Data security might be one of the most essential components of your business. Managing data security within a company is crucial to the continued success of any operation. With costs in the millions for a data breach, just one incident could be devastating for a small- or medium-sized business. But what is data security, and how has cybersecurity evolved over the years?
Data security threats have continually been growing more robust since the inception of the computer, and data security solutions have grown with them. The history of cyberattacks is rife with hacks, oversights and viruses. Fortunately, we can learn from each one of these events and use them to inform our current approach to cybersecurity.
Table of Contents
- What Is Data Security?
- Timeline of Cybersecurity History
- Why Is Privacy and Data Security So Important Today?
- Data Security: Learning From Experience
What Is Data Security?
Data security covers many different concepts and applications. At its core, data security refers to the overall measures that a company takes to protect data from unauthorized access, modification, release or corruption at all steps of the workflow. Some types of security that fall under this umbrella include:
- Network layer security involves protecting the packages moving between networks in the TCP/IP model.
- Email security refers to the collective measures taken to ensure emails are sent and received securely. These steps include preventing spam or viruses, rigorous authentication procedures, password rotations, staff training and encryption.
- IPSec is the application of cryptographic security to protect and authenticate the packets moving over an Internet protocol (IP) network.
- Physical security involves keeping data and physical storage safe through methods like security cameras, locks and guarded access privileges.
- Encryption is encoding communications so that only those with proper authentication can read the data. If intercepted, an encoded document would be unreadable to the interceptor. Encryption can be on many different forms of data, including emails, websites, links, fields and cloud storage.
- Mobile data security refers to protecting data from becoming compromised via the use of mobile devices. Some of these data security measures include access limitations, regular update requirements, antivirus and strict policies.
Timeline of Cybersecurity History
Cyberattacks have occurred throughout the history of the internet. They come for businesses of all shapes and sizes and can attack a wide variety of data systems with innovative methods. By learning from the past, we can better protect the systems of today. Here are a few of the most notable events in the history of information security.
1. The Creeper – 1971
Bob Thomas of BBN Technologies helped write what is widely considered the world’s first computer virus at the start of the ’70s. This program moved through ARPANET, the precursor to the Internet. It was harmless, generating the message, “I’m the creeper, catch me if you can!” on DEC PDP-10 computers, but Ray Tomlinson, the man who later invented email, turned it into a self-replicating virus. He then developed a reactionary antivirus program called the Reaper to delete it.
2. The Morris Worm – 1988
Back in the days when only 60,000 computers had Internet access, Cornell graduate student Robert Tappan Morris, Jr. wanted to count the number of machines connected to the Internet. He created the Morris worm, the first of its kind to accomplish that task. It slowed down computers that ran the code, using up precious processor power and bringing the Internet to a standstill. It completely crashed about 10 percent of the computers connected to the Internet. The Morris worm created a tipping point in cybersecurity as it brought viruses out from the world of academia to having damaging real-world consequences. He was the first person to be charged under the Computer Fraud and Abuse Act, and his worm prompted the creation of the first computer emergency response team in Pittsburgh, ordered by the Department of Defense.
3. Rome Laboratory Cracks – 1994
Two hackers accessed the U.S. Air Force’s main research and command facility, Rome Laboratory, in March of 1994. Through the use of Trojan horses, they gained access to over 30 systems. They used them as a platform to reach over 100 others, including those at NASA, the Goddard Space Flight Center in Greenbelt, Maryland and the Jet Propulsion Laboratory in Pasadena, California. The hackers were teenagers in the UK. This event was a wake-up call for many in the government, knowing that two kids had the potential to control systems with impacts felt across the world.
4. Secure Sockets Layer – 1995
In response to security issues on the growing Internet, Netscape developed the SSL protocol using Transport Control Protocol (TCP). SSL allows users to make purchases and submit information safely online by creating a secure link between the browser and the webserver. Even now, when a webpage has “https” in the address, that signifies a connection with Transport Layer Security, which came from SSL.
5. ILOVEYOU, Sobig and MyDoom – 2000-2004
A string of email-attachment viruses came out in the early 2000s, contributing to the advice for people not to open suspicious email attachments. ILOVEYOU was one of the first, showing up as a .vbs file attachment and overwriting random filetypes in the user’s computer. Sobig followed, along with several iterations of the worm as it developed. This trojan horse-worm combo appeared in an email claiming to be something else, like a screensaver, approval document or application information that released the worm when clicked. MyDoom appeared as an email claiming an error, but when clicked, it sent copies of itself to the user’s contacts. It was one of the fastest-spreading email worms ever and did an estimated $38 billion in damage.
6. Stuxnet Attack – 2010
A worm by the name of Stuxnet destroyed about a sixth of Iran’s centrifuges in its nuclear-fuel enrichment program. It disrupted industrial programmable logic controllers and was a striking display of a nation-state using cybersecurity as a weapon. The worm came from a politically motivated position, developed by the US and Israel.
7. The Snowden Leaks – 2013
Edward Snowden, a former employee of the Central Intelligence Agency and United States subcontractor, copied and released classified information from the National Security Agency. He released the information to several major newspapers as a whistleblowing attempt to show the nation what privacy concerns the US may have committed in the name of national defense. Snowden’s status as a hero is still widely debated, but his actions caused a massive societal controversy about the nature of our government’s surveillance activities and what constitutes individual privacy. They also led many to lose trust in the government.
8. Target and Home Depot Breaches – 2013-2014
This retail breach hit Target and Home Depot during some of the biggest shopping days of the year. Between November 27 and December 15, 2013, over 110 million people had their credit card or personal information compromised due to the breach. Shortly after, in 2014, 94 million consumers had their payment or emails compromised in a breach at Home Depot.
9. Yahoo Data Breach – 2013-2014
Hackers breached Yahoo in the biggest hack of all time in 2013, collecting a variety of data, including passwords, names and security question answers. The hack affected over 3 billion users. While that’s bad enough, Yahoo didn’t report the breach until 2016, resulting in a $35 million fine from the U.S. Securities and Exchange Commission (SEC) for not disclosing it in a timely manner. Between that fine, the impact it had on Yahoo’s reputation, the class action lawsuits and the $350 million decrease in Yahoo’s sale price, the breach’s effect on Yahoo was more than significant.
10. Office of Personnel Management Data Breach – 2015
Two hacks that claimed over 25.7 million personnel files hit the U.S. Office of Personnel Management in 2015, taking social security numbers, security clearance background investigation files and fingerprint records. This massive breach took vital information and was a wake-up call to many for improving data security, especially throughout government operations.
11. WannaCry – 2017
The first ransomware cryptoworm targeted Windows computers to get ransom payments through Bitcoin currency. It would exploit a problem that Microsoft had identified and patched in older Windows systems. Unfortunately for them, many businesses and consumers hadn’t updated their systems, so they were left vulnerable. WannaCry worked by encrypting the data on the computer and then displaying a demand for $300 in Bitcoin payments. Some have estimated the damage from WannaCry at $4 billion, and it affected at least 150 countries across the globe.
12. NotPetya – 2017
In the same year that WannaCry released and using a similar vulnerability, NotPetya also targeted the Windows operating system, claiming an estimated $10 billion in damages. This ransomware was incredibly damaging, wiping data from the systems of energy firms, banks, senior government officials and transportation businesses. Instead of simply encrypting the data, it completely shut down systems, preventing operation. It disrupted everything from health sectors to cleanup at Chernobyl.
13. Equifax Breach – 2017
Also in 2017 was the infamous Equifax breach. This breach compromised over 143 million Americans’ secure data — that’s over 40 percent of the US population — providing access to about 200,000 consumer credit cards. It appeared through an unpatched vulnerability in part of their software. CEO Richard Smith ultimately resigned. This breach created a sense of unease about these large carriers of personal data. Surprisingly enough, no wave of identity theft occurred after the breaches, leading many to believe that a nation-state entity, particularly China, was behind the hacks for espionage instead of theft.
14. Facebook – 2018, 2019
Over these two years, data breaches at Facebook exposed almost 450 million records, including account information, usernames, phone numbers and emails. In 2018, hackers gained access to about 30 million records. Then, in 2019, a server with over 419 million records was left open to anyone, with no password required. These records held user IDs and phone numbers associated with them. Some held names, genders and locations as well. These breaches, along with the Cambridge Analytica scandal in 2016, damaged Facebook’s reputation, leading many to doubt the social media giant’s ability to secure their data successfully.
Why Is Privacy and Data Security So Important Today?
It’s clear from the results of these incidents that data and message security is no joke. It can have severe ramifications for billions of people. Breaches are harmful to the security of nations, personal safety and businesses’ overall success. Think of the damage to the reputations of the corporations involved in significant breaches and consider the financial costs. A study conducted by the Ponemon Institute clocked the cost of the average global data breach at $3.92 million, and that number rises for the U.S. to $8.19 million. The repercussions for data security incidents is staggering, especially for work in highly regulated industries like healthcare and finances.
Since 2005, over 11 billion records have been compromised across more than 9,000 data breaches. One million of those records were breached in 2018 alone. While data breaches on large companies are the ones that make the headlines, cyberattacks on small and medium businesses (SMBs) can be devastating. You must protect the data that keeps your business running, but you also have a duty to protect the information that your customers entrust to you. In this highly digital age, in which most people own smartphones, understanding the nature and importance of cybersecurity is becoming increasingly valuable. Outside sources aren’t the only thing you need to be prepared for either. According to Verizon’s annual data breach report, 34 percent of breaches involved internal actors. General errors, misuse by authorized users and physical activity can also be contributors to cybersecurity incidents.
Many SMBs brush off cybersecurity, believing that their business is too small to be a target, but that’s precisely the kind of thinking that many hackers prey on. Verizon’s report found that 43 percent of data breaches involved small business victims. Organizations that don’t have the resources or staff to deal with a cyberattack have particular vulnerabilities the hackers can exploit, which is where outsourcing your cybersecurity can save your business thousands and keep data safe.
Data Security: Learning From Experience
From the first worm in 1971 to some of the most impactful data breaches in history, cybersecurity has become a vital aspect of every business operation. It has the potential to cost thousands and inhibit essential government, military or healthcare proceedings. But it doesn’t have to happen in the first place.
There are steps you can take to eliminate or minimize the effects of many cyberattacks, such as testing security often and developing a reaction plan for the moment an attack occurs. You can also prevent the data breaches that come from employee error with thorough training. Another way to tackle data security head-on is to use CYBERShark.
Businesses use CYBERShark to protect themselves from security threats and vulnerabilities. CYBERShark is a cloud-based SOC-as-a-service program that can offer the benefits of complex infrastructure and I.T. experts without the in-house costs. You can help keep your data and business safe with the sophisticated security features CYBERShark provides, such as 24/7 network monitoring and an advanced correlation engine.
CYBERShark was designed for managed service providers (MSPs), providing managed data security, log capturing and management and regulatory compliance in one program. To learn more about how CYBERShark can protect your business from the risks of data security, contact us or set up a demo today.
- Back to Basics: What Is Network Monitoring?
- Your Ultimate Guide to Zero-Day Attacks
- What Is a Security Operations Center, and Why Is It Important?
- Breach Discovery: How Long Does Detection Take?
- The Truth About Mobile vs. Computer Data Risks