Cybersecurity: Then, Now and Tomorrow
As information technology has evolved over the course of ISACA’s 50-year history, so has the IT security threat landscape. What we now refer to as “cybersecurity” has taken different shapes and names over the decades, along with the technology, processes and everyday tactics required to protect hardware, information systems and data.
In the 1970s and 1980s, enterprises often focused on physical security—protecting computer rooms and equipment. As Robert Parker, then International President of EDPAA, noted about diskettes in his article, “Microcomputer Security and Control,”1 “On the positive side, they are compact and easy to transport but, unfortunately, they are easily damaged, lost, stolen and copied.” Telecommunications companies at the time were also advising their customers to keep track of calling cards to avoid theft and longdistance fraud.
As information systems expanded and connected more people in the ‘80s and ‘90s, security capabilities needed to grow to address new threats, including software piracy and hacking.
Guidelines for the Security of Information Systems adopted by the Council of the Organisation for Economic Co-operation and Development (OECD) in 1992 noted that the “…proliferation of computers, increased computing power, interconnectivity, decentralization, growth of networks and the number of users, while enhancing the utility of information systems, also increase system vulnerability.”
Employers began advising their staff on ways to create strong passwords to reduce their risk of getting hacked. Worms and viruses also entered into the picture, threatening to shut down systems.
“It has become evident that the impact of the expansion of the cyberthreat landscape has increased tremendously and that it will keep increasing, transforming the facts into a call to action,” said Chris Dimitriadis, Ph.D, CISA, CISM, CRISC, ISACA Past Chair and Group Director of Information Security at INTRALOT. “As reported by ISACA, in the ‘70s and ‘80s, telecommunication companies were issuing long-distance-call fraud warnings related to a lost calling card. Nowadays, SIM-swap attacks can result into an empty bank account. In a few years when driverless cars become a commodity, we will be discussing life threatening situations.”
Throughout this evolution, ISACA has gathered expertise from its members and the community to provide professionals with knowledge, understanding and tools to navigate the digital world and provide increasing levels of cybersecurity to their organizations. In 2000, ISACA became a founding partner in the Center for Internet Security, a not-for-profit organization that established global standards and accreditation systems to promote security and privacy in internet-related systems.
ISACA now offers a portfolio for practitioners and their enterprises to understand the cybersecurity landscape, and to prepare for, respond to, and mitigate threats and breaches through Cybersecurity Nexus (CSX), launched in 2014. Providing opportunities for credentialing, training for individuals and enterprises, career development and other educational resources, CSX helps keep cybersecurity professionals informed and supported in the face of emerging threats on the horizon.
To further expand its cybersecurity offerings, ISACA acquired CMMI Institute in 2016, the organization behind the Capability Maturity Model Integration (CMMI) and the CMMI Cybermaturity Platform. A comprehensive enterprise cybersecurity capability and risk assessment platform, the CMMI Cybermaturity Platform provides cybersecurity and senior executives with the evidence and insights to improve cybersecurity resilience.
As we navigate the current environment of data breaches, ransomware attacks and concerns about the impact of new technologies such as artificial intelligence and look to a future of continually-morphing threats, ISACA will keep providing the latest in cybersecurity best practices and tools to help professionals keep threats at bay.
“It is amazing to see technology evolution through the eyes of ISACA, an association that has been contributing to the business and technology community for so many years,” added Dimitriadis. “ISACA offers a community of experts that will guide us in trusted cyber-enabled world by possessing the wisdom of the past.”
1 Prepared for Deloitte Haskins & Sells presentation