 80s were an age of economic boom and many of the technologies that we use today were birthed during this time.
Microsoft Disk Operating System (MS-DOS) was born in 1980 and IBM had introduced the personal computer (PC) in 1981, allowing for smaller and more reliable computing in home and office settings. The term “cyberspace” had been coined from a novel called “Neuromancer” and hacking organizations were exclusive and secluded. The first virus, named “Brain,” perked its head up in 1986 and the infamous Morris Worm was released in 1988.
Although it may be center stage now, Cyber Security has long been a challenge for IT personnel and organizations alike. Fast forward 30 years from the days of IBM’s release of the PC, and we are now in the age of digital, wherein IoT, the cloud, artificial intelligence, social media platforms, and mobile have reigned king, creating a whole new attack surface.
With new attacks against political figures, media companies, and hospitals happening on a daily basis, we need to ask ourselves how did we get to this place, and what can we learn from history going forward?
Will these same problems confront us 30 years from now? To best understand, I recently got together with a pioneer in the industry and as I am lucky enough to call him, my dad, Brad Kingsbury.
Brad was Peter Norton’s first employee, was the brains and developer behind the Norton Utilities for 5 years, and has had a long career in the security space, working in corporations such as Symantec, McAfee, Brightmail, and currently at Awake Networks, where he serves as VP of Engineering.
How did you get into Cyber Security?
I was Peter Norton’s first employee, working there on his kitchen table. At that time, we were developing productivity and developer tools, like the Norton Utilities, Norton Commander, and Norton Editor. But then we were seeing a trend where one of the better selling “utilities” was antivirus software.
After Peter Norton Computing was acquired by Symantec in 1990, Symantec itself was already building a DOS antivirus product. I joined the team and continued on the team for another 3-4 years, as its chief architect and development manager. I’ve been doing security software ever since.
How has the space of Cyber Security changed from the preliminary days working with Peter Norton to the Cyber Security space today? How has it stayed the same?
In the early days, there were not a lot of different “threats.” The primary purpose of the malware in those days was to make life miserable for the victim. Malware would delete the contents of your hard drive or make your computer unusable. And the creator of this malware was some bored kid in Eastern Europe, trying to impress his girlfriend. The threats were infrequent. In terms of technology, we had host-based antivirus products. At the time, there was a little interest in computer-access and encryption, but we didn’t have many of the technology categories that we have today.
As more and more people became connected to the Internet, there were more opportunities for malware to spread—and quickly. And the motivation for malware changed—from deleting a person’s hard drive to extracting financial information from a company or user. Once there was money to be made, the really bad guys got involved. The malware folks these days include organized crime, government entities, and just everyday thieves.
What has changed? The technology is ever-evolving, on both the bad guys’ side and the good guys’ side. Also the motivation has changed, bringing in heavy hitters with the resources necessary to perform a very sophisticated attack. The risk is greater, since we are a more connected world. What has stayed the same? Really nothing, which makes the cyber security space so exciting to work in.
What are you most excited about or what technologies do you think have the greatest potential to combat the issue of breaches?
Because it’s basically really easy for the bad guys to get in via phishing or some other basic technique, I think a lot of the new efforts in cyber security are around investigation and making security analysts more effective. Breaches are going to happen. Banks are still robbed today. Where there is money to be made, people will find ways to get at it illegally.
The security analysts are the forgotten masses who have to go through tons of false positives per day, looking for that needle in the haystack security breach which exposes the company in a big way. I think we are going to see major strides in empowering the analysts to be more effective. From a technology perspective, I do think the use of machine learning could also help create more sophisticated security products.
What is the most interesting thing you learned recently?
Personally, the most interesting thing I’ve learned is how sophisticated some of the AI technologies have progressed. I studied AI in school back in the early 1980s, when it was just a “science project.” To actually see it being used in day-to-day products today is amazing. I believe the next major stride in security will be the adaption of AI technologies to cyber security.
What has been your proudest moment being in the field?
I’ve had the rare opportunity to build a number of products from scratch, most of them going on to be quite successful. Being a part of a team that creates something from nothing is a lot of fun and very satisfying. And then seeing a strong customer response is the cherry on top. And honestly, just being in the cyber security space and evolving with the threats, knowing that you are one of the good guys and you are defending your customers—kind of like a police officer, but the bad guys aren’t shooting at me. Very rewarding!
What advice would you give to the younger generation or anyone looking to get into Cyber Security?
From a job perspective, I think there will continue to be a strong demand for cyber security folks, which is why I’ve encouraged all of my children to get into the field—and all of them are doing so! With technology playing such a big part of the younger generation’s day-to-day usage, I think they are more exposed than ever from a security perspective. Everyone likes to work on something they can relate to or benefit from. Why not be a good guy and make the world a safer place? It’s very rewarding, both from a job perspective and also in terms of making the world a safer place.
How would you like to see the space develop in the next 30 years given your experience with the first 30 years?
I expect significant changes to occur for cyber security over the next 30 years. We are still in a pretty rudimentary stage, in terms of level of sophistication for prevention, detection, and investigation. Today, any person can easily be a victim. Any company too, independent of all of the safeguards they have in place.
Within 30 years, I hope that we have minimized the chances of being a victim. I also think that all of the hassles of security (unique passwords, 2FA, etc.) will be a thing of the past. If they do exist, they won’t be considered a hassle, but a part of our daily life, especially since the younger generation grew up with a cell phone glued to their hands.
As technology has progressed, the capacity to conquer complex problems deemed previously impossible are being uncovered and leveraged in ways that are changing the way we operate. Mobile and IoT devices, used on a consistent basis, store tremendous amounts of information about our personal lives. We put everything from our latest vacation pictures, our children’s school and activity schedules, to our credit card and banking information on these devices, creating a much larger attack surface.
As Brad states, the incentives of attackers in today’s digital landscape are money-driven, compared to the operational damage that motivated attackers 30 years ago. As we progress into the next 30 years, fully succumbed to our fully ingrained digital lives, what will the attackers aim to steal then? And what will the attack surface look like?
Only time will tell.
Danielle Kingsbury is Founder of CyberSecPsych, a blog that helps people understand the psychology elements that propel cyber security, the hacking community, and a broader focus on the economic motivations involved. She is also Chief of Staff at Baron Hunter, a firm that specializes in digital transformation.