20 years of hacks, data breaches and scams

LinkedIn just reminded me that éclat was founded two decades ago.  That means that I’ve officially been working in cyber security PR four times the length of the sentence dealt out to cyber security celebrity hacker Kevin Mitnick in the 1990s for breaking into computers, stealing corporate secrets, scrambling phone networks, and hacking the US government’s national defence warning system.

This timely reminder from LinkedIn prompted me to write this blog about how cyberattacks, public awareness and the media reporting of cyber security has changed dramatically during this time.  If I launched my time machine and headed back to Black Hat 1998, I’d still see the odd familiar name like Bruce Schneier talking about subjects like cryptography, which still remain relevant today.  Yet fast forward to 2018 and the speed, impact and variety of threats has multiplied almost beyond recognition with the advent of connected devices, cloud-based services and social media.

The news agenda has metamorphosed almost beyond recognition.  Twenty years ago, the bulk of security news stories were still predominantly the domain of the IT trade and specialist computer security media.  In 1996 InfoSecurity Europe opened its doors for the first time to welcome a collection of companies touting IDS and IPS systems and firewalls or antivirus solutions.  By contrast, a trip to the exhibition halls of InfoSecurity or RSA today reflects just how much the industry has changed.  The number and variety of exhibitors has grown meteorically, and the conversations are more likely to revolve around ransomware, phishing attacks, compliance and nation state attacks, rather than worms, viruses or the latest firewall technology.

Social media has had a profound impact both on the threat landscape and on the working of the newsroom. The mantra twenty years ago was on keeping the bad guys out, yet today in our cloud-enabled world the perimeter is well and truly dead and social engineering – empowered by a world where we all routinely share huge amounts of personal data online -is the name of the game, with  hackers routinely seeking to exploit our collective willingness to click on weblinks and attachments that purport to come from trusted sources.

The role of the journalist has been transformed by the fact that the advent of social media means that anyone can become an online publisher, giving rise to another new concept in the form of ‘fake news’.  Twenty years’ ago, there was a lot more money in publishing and publishing cycles could last weeks or even months, with print editions still holding their own against the online competition.  Today, however news cycles operate on steroids in a world where a tweet or blog post is just as likely to be the source of a news story as a press release, and journalists have hours rather than days to react to breaking news.  Social media is both the source and the echo chamber for stories which can spread globally within seconds.

The public’s awareness of cyber security risk has also changed dramatically.  I often find myself in the pub with my mates on a Friday night discussing subjects like Russia’s involvement in the US elections and the very real threat of government sponsored cybercrime undermining the very foundations of democracy, or how GDPR will affect the risk of theft of our most sensitive data.  That’s a very different reality to two decades ago when security was pretty much exclusively the domain of techie geeks.  Today it’s just as likely that the BBC will feature a story about a massive data breach reported by Facebook or British Airways, as it will about other criminal acts.

The board is also waking up to the reality of what data breaches and cyberattacks mean to their bottom line, brought into stark focus by new regulations such as GDPR and the downtime and disruption caused by ransomware attacks.  So, when I look back and compare the world of cyber security PR two decades ago to today, I have to confess that the stakes have risen almost beyond recognition. Cyber security, privacy and risk have become mainstream issues. The world of cyber security PR is faster and more competitive than ever and the battle for column inches is intense.

Ex-hackers like Kevin Mitnick and security gurus like Bruce Schneier have achieved near mythical status in the eyes of the security industry and are now much sought-after authors and public speakers.  At éclat we’re lucky to be in an industry sector that is extremely buoyant – Gartner predicts global cyber security spending to top $124 billion in 2019.  No surprise then that cyber security is attracting huge investment and plenty of innovation.  What’s pleasing to see however, is that this innovation is not only coming out of Silicon Valley and Israel, but also our own backyard, as the UK is slowly cultivating its own cyber security glitterati.

What the next twenty years will bring is impossible to predict, as AI, Quantum Computing and robotics arm both hackers and defenders with tools more powerful that we could ever have imagined twenty years ago.  However, one thing that’s undoubtedly true is that there will always be no shortage of great stories to tell about this amazing industry we work in, so bring on the next decade in cyber security!






Two minutes at IP Expo – Talking about cyber awareness

Cyber Beat – the éclat Marketing podcast