As we move forward in 2020, I find myself looking forward to what the next years will bring. I also find myself taking the time to look back over what has been a decade of change for myself personally and the industry I work within.
I started the decade welcoming my son into the world, my firstborn and a magical time for any family. At this stage of my life, it was about moving forward and achieving both personal and career goals. My career was going well and at the turn of 2010, I was achieving an amazing rate of change and development within my role as Infrastructure Manager. The changes were all very much about delivering scale of economy and great user experience. Security was the insurance policy behind the scenes. Don’t misunderstand here, security was important, but it was always an overlay to delivering the primary goal.
As I headed into the middle of the decade Security was really starting to become the forefront of mind for not only IT managers, but it became a discussion at the executive level… Why suddenly was this happening?
As we went into 2015 and beyond we found ourselves seeing major brands being impacted by increased attacks that disrupted services and tarnished brand reputation. One of the most successful attacks in the decade was the evolution of Ransomware. Ransomware showed that attacking organisations data could not only cripple the services organisations delivered but also could generate a revenue stream for the attackers. Ransomware was truly the first form of attack that allowed attackers to gain a profit with consistent success.
Here in the UK, the ransomware outbreak was at its pinnacle in 2017. My team and I, fended off 3 ransomware attacks within 12 months, never once having to pay a ransom due to having a robust and tested action plan that included multi-levels of data backups enabling quick recovery of services. However, in the UK 2017 will be remembered for one of the biggest cyber attacks the NHS had ever seen. The WannaCry attack on the NHS showed how devastating the impact of Ransomware can be and how services can be ground to a halt. The NHS showed amazing robustness in the light of the attack by diverting ambulances to lesser impacted locations and reverting to pen and paper for some tasks. This was a great example of disaster management in process.The UK the ransomware outbreak was at its pinnacle in 2017. My team and I fended off 3 ransomware attacks within 12 months.Click To Tweet
My company was a private organization closely linked to the NHS at the time of the WannaCry outbreak. As the person responsible for IT at my company, I monitored the Wannacry outbreak carefully. The incident really shone a light on how important it is to build security into solution design from day 1 and ensure this posture is maintained going forward.
When I look back at the 3 attacks that my team and I had to fight off, there was one common point of entry for the malicious payload… EMAIL. While attackers were realizing that Ransomware was a reliable revenue stream, they were also beginning to understand that employees are the weak point in a company’s security defense. My company had technology in place to defend against attacks and we carried out user awareness training and education sessions to help improve security. But as is true today, the staff of a company can be tricked or socially engineered into acting.
As we moved into 2018 and beyond the technology became very good at stopping the likes of Ransomware and the security market gained even more products to monitor the behaviour of devices and networks looking for the anomalies. Email security providers moved heavily to relying on sandboxing technologies to counter the constant signature changes and protect against those zero-day attacks.
What the ransomware attacks showed was that companies’ data was valuable and to quote my current CTO “Data is the new oil”. The attackers’ hunch that companies would pay for their data was correct. Over the past couple of years t nearly weekly news articles about companies, large brands being compromised through various methods and our data (you and I) being sold for profit and gain.
As we head to the backend of the decade and as we start to look forward to 2020 and beyond it is clear that these attacks are here to stay. Data is becoming more and more valuable. Many attacks utilizing email as the primary delivery method, many utilizing social engineering to target the employee, that weak point within an organisation.
The next ten years are likely to see an even greater increase in public cloud platforms such as MS Azure and AWS adoption. This move to the cloud is introducing new challenges for CIO / CTO and their teams. How do they realize the scalability, the elastic change and the speed of delivery the cloud offers while ensuring they keep the control over the security and data that they have built up over the past decade?The next 10 years we will likely see an even greater increase in public cloud platforms such as MS Azure and AWS adoption.Click To Tweet
There is a middle ground between the CISO and the builders in the public cloud. Technology will be the answer to achieving this balance.
For me the past decade has been life-changing, I became a father, built a successful team, delivered a new infrastructure platform that allowed my employer to grow their business beyond recognition and just at the turn of 2018 I changed my career path. A new challenge, a different challenge taking all I have learned over the past decade and utilizing it to solve other business' security challenges.
I also believe the past decade has been “life Changing” for all in the security world and security in technology has really matured through the past decade, you could argue having a similar change to my own personal journey.
Now being part of a security vendor, I am excited and looking forward to the challenges the next decade brings and how this allows me and my team to support businesses to deliver a safe and secure environment within the platform they choose.
I wish you all the best for 2020… It’s going to be an adventure for us all in one way for another.
Steven Peake is a technical engineer at Barracuda where he engages with end-users and partners to deliver solutions to solve their business security and data protection needs. Steve has worked in IT for over 16 years 10 of these in Senior IT Management roles delivering support, infrastructure and security services for a UK wide group of companies, including performing outsourced services to the Legal and Insurance sectors as well as the NHS.