Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10 Sea-Changing IT Security Trends Of The Last 10 Years

A look at ten of the megatrends that have shaped IT security -- and in some cases, enterprise business -- over the last decade.


Resource Center, which began collecting data on major breaches in 2005, reported 781 major compromises in 2015 – the second most recorded during the decade. In addition, many companies have come forward to disclose lesser breaches: Risk Based Security’s Data Breach QuickView Report cited an all-time high 3,930 incidents in 2015, representing more than 736 million records.

As enterprises became more public with their compromises, security researchers spent an increasing amount of time and effort disclosing new vulnerabilities. Over the past decade, a cottage industry has emerged in finding and selling security vulnerability information to interested parties that were willing to pay for them. This "bug bounty" trend has continued to grow in recent years, and many major companies – including Facebook, Google, and Yahoo – now offer such programs as a part of their business. As a result, security vulnerabilities are being discovered and disclosed at record levels today.

With the increasing publicity of security breaches and vulnerabilities, the stigma and secrecy surrounding the security problem have begun to diminish. While companies are still reluctant to reveal the compromises they experience, there is greater acceptance that bad breaches can happen to good companies – and that the sharing of breach and vulnerability information can benefit entire industries. The emergence of information sharing groups within sectors such as financial services, retail, and energy suggests that companies are more willing than ever to admit they have a problem and then share it with others.

Out Of The Data Center And Into The Boardroom

The aforementioned publicity has resulted in another new phenomenon during the last decade: security is now a boardroom issue. Once sequestered into cubicles deep in the data center, IT security managers are now routinely consulted by management in matters of new technology deployment – and perhaps more importantly, business risk. Many organizations now recognize the threat of a breach as perhaps one of the most impactful – and least predictable – risk factors that can affect a large enterprise during the course of a given fiscal year.

While fear of negative headlines was the initial driver behind security’s rise to the boardroom, risk management has become the reason why many CISOs are keeping their seats at the mahogany table. Just as today’s businesses now recognize that they cannot build a single set of castle walls to defend, many are also recognizing that all new business decisions carry a certain level of cyber risk. As a result, today’s security team is tasked not only with defending the data the company already has, but with assessing the potential risk of new business and technology ventures. This trend promises to continue as companies “Internet-enable” a wide variety of devices and applications that previously had no intelligence: the Internet of Things.

The War Between The States

Cybersecurity was an issue for military and defense organizations long before 2006, but in recent years, the role of offensive, state-sponsored hacking activity has become a much larger and more important issue for enterprises as well. While Russian-backed attacks on government systems in Estonia and Georgia in 2007 opened the eyes of some security pros, it was their reach into non-government systems – such as contractors and media outlets – that worried many IT organizations. Subsequent reported attacks by China on Google and other media businesses made it clear that state-sponsored attacks would not be limited to military targets, but extended to targets of business espionage as well.

Today, most savvy IT organizations understand that some foreign governments actually support and fund the process of collecting business intelligence from rival nations through the use of state-sponsored hacking units. While China is the most frequently-mentioned offender, many other countries also conduct their own sorties into foreign business systems – including the developers of Stuxnet, an attack on Iranian systems that clearly served US interests. The result of all this state-sponsored activity is clear: the IT security department must now concern itself not only with financially-motivated attackers, but politically-motivated operatives as well.

Hacktivism Becomes A Thing

As governments were discovering the many useful ways that cybercrime could further their political interests, smaller groups of political activists – and even individuals – were discovering that online attacks were an effective method of raising awareness or making a protest. For several years, the largest of these groups, Anonymous and LulzSec, effectively kept the IT security industry on its haunches, wondering where they would strike next.

Hacktivist groups brought new threats to enterprise defenders, who previously had developed defenses primarily to protect the organization’s financial interests. Hacktivists, largely uninterested in data or financial theft, introduced the industry to new exploits such as distributed denial of service (DDoS), which simply made enterprise systems unavailable, or “doxing,” in which sensitive data and email was captured and published for all Internet users to see. With different methods and motivations than their financially motivated forbearers, hacktivists created a whole new theater of attack and defense for IT security departments to deal with – and those attacks and defenses are now part of any good corporate IT security strategy.

Blacklisting Blacklisting

In 2006, the chief defenses for enterprise security were based on "signatures" – the idea that a security system could store all known threats and simply block them when they arrived. Antivirus, intrusion detection systems, intrusion prevention systems, and other tools were generally built on this concept of “blacklisting” any incoming malware or data bearing a known bad signature

Over the course of the decade, however, the growth of new threats that had never been seen or recorded – so-called "zero-day threats" – has skyrocketed, primarily thanks to polymorphic technology that enables malware to be deployed and redeployed in a new version each time, essentially creating thousands of new instances that each constitutes a previously-unrecorded zero-day exploit. While signature-based technology still blocks many known threats, most security pros now recognize a need for tools and strategies such as behavior-based defense, which identifies malware by the way it acts, and whitelisting tools, which enable only known good data and applications while placing everything else in a safe “sandbox” where a determination can be made as to its security.

While it’s popular to state that antivirus is dead – and this sentiment was even repeated by the CEO of Symantec, maker of the world’s most popular antivirus software, in 2014 – most enterprises still use AV technology to help filter out the increasingly-smaller segment of malware that is both known and bad. However, using the term "signature-based" at a security conference continues to be about as well-received as using the term "high fat content" at the local gym.

Encryption Gets Both Good And Bad Names

As enterprises continue to struggle with blacklisting, whitelisting, behavior, and sandboxing, many security proponents are increasingly offering another, simpler strategy: encrypt everything. No matter what defenses you use, they say, attackers are likely to break through them – so the answer is to encrypt all sensitive data, therefore rendering the compromises useless, since the attackers end up with only streams of data that they can’t read. A good deal of promising encryption technology has come and gone over the last decade, much of it hobbled by cost of implementation, impact on performance, or confusion on how to manage the keys that unlock the encrypted data.

While encryption technology continues to improve and become easier to implement, it also has proven to be a double-edged sword because of its availability to attackers as well. In recent years, attackers have successfully penetrated enterprise defenses by simply encrypting their exploits -- and thereby obfuscating them from the view of security tools and IT security professionals. Other cybercriminals are now using encryption as a means of kidnapping enterprise data and holding it for ransom until the victim company pays a premium. IT organizations also are wrestling with legitimate encryption, which can make it possible for employees to hide their activities on corporate networks while limiting the effectiveness of traditional security technology such as deep packet inspection.

What's Next

What trends will define IT security a decade from now?

There’s no sure way to tell. Today’s behavior-based solutions may give way to some new generation of technology. The current emphasis on forensics and incident response may give way to a new set of prevention tools. The current emphasis on cyber risk might be offset by a new class of cyber insurance. Your guess is as good as ours. The one thing that we know for sure is that, when it comes to security, the only constant is change.

Related Content:



Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Recommended Reading:

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
6/1/2016 | 6:17:52 PM
What's Next? Machine Learning, Anyone?
A number of startups are trying to find ways to let machines look at internal user behavior, create statistical norms for what is typical, then highlight or escalate abnormal behavior that might be a breach. If you have 100 employees with the same job title, but only one of them is storing gigabytes of data in a cloud drive, that might merit the attention of a security analyst.


This is still very early days, and one can imagine all manner of places it won't work (what if you only have 2 employees with a particular job title?), but if it's even useful 1/4th the time in a large organization, that might still be a big step forward for accelerating early detection.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-13
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5....
PUBLISHED: 2020-07-13
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
PUBLISHED: 2020-07-13
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.