So, you're curious about cybersecurity
The pace at which the world's technology has been accelerating is making it incredibly difficult to keep up lately. This is generally fine, since we are mostly end users of such technology, and so the tech like your smartphone or TV, are most likely already as user-friendly as possible. But while we are enjoying the fruits of technological developments, for a cybersecurity professional like me, the world is actually becoming a scarier place. By the end of this, you'll understand why cybersecurity is your problem too, and why it always has been.
Let's start with a simple exercise. Below is a password strength checker. While nothing you input below is sent anywhere, in case you're skeptical, just try putting famously simple passwords like "123456" or the ever-classic "password".
Try a Password
Your password is checked only in this browser. It is never sent anywhere.
Strength estimation powered by zxcvbn, originally authored by Dan Wheeler at Dropbox and released under the MIT License.
Did you notice how quickly a modern computer can crack these?
Next, let's do another simple exercise; visit the website I've linked below in a new tab, and paste your email there (don't worry, it's safe!), and observe the results for yourself:
So, what did you learn? If your page said 0 breaches, you're either so new to the internet that your email has barely made the rounds, or your cyber hygiene is already just that good. If it's the latter, well done!
However, if it said otherwise, and you're learning about those breaches for the first time, it's probably a good time to start changing passwords to those breached accounts as soon as possible.
I also highly recommend you go through the well-documented Have I Been Pwned: Frequently Asked Questions to learn more! I am a huge fan of this service.
However, long before the digital age, the need to protect sensitive information has been a constant human concern. Let's take a short journey through the decades to see how this has evolved.
A Short History of Cybersecurity
Ancient world
-
A scribe in the tomb of Khnumhotep II used non-standard hieroglyphs to obscure the inscription β the earliest recorded use of intentional cipher-like encoding.
-
Spartan generals wrapped leather strips around a staff of a specific diameter. Without the matching staff, the message was unreadable β an analogue precursor to hardware authentication tokens.
-
Caesar encrypted military dispatches by shifting each letter three positions in the alphabet. Simple by modern standards, but effective against an illiterate enemy.
Medieval & early modern
-
Arab polymath Al-Kindi wrote the first known manuscript on breaking ciphers using frequency analysis. Substitution ciphers never fully recovered. This is the birth of code-breaking.
-
Medieval courts formalised authentication through wax seals embossed with unique signet rings β an analogue precursor to digital signatures. Forgery was a capital offence.
-
Leon Battista Alberti invented a rotating cipher disk that shifted the substitution alphabet mid-message, making frequency analysis much harder.
Industrial era
-
As messages began travelling over wires operated by strangers, businesses developed private codes to protect trade secrets over public telegraph lines.
-
British intelligence decoded a German diplomatic cable proposing a military alliance with Mexico against the US. The decryption helped bring the US into WWI.
Decade by decade
-
Turing and the Bletchley team cracked Enigma using the Bombe machine. Colossus, the first programmable computer, was built for the same purpose. Cryptography and computing are born together.
-
Enthusiasts found that audio tones could manipulate phone networks to make free calls. John Draper found a toy whistle produced the exact 2600hz tone to access AT&T trunk lines.
-
As universities began sharing mainframe time, passwords and user accounts were invented to separate users' data. The concept of authorisation enters computing.
-
The precursor to the internet was designed to survive nuclear attack, not resist hackers. DES was published in 1977 as the first standardised civilian cipher. Security was an afterthought.
-
In 1988, the first major internet worm exploited Unix vulnerabilities to replicate uncontrollably, taking down thousands of machines. CERT was created in its aftermath.
-
The web opened to the public with minimal security. SSL was invented for payments. Kevin Mitnick became the world's most wanted hacker. Millions came online with no awareness of risks.
-
ILOVEYOU infected 50 million machines in 10 days. SQL Slammer took down the internet in 15 minutes. Stuxnet was the first cyberweapon targeting physical infrastructure.
-
Snowden revealed mass surveillance in 2013. The OPM breach exposed 21 million records. WannaCry hit 300,000 systems in 150 countries by exploiting an unpatched Windows flaw.
-
SolarWinds showed that compromising one trusted vendor could reach thousands of organisations. Log4Shell was buried in a library used by half the internet. Perimeter security is dead.
-
AI-generated phishing is indistinguishable from legitimate email. Deepfakes are used in social engineering at scale. The arms race is no longer human vs human β it's AI vs AI.
So, how much does this affect me?
Well, I hate to break it to you, but cybersecurity has always been and continues to be every individual's responsibility; yes, that includes you! It's genuinely unnerving the lengths some adversaries will go to in order to break into systems.
Human beings remain the weakest link in cybersecurity, whether we're talking about everyday individuals or the security teams at the world's largest companies.
- According to recent data, the human element is the root cause of 74% to 95% of data breaches.
- Back in 2020, over 130 high-profile X/twitter accounts, like those belonging to Barack Obama, Bill Gates and more were taken over as a result of a breach at X/Twitter. This was the result of something called "social engineering" - more specifically "vishing", which sounds fancy, but all it meant was that the attackers posed as the twitter IT team and called its employees, and convinced them to hand over their credentials.
- Even IT teams make costly mistakes. In 2017, the Equifax team failed to apply a known patch to their web framework, and it eventually remained an open door for the attacker to exploit. This eventually led to 148 million people's personal data being stolen, close to $700 million in fines and settlements, and a drop in their market cap by $5 billion. All in all, including recovery, implementing better security and more, it cost them upwards of $1.8 billion. Even worse, no amount of compensation can undo loss of personal data.
Conclusion
Cybersecurity has been a human problem since long before computers existed; it's just that the stakes are considerably higher now. If this has sparked your curiosity, I'll cover practical steps you can take to protect your digital life in the next article. Thanks for reading!
Image credit: Pete Linforth
References and further reading: