The History of Cybersecurity

Worms. Viruses. Trojan horses. Logic bombs. Spyware.

Twenty-five years ago, these words weren’t a part of conventional information technology (IT) vocabulary. However, over the course of the last few decades, the impact and scale of cyberattacks have evolved significantly – to the point where these words are not only part of the common IT terminology, they’re a part of weekly news headlines. With damages resulting from these cybercrimes projected to hit $6 trillion in the next few years, an entire industry dedicated to cybersecurity is rapidly emerging.¹ This, in turn, creates a demand for trained cybersecurity professionals with as many as 3.5 million open positions projected to be available by 2021.¹

But how did we get here? While IT as we know it was the work of thousands of individuals over the course of several decades, the reality is that few could have predicted how essential it would become to our lives and how vulnerable individuals and businesses alike would become to scam artists, snoops and spies. The following series of milestone events illustrates the way in which both the cyber threat and cybersecurity landscapes have evolved:

Computer Worms in the Late 1980s

Robert T. Morris, a computer science graduate student at Cornell University, generated what is commonly known as the very first “computer worm.” The worm was actually part of a research project, the goal of which was to measure the size of the Internet at large by infecting UNIX systems in order to count the number of connections throughout the web. Due to a programming error, the worm-infected machines repeatedly, causing networks to clog and systems to crash. It became the first worm to spread “in the wild,” the first worm to experience widespread media coverage, and one of the first programs to exploit a system vulnerability.²

On a side note: Though Morris was dismissed from Cornell, sentenced to three years’ probation, and fined $10,000, he eventually became a tenured professor at MIT where he remains today.2

Viruses in the 1990s

In the 90s, more aggressive technology came forward in the form of viruses. Tens of millions of PCs were infected by viruses such as “The Melissa” and “ILOVEYOU,” causing email systems worldwide to fail. Though there were seemingly few strategic objectives or financial gains to be had from these viruses, the sheer number of people affected by the attacks earned them headlines on the front pages of newspapers around the world. Cyber threats suddenly became a household concern, which prompted the creation of antivirus software to spot a virus and prevent it from performing its designed task. These threats were also significant in increasing awareness about the risks of reading emails from unknown or untrusted senders and opening any attached documents. This realization was not lost on companies, who knew that if a virus spread from a corporate email account, there would be concerns about security and a company’s legitimacy.³

Mafiaboy in 2000

Fifteen-year-old Michael Calce, known as “Mafiaboy” online, decided to unleash a cyberattack on a number of high-profile commercial websites including Amazon, CNN, Dell, eBay, E*Trade and Yahoo! At the time, Yahoo! was the largest search engine in the world, and Wall Street was heavily investing in internet companies such as these. One industry expert estimated the Mafiaboy attacks caused nearly $1.2 billion in damage, and consumers and financial experts alike began to ask the obvious question: If a 15-year old can breach companies like Amazon and E*Trade, how safe are we?⁴

Calce was eventually apprehended, and because he was still a juvenile, he was sentenced to eight months in open custody, meaning his movements and actions were restricted and his online access was limited by the court. Calce is now a columnist and has written a book about the incident.⁵

Credit Card Hacks of the Mid 2000s

With the new millennium came more targeted cyberattacks, the most memorable of which was the first serial data breach of credit cards. Between 2005 and 2007, Albert Gonzalez formed a criminal ring that stole information from around 45.7 million payment cards used by customers of U.S. retailer TJX, which owns the popular TJ Maxx outlet stores. The breach reportedly cost the company $256 million, and because the data involved in this breach was regulated, the incident required the involvement of the authorities and the allocation of funds to compensate victims. After observing the devastating consequences of being unprotected, companies began to equip themselves with more sophisticated security programs and systems. Gonzalez was ultimately sent to jail for 40 years.³

The Target Breach of Modern Day

For those who thought it couldn’t get worse than the TJX retail breach, it didn’t take long before another large-scale attack. Forty million credit and debit card records were stolen from Target in 2013, a data breach which characterizes the nature of most cybersecurity threats today for many reasons.

From a technical standpoint, the Target attack was far more intricate than the TJX one. It was carried out by criminals who were savvy enough to take an indirect route through the retailer’s system to avoid detection. In this case, the route was through a third-party heating and ventilation supplier. Using digital code specially developed for point-of-sale systems, the attack grabbed consumers’ credit card numbers at the precise moment they were in the system’s memory, but not yet encrypted.

The attack was a cautionary tale about the widespread impact a breach of this scale could have. The CEO himself resigned – a grim reminder that cyber breaches are now executive-level issues and that no level of an organization can afford to ignore either the risk of cybercrime or the formation of incident response plans.³

Unfortunately, the list of cybercrime victims didn’t end with Target. In 2014 and 2015, data breaches were successfully carried out at Sony, Staples, Home Depot, J.P. Morgan Chase, and Anthem – prompting former President Obama to call for an update to cybercrime laws.⁴

The Future of Cybersecurity

Today, cyber threats are so routine and sophisticated that they seem almost impossible to prevent. As a result, in many organizations, cybersecurity has become as much a part of the business as finance, sales and marketing, and the focus is on developing appropriate response plans that minimize the damage in the event of a cyberattack. Cybersecurity professionals are in high demand to create and execute safety measures – however, the talent or workforce gap for cybersecurity is estimated to hit 1.8 million by 2022, according to a 2017 Global Information Workforce Study (GISWS) survey. Fortunately, for those in cybersecurity industry, the opportunities in this field are endless.⁶

Pursue a Cybersecurity Program

Are you interested in pursuing an education in cybersecurity? Colorado Technical University (CTU) offers multiple cybersecurity degrees and concentration options across our colleges of IT, computer science, and criminal justice. Request information from CTU today!