When mainframe computers lumbered in, revolutionizing how businesses and endeavors of all kinds operated, they were secured in rooms where everything from temperature and humidity, to access itself, was tightly controlled. It seems like eons ago, and, in fact, the way computers were treated in the beginning reminds us of the design of an ancient Egyptian temple, with the approach controlled and graduated through portal after portal.
Things changed. The advent of personal computing brought with it PC security issues that were so sudden and so vast that they can best be understood as an explosion. First, there were racks of servers, a proliferation of keyboards, and a control mechanism so original that the best name they could come up with was “mouse.” And then personal computers became part of the lives of millions, at work and even at home.
Until computers became networks, viruses had no way to spread. When they appeared, many of the earliest viruses were little more than sassy greeting cards. An unexpected and often unwelcomed message and/or image would appear on a computer terminal. Perhaps the earliest serious PC security threats can be traced to the mid-to-late 1980s, when the Brain virus appeared and was the first IBM-PC compatible virus. Brain infected the boot sector of PCs running MS DOS, making them slower and sometimes leaving them unusable.
In February 1992, the Computer Emergency Response Team (CERT) of Carnegie-Mellon University issued a virus warning advisory for Michelangelo, the first PC security threat to gain widespread fame. CERT was a month ahead of the game apparently, as the virus was named Michelangelo because it was designed to activate each year on March 6, the artist’s birthday. Michelangelo was also a boot-sector virus, but its damage included overwriting data, rendering memory unusable and causing the data to be almost impossible to recover.
The impact of Michelangelo came from its notoriety. Michelangelo put PC security hazards on the map, attracting massive media attention and widespread fears of havoc around the world. IBM sold out of its antivirus programs for a time, beginning a trend that now amounts to at least $170 billion a year spent on cybersecurity.
A curious twist of history that persists is that most of that cybersecurity spending remains devoted to online solutions, while the physical points of access to personal computers remain unguarded in most cases. Yet, it is those physical points of access – namely, USB ports – that have been the path of least resistance for some of the biggest cyberattacks to date, including the infamous Stuxnet virus that brough down the Iran nuclear program in 2010. A simple USB flash drive carrying the virus was used to take down the reactor facility.
Today, Forbes estimates that $170 billion will be spent to defend against cybersecurity threats, yet the vast majority of that spending will be devoted to stopping the cloud-based activities of hackers and other cybercriminals.
While we do need to devote considerable attention to the cloud-based data breaches that occur on a weekly basis, we ask whether enough is being done to protect our ubiquitous open ports. After all, it costs only $4 to lock down a USB port. What is the cost of a data breach by leaving them unprotected?