Information Security Through the Years
Some aspects of info security haven't changed much in theory.
You may be interested to know that most every modern cybersecurity technique used today is based on methodologies developed and used thousands of years ago. So, in the spirit of those who don’t know their past are doomed to repeat it, let’s look at how modern cybersecurity has evolved from a stick and parchment paper.
Information Security Before Computers
For millennia the basic concepts of cyber security have been deployed to protect information assets and almost always for military applications. Going back to antiquity and leading up to the dawn of computing the following techniques were used:
The Spartan Scytale: around 600 BC Spartans used a process that consists of a leather strap wrapped around a wooden rod. The letters on the leather strip are meaningless when it's unwrapped, and only if the recipient has the correctly sized rod does the message make sense.
The Caesar Cipher: Julius Caesar is credited with a type of substitution cipher in which each letter in the plaintext is 'shifted' a certain number of places down the alphabet. For example, with a shift of 1, A would be replaced by B, B would become C, and so on.
The Playfair Cipher: In 1854 Charles Wheatstone invented this cipher which is a digraph substitution. It employs a table where one letter of the alphabet is omitted, and the letters are arranged in a 5x5 grid. Typically, the J is removed from the alphabet and an I takes its place in the text that is to be encoded
The Enigma Machine: In 1918 a German engineer named Arthur Scherbius developed this for World War I as a combination of mechanical and electrical subsystems. The mechanical subsystem consists of a keyboard; a set of rotating disks called rotors arranged adjacently along a spindle; one of various stepping components to turn at least one rotor with each key press, and a series of lamps, one for each letter.
Outside of military applications, the use of ciphers became a critical foundation for computing security.
Information Security in the Computing Age
The introduction of networked-bas computers created a new set of problems for encryption. Specifically, how to share data while maintaining security but still allow both sending and receiving parties to encrypt and decrypt the data. Enter the Diffie-Hellman Key Exchange.
The Diffie-Hellman Key Exchange “is a way of generating a shared secret between two people in such a way that the secret can't be seen by observing the communication. That's an important distinction: You're not sharing information during the key exchange, you're creating a key together.” For a more complete definition of how this cipher works check out Hackernoon.com’s article, titled ,“Algorithms Explained: Diffie-Hellman.”
The First Global Cat--and--Mouse Game
The introduction of the computer and more specifically, the global reach of the internet made it possible for creative individuals to wreak havoc. An article titled “The History of Cyber Security — Everything You Ever Wanted to Know” describes that in 1971, the first recorded malicious code to have broad reaching impact:
“The history of cyber security began with a research project. A man named Bob Thomas realised that it was possible for a computer program to move across a network, leaving a small trail wherever it went. He named the program Creeper, and designed it to travel between Tenex terminals on the early ARPANET, printing the message ‘I’M THE CREEPER: CATCH ME IF YOU CAN.’”
The article goes on to describe the first cybersecurity responsible for cleaning up the mess left behind by malicious code:
“A man named Ray Tomlinson (yes, the same guy who invented email) saw this idea and liked it. He tinkered with the program and made it self-replicating – the first computer worm. Then he wrote another program – Reaper, the first antivirus software – which would chase Creeper and delete it.”
For the next 48 years, a cat-and-mouse game cybercriminals and cybersecurity professionals have been dancing a cat-and-mouse game between what is secure and what becomes available for malicious use.
The Future of Information Security
The only way to prevent damage from cybercriminals and malicious code is to prevent the attack from even occurring. So, considering only solutions that use deep inspection and analysis methods which can interpret and detect malicious code in real time and immediately block threats, preventing unwanted code affecting your IT infrastructure is the only way to go.
Your solution should ensure that every line of code is evaluated, making evasion techniques ineffective. The bottom line is that your organisation will be better protected from attack--for--hire services.