In 2004, the U.S. Department of Homeland Security launched Cybersecurity Awareness Month. Today, October is recognized as Cybersecurity Awareness Month not only in the U.S., but throughout the world. With cybersecurity and the threat of hacking touching nearly every aspect of our lives and elements of the security industry, the importance of effective cybersecurity practices is paramount. Although we may think of it as today’s problem, modern cybersecurity is a result of many advancements and developments throughout history.
- 1834: The first cyberattack occurred when two thieves stole financial market information by hacking the French Telegraph System.
- 1940: The first ethical hacker was Rene Carmille. He was a punch-card computer expert who owned the machines that France’s Vichy government used to process information under Nazi occupation. As a member of the French Resistance, when he discovered that the Nazis were using the information to track down Jews, he offered to allow them to use his machines. Carmille then used that access to hack them and disrupt their efforts.
- 1962: The Massachusetts Institute of Technology (MIT) set up the first computer passwords had been set up to limit students’ time on the computers and provide privacy for their computer use. Allan Scherr, an MIT student, created a punch card that triggered the computer to print all the passwords in the system so he could get more computer time and distributed the cards to his friends, as well.
- 1969: The first computer virus is believed to have been used at the University of Washington Computer Center. An unnamed person installed a program that came to be known as “RABBITS Virus” on one of the computers. The program began replicating itself until it overwhelmed the computer causing it to shut down.
- 1970: Kevin Mitnick managed to access some of the most guarded networks in the world from 1970 to 1995. He used complex social engineering schemes that tricked key personnel in the companies into providing him with passwords and codes which he used to penetrate the internal computer systems. He was arrested by the FBI and faced a number of federal charges. After prison, Mitnick became a cybersecurity consultant and author.
- 1971: Bob Thomas created a virus that served as a security test. It was not malicious but did highlight areas of vulnerability and security flaws in the U.S. Defense Department’s ARPANET (Advanced Research Projects Agency Network) which is what would become “the internet.” The virus, named Creeper after a villain on Scooby Doo, displayed “I’m the creeper, catch me if you can!” when corrupting the DEC-10 mainframe computers. It was the first instance of applications moving automatically from one computer to the next.
- 1972: Ray Tomlinson, Thomas’ colleague, created the Reaper Program, which moved through ARPANET, replicating itself, searching for copies of the Creeper, and deleting them. The Reaper was the first antivirus software program and thus the first attempt at cybersecurity.
- 1983: ARPANET began requiring its users to conduct all network communications via a set of transmission control protocol/internet protocol (TCP/IP) conventions. TCP/IP became the global standard for network communications, allowing networks all over the world to communicate easily with each other and giving rise to the Internet.
- 1988: Robert Morris created and released several dozen lines of code that constituted the first Internet worm. The malware infected and crashed about 10% of the computers connected to the internet and caused millions of dollars in damage.
- 1990s: The popularity of Microsoft’s Windows operating system also fueled an increase in virus activity. The antivirus industry responded with products like McAfee, Norton Antivirus and Kaspersky, which detected threats by scanning all the files in a system and comparing them to a database containing “signatures” of known malware.
- 2003: As a response to the growing number of cyberattacks and a lack of authority regarding prevention, the newly founded department of Homeland Security establishes the National Cyber Security Division. This was the United States government’s first official task force dedicated to cybersecurity.
- 2018: Due to concerns around the volume and security of personal data held by companies, the European Union began enforcing the General Data Protection Regulation (GDPR), a regulation establishing a mandatory data protection baseline. Among other things, it established that companies must have a response plan in case of a data breach.
- 2020: As of 2020, it was estimated that there are about 6.8 internet connected (IoT) devices per person around the world, with cybersecurity concerns only continuing to grow and becoming more compilated by the day.
Cybersecurity is a crucial part of a comprehensive security approach in today’s security landscape. Make sure to take advantage of all ASIS International’s resources this Cybersecurity Awareness Month!
