Monday, 15 May 2017

The IT Security Expert Blog is 10 Years Old

Ten years ago today I published my first ever blog post about a BBC news story titled "Home Network Security Scrutinised". A decade ago it was rare to see an IT security or hacking story make the news media, and back then the term 'Cyber Security' would conjure images of Dr.Who's metallically clad arch-villains in most people's minds in the UK.
The Face of Cyber Security in 2007

Fast forward ten years, IT security has long been rebadged as 'Cyber Security' and on Friday the top ten news stories on Sky News were all Cyber Security related, albeit about the same global attack, but how times have changed.

'I found the following article on the BBC news website, which happens to be exactly what I had been talking about in my presentations this week. None of the findings is surprising to me, but I find many people I talk with are in the dark about digital security. Anyway, I thought I'd write this post about it and start my own blog' - 15th May 2007
How times have changed since I started writing this blog, the use of computing devices has vastly increased, with IT systems and devices becoming ever more sophisticated, most of us possess powerful 'smartphone' computers in our hands and we have countless connected devices within our homes. It is clear our society has grown ever more dependent on information technology as evident by the NHS cyber attack on Friday, the loss of NHS workstations due a fairly simple ransomware attack led to cancelled operations and A&E closures.

Some of the highlights from the last Ten Years
  • 2007 Web 2.0
  • 2007 The iPhone is launched
  • 2007 HMRC loses unencrypted CD holding millions of UK citizen's personal details
  • 2007 WikiLeaks is founded (later to be used by Snowden and Manning)
  • 2007 ISPs using WEP (broken) Wifi encryption
  • 2007 Estonia DDoS of government websites and businesses
  • 2007 PCI DSS compliance is pushed
  • 2007 TJX Max 45 million credit card breach is disclosed
  • 2007 Nationwide fined £1m by FSA due to data breach
  • 2008 The Rise of Hacktivism: Scientology attacked by Anonymous
  • 2009 Heartland 130 million credit card data breach
  • 2009 The Gary McKinnon Extradition
  • 2009 The Conficker Worm infiltrates millions of PCs worldwide
  • 2009 Zeus trojan/bot becomes more widespread
  • 2011 EU Cookie Law
  • 2011 PlayStation Network Hack and 102 million Record Data Breach 
  • 2011 DUGU industrial controls virus
  • 2011 Play.com Third Party Breach
  • 2011 Lush credit card data breach
  • 2011 Bank of America had 85 million credit cards taken by a Turkish hacker
  • 2012 Flame cyber espionage malware
  • 2012 LinkedIn data breach, 165 million accounts compromised
  • 2013 65.5 Million emails and password leaked from Tumblr
  • 2013 Evernote had 50 million records compromised
  • 2013 Target breached by HVAC third party, 40 million credit cards stolen
  • 2014 Sony Picture DDoS over "The Interview" North Korea satire movie
  • 2014 General Data Protection Regulation (GDPR) agreed by the EU
  • 2014 The Heartbleed bug
  • 2014 Rambler 98 million accounts compromised
  • 2014 Yahoo 500 million accounts compromised
  • 2014 Homedepot 56 million credit cards stolen
  • 2015 TalkTalk Hacked
  • 2015 Rise of IoT insecurity
  • 2015 Jeep car hack
  • 2015 21.5 million personal records stolen from US Government
  • 2015 Superfish privacy invasion by Lenovo
  • 2016 Yahoo 1 Billion Personal Record Data Breach
  • 2016 $101m hack of the Bangladesh Bank
  • 2016 US electron hacking
  • 2016 Friendfinder 412 million accounts compromised
  • 2016 360 Million Stolen MySpace accounts posted online
  • 2016 67 million Dropbox accounts compromised
  • 2016 Massive DDoS attack against DNS provider reg-123
  • 2017 APT10 Cloud Hopper Campaign Threatens
  • 2017 Global Ransomware outbreak which severely impacted the NHS
Of course, cyber security is not ten years old! In 1903 Nevil Maskeylne disrupted John Ambrose Fleming's public demonstration of Macroncies wireless telegraph technology by sending insulting morse code messages through the auditorium's projector. In essence that was a successful hack of an information technology device.

The Cyber Security Game is afoot
The more devices and the more complicated they are, the more likely there are to be vulnerabilities which are exploited by criminals and nation-state actors hellbent on making money and causing mayhem. There is no winning scenario with cyber security, it is a continuous process and the challenge of staying ahead of the bad guys, knowing if you stand still for just a minute like the NHS not upgrading Windows XP systems and not applying Microsoft Critical Security Patches on time, you are going to lose the cyber game big time. So here's to another ten years...

2 comments:

Michael said...

10 years is a long time for anything, so congrats for that. But you're dead wrong about IT security not making the papers very often back then. In fact, YOU'RE the one late to the game. Lots of IT security writers have been around for at least twice as long as this blog, which I just discovered.

Dave Whitelegg said...

Thanks, btw I never said IT security issues weren't making the papers, that we have gone from the odd story in the main stream news to cyber attacks dominating the front pages on a regular basis.