Connect with us

Hi, what are you looking for?


Management & Strategy

Back to Basics: Retro Cybersecurity Lessons Still Matter

We are all too familiar with the game of leapfrog being played between cybersecurity personnel and hackers as stories of data theft, identity theft and malware are reported daily. Luckily, technology is often on our side.

We are all too familiar with the game of leapfrog being played between cybersecurity personnel and hackers as stories of data theft, identity theft and malware are reported daily. Luckily, technology is often on our side. Machine learning can now watch for strange and unexpected behaviors, alert artificial intelligence systems when an anomaly is spotted and trigger automated actions in the blink of an eye to quarantine an infected system or alert the security team to quickly act.

So, it’s all good? Not so fast. People are becoming complacent and ignoring the basic lessons we learned decades ago. Technology has advanced immensely since 1990 when the term “cybersecurity” arrived on the scene.

In 1990, passwords were simple. Most people only needed three: work login, email login and dial-up internet. They were updated irregularly and used simple phrases. This changed with the rise of online shopping through retailers like Amazon and eBay. People needed to tie credit cards to their accounts and start using longer passwords considering there was more at stake. 

Step forward to 2018 and we now store everything from photos to finances online. But, passwords have actually become weaker – the most common in 2017 was still PASSWORD. Meanwhile cybercriminals, now more than ever, are turning to email to execute attacks. You’ve heard it 1,000 times, but the importance of practicing good password hygiene still rings true. We need to remember best practices, personally and in business:

 Change your password regularly and follow complexity guidelines. Ideally, a password is no less than eight characters with a mix of letter case, numbers and symbols.

 Don’t reuse passwords. For business especially, identity and access management systems can ensure unique passwords and prevent reuse.

 Use two-factor authentication where possible, but remember two-factor authentication that’s backed by a weak password can still prove ineffective.

Advertisement. Scroll to continue reading.

Malware has become more prevalent and diverse since the 1990s, no longer reliant on floppy disks or downloads from dial-up bulletin boards. But, that doesn’t mean old adages are superfluous. When viruses started to spread by email, anti-virus became an important protection tool. Now in 2018, malware is spreading at epidemic rates with hundreds of millions of new samples being discovered every day. Traditional anti-virus software cannot keep up as malware hides, shape-shifts and time-detonates, but this does not mean that it’s any less important. Some key tips to keep in mind include:

 Always use the most recent anti-virus software available and ensure that it’s updated regularly for the latest signatures. 

 Avoid disabling advanced features. When you keep your security products up to date, you can ensure that the best protection for your organization is always available. Current toolkits are cloud-enabled, so if a new threat is detected, you can make sure you are protected in real time.

 Ignore the old arguments that anti-virus “slows down my computer.” While this may have been true with the inefficient software of the 1990s, computers today are so powerful and have such well-managed software that antivirus won’t have more than a two percent impact on performance – a hardly noticeable amount. 

Now, let’s think about the network. In 1990, we had a simple firewall, a computer without a cable was considered ‘disconnected’ and the Wi-Fi explosion had not yet happened. Protecting the network was fairly simple, only requiring basic firewalls. This is where we’ve seen drastic change with the availability, bandwidth and expectation of 24/7 access to information. 

All of these factors are driving the network to become better, bigger and faster. But as much as it’s the superhighway for all information and collaboration needs, it is also the superhighway for moving threats around, stealing data and preventing access. This is what we should we be thinking about in 2018:

 Your network sees everything – every spreadsheet, every email, every anomaly. It’s like a digital heartbeat – it needs to be monitored for fluctuations.

 Leverage intelligence. Remember that not all devices have built-in security – like IoT sensors or industrial controls – and cannot self-protect. Network intelligence turns data and actionable insight into your security posture, which can be used to create dynamic policies for faster mitigation and remediation of threats.

 Security solutions must work together. It’s rare today for an organization to rely on a single vendor for all their cybersecurity needs – but it’s imperative that all solutions leverage the same intelligence, use the same policies and work cohesively.

Lastly, in 1990, cybersecurity companies operated as competitive adversaries. Today, this is no longer practical as the reality is that we’re all out to prevent the same threats. Although we still compete at the business and solutions level, it’s critical that cybersecurity vendors also share threat information. When a new threat is discovered, the fingerprint for that threat should be shared as quickly as possible, enabling all vendors to protect their customers.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.