2 minute read
BEND, DON’T BREAK ATTACKER-DEFENDER LEARNING
from The Integrator
botnets, and denial of service (DoS and DDoS) joined the cyberthreat ecosystem – and didn’t leave.
To cope with larger and more varied digital workloads, virtual machines (VM) and virtualisation became integral components of IT networks. It can be harder to keep track of workloads and applications in a virtualized environment as they migrate across servers, which makes it more difficult to monitor security policies and configurations. Underprotected VMs can be targeted with malware and, once infected, can spread malware across the entire virtual infrastructure.
Advertisement
BY 201200
against such threats overwhelmed many organizations, and they turned in growing numbers to Managed Service Providers for external support. Security provision became more flexible, available through the major online Marketplaces and other service providers so it could be bought and up and running within minutes.
2017 was to be a defining year for cyberthreats and cybersecurity. It was the year the powerful exploit tool targeting the SMB protocol, EternalBlue was leaked and the year of two attacks with vast global impact – WannaCry and NotPetya.
BY 202300
To mark Barracuda’s 20th anniversary, we took a high level look at how cyberattacks and cybersecurity have evolved since we started in 2003, and what might be waiting round the corner.
The Landscape By 2003
Cyberthreats and the cybersecurity to defend against them took off in the mid-1980s. The Cascade virus in 1987/8, the Morris worm in 1988, the Melissa virus in 1999, to name a few.
BY 200300
cyberthreats had begun to diversify and multiply, but attacks remained largely fragmented, disruptive, and often opportunistic.
BY 200900
By 2009, mobile devices, services and software were taking over the business landscape. The security perimeter stretched ever further outwards, and attackers got organised. Financial fraud, phishing, ransomware, spyware,
The age of modern ransomware had arrived. Web-based and social engineering attacks became widespread, and attacks by nationstate supported groups and hacktivists increased.
At the same time, the business needs for scalable, accessible, security that can be updated in real-time and doesn’t drain resources drove security to the cloud and as-a-service consumption models.
BY 201600
As the decade progressed, cyberattacks became more prolific and destructive. Connected internet-of things (IoT) systems and hybrid cloud/on premise IT environments become common, offering attackers a broader attack surface and new points of weakness to target and exploit. Attackers were using fileless malware and legitimate or built-in IT tools to bypass security measures and detection.
The skills and resources needed to secure complex digital environment
Today, we see the internet-of-things evolving into the internet-ofeverything (IoE.) Security integration and visibility are struggling to keep pace – leading to security gaps that attackers are quick to target and exploit.
The Russia-Ukraine war that started in 2022 has also reminded the world how cyberattack tactics, such as DDoS, wipers, and more can be wielded as cyberweapons in times of geopolitical tension.
BY 202800
What does the future hold?
As we move towards the second half of this decade, we know that security perimeters are a thing of
We expect the widespread adoption of AI to continue, with significant repercussions for businesses, society, and geopolitical stability. AI will enable security operations centers to become intuitive and responsive, accelerating the detection, understanding and mitigation of complex incidents.
