June 19, 2023 By Ronda Swaney 4 min read

The number and complexity of cybersecurity tools have grown at a dizzying pace in recent decades. As cyber threats like ransomware became more numerous and complex, antivirus and threat management tools expanded to meet these challenges. Security experts now often find themselves with too many choices and a market too rich with options. Choosing, running and training on these tools can become a problem.

From the first “computer worm” to ransomware, let’s review the evolution of cyber threats and the expanding cybersecurity ecosystem.

The birth of the cybersecurity industry

With no public internet, computer security in the early days focused mainly on passwords protecting computer systems one at a time. Even 60 years later, passwords remain a foundation of a healthy cybersecurity practice.

In the 1970s, an ethical coder created a program called Creeper, a “worm” that moved from system to system, leaving a message behind on the ARPANET. (ARPANET was the Advanced Research Projects Agency Network, an arm  of the U.S. Department of Defense and the forerunner of today’s internet.) A colleague of the Creeper programmer created a program to destroy it called Reaper. It found and deleted the virus, creating the first antivirus program. These were the first virus and antivirus programs, but that didn’t remain true for long.

In the late 1980s, the Morris Worm, a self-replicating malware program, served as a wake-up call to the industry. Designed to demonstrate a known vulnerability, it slowed down the internet and caused widespread damage. The Morris Worm clarified the need to hold back a growing threat landscape and gave rise to the first firewall. Firewalls slowly emerged from labs in the late 1980s, but the firewall industry would take off in the next decade.

In 1987, the first true commercial antivirus solution came out from the German company G Data Software for Atari systems. McAfee was also founded that year and launched VirusScan. Several more antivirus products followed.

The 1980s began with no real commercial cybersecurity products. They ended with several firewall projects and antivirus products on the market, and the trend would only continue.

Download the guide

Mainstreaming of the internet and the start of perimeter protection

The history of the “worldwide web” began in 1989, and its spread in the early 1990s made the internet mainstream. The decade started with fewer than 3 million internet users and ended with around 281 million. With millions of people putting their personal and financial information online, cyber criminals emerged to exploit it.

In the 1990s, cybersecurity tools focused on perimeter protection — firewalls and intrusion prevention systems — as well as antivirus software. Firewalls transitioned from lab projects to commercial products, with the second generation coming out of AT&T Bell Labs, which called their technology Circuit Level Gateway. This introduced the first stateful firewall, a firewall that monitors the complete state of active network connections. In 1994, Check Point launched Firewall-1, which was a milestone among commercial firewall solutions by offering a popular and easy-to-administer cybersecurity tool that used a graphical user interface.

With a firewall, packet filters could protect a safe internal network by hunting for known malicious traffic. These steadily became more refined and varied, but the basic concept stayed the same. Building a moat around corporate networks and applications was the method of the era.

The first virtual private network (VPN) was developed inside Microsoft in 1996 to extend the protection of the firewall to remote users “dialing in” with modems. It would later be used broadly for both security and privacy, enabling remote user activity to be hidden from internet service providers and public Wi-Fi. The technologies underlying VPN products — Internet Protocol Security (IPSec), Internet Key Exchange (IKE ) and, by the end of the decade, Layer 2 Tunneling Protocol (L2TP) — vastly improved VPN security as products spread.

Centralized security for the new millennium

Many of the attack types spreading widely today, like ransomware (the first instance of which happened via floppy disk in 1989), emerged as a more widely used technique in the mid-2000s. During this time GPCode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, MayArchive and other new ransomware attacks emerged. Ransomware became more attractive to threat actors with the rise of difficult-to-trace cryptocurrencies. Malware posing as antivirus became a major point of social engineering around ransomware attacks.

After 2000, the concept of the SOC (security operations center) came into vogue, an all-hands-on-deck control center featuring a room full of specialists monitoring and stopping security events across the whole enterprise. In the case of smaller teams, a Managed Security Service could accomplish this job. Either way, they probably used a security information and event management (SIEM) platform. This approach was an early attempt to deal with overcomplexity in both attack variants and security tools.

A SIEM is a collection of software systems that find, analyze and display data from devices, software and logging systems, or external sources. Today more than 60 companies sell SIEM solutions.

The SIEM idea has been more recently replaced by the emergence of real-time security intelligence platforms aimed to prevent problems like ransomware rather than find them after the fact. These use big data analytics to discover trends.

This kind of control room approach to cybersecurity could involve thousands of different solutions and products. They not only deal with a wide range of attack types but also with a wide range of solutions.

Next-generation firewalls emerged in 2008 and proliferated in the 2010s. Driven by Palo Alto Networks, these firewalls used application-aware packet filtering, user-based access control (regardless of the system’s IP address or device type), built-in IPS filtering and other advanced techniques that proved powerful when combined. By the end of the decade, there would be hundreds of firewall solutions.

The ransomware worm WannaCry emerged in 2017, spreading virally and demanding Bitcoin payment. During this decade, cybersecurity tools got way more modern, using network behavioral analysis and web application firewalls.

Today’s cybersecurity ecosystem is overwhelmed by choice

We start the new decade paralyzed by choice. Every security solution, starting with passwords and including firewalls, antivirus and antimalware, VPNs, two-factor authentication solutions, biometric tools, encryption products, hardware-based security, enterprise key management, container and Kubernetes security, confidential computing and many more, began as single solutions. More providers emerged, more solutions emerged and the tool landscape became more complex.

We find ourselves where market size itself is a security threat. The time and energy it takes to evaluate and choose from the incredible variety of solutions has become a significant investment, and the mastery and training of these solutions is another challenge altogether.

The proliferation of threats and solutions is unlikely to change. So for today’s cybersecurity and the battle against ransomware, the focus is on solutions that bring order to the chaos. Threats will continue to evolve at a faster pace and solutions must evolve with them. The next historic milestones for the cybersecurity ecosystem will be cloud-based tools paired with artificial intelligence and intelligent automation to target ransomware and today’s other threats.

Learn why IBM Security is recognized as a leader in managed security services, combining AI, threat intelligence and response to deliver better security outcomes.

More from Risk Management

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

The evolution of ransomware: Lessons for the future

5 min read - Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to the past and recent trends to predict the future. 2005 to 2020: A rapidly changing landscape While the first ransomware incident was observed in 1989,…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today