A history of information security

Freelance tech writer, LinkedIn profile

Author Bio ▼

A tech writer specialising in cybersecurity, working with Redscan on this and a number of other GDPR, MDR, and ethical hacking projects.
June 27, 2019


Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Information security has come a very long way over the past half a century.

Starting out as a bit of a practical joke between colleagues back in the 1960s, the steady rise of technology in the years that have followed has now made information security a huge modern-day issue – and you don’t have to look too hard to find out why.

Large companies like Yahoo, Microsoft and Equifax have each been targeted by hackers in the past ten years alone. Plus, while cyber safety has improved hugely over the years, 2017’s WannaCry ‘ransomworm’ attack proved that it is not just information security that has evolved over the years – hackers and computer viruses have too.

The issue is certainly no joke anymore and, while it’s possible for companies to physically secure their files via a range of security and fire safety techniques, having effective antivirus software available is imperative to preventing cyber-attacks.

Here is a detailed look at how both information security and hacking have advanced over the years, and the milestones that have defined their progression.

1960s: Password protection

It was during the 1960s when organisations first started to become more protective of their computers. During this time, there was no internet or network to worry about, so security was largely focused on more physical measures, and preventing access to people with enough knowledge about how to work a computer.

In order to do this, passwords and multiple layers of security protection were added to devices. Fire safety measures were also implemented, to ensure that the stored data was protected. After all, there was no iCloud available back in those days, so computers had to be secured by other means.

1970s: From CREEPER to Reaper

Cybersecurity’s history began with a research project during the 1970s, on what was then known as the ARPANET (The Advanced Research Projects Agency Network). A researcher named Bob Thomas created a computer program which was able to move ARPANET’s network, leaving a small trail wherever it went. He named the program ‘CREEPER’, because of the printed message that was left when travelling across the network: ‘I’M THE CREEPER: CATCH ME IF YOU CAN’.

Ray Tomlinson – the man who invented email – later designed a program which took CREEPER to the next level, making it self-replicating and the first ever computer worm. Fortunately, he then wrote another program called Reaper which chased CREEPER and deleted it, providing the first example of antivirus software.

Thomas and Tomlinson’s programs may have been designed as a bit of a mess-around, but they actually served a highly important purpose, revealing a number of flaws in ARPANET’s network security. This was a huge concern at the time, as many large organisations and governments were linking their computers via the telephone lines to create their own networks. Certain groups of people began to recognise this as well, seeking out ways to infiltrate these lines and steal important data. Say hello to the world’s first hackers.

1980s: The internet goes mad

Over the years that followed, computers started to become more and more connected, computer viruses became more advanced, and information security systems could not keep up with the constant barrage of innovative hacking approaches.

The Russians, for example, began using cyberpower as a weapon and, in 1986, employed German computer hacker Marcus Hess to steal US military secrets. He hacked into over 400 military computers, including mainframes at the Pentagon, and intended selling their secrets to the KGB. Fortunately, he was thwarted.

Two years later, in 1988, saw the birth of the Morris Worm – one of the major turning points in the history of information security. Network usage began to expand rapidly, and more and more universities, militaries and governments became connected to it. That meant that the security measures required had to gradually become more expansive as well, which gave birth to the Morris Worm.

Named after its inventor Robert Morris, the worm was designed to propagate across networks, infiltrate terminals using a known bug, and then copy itself. Its aim was to identify lacking areas in a network intrusion prevention system.

However, its ability to self-replicate would be its downfall, as the worm replicated so aggressively that it rendered targeted computers inoperable and slowed the internet down to a crawling pace. It also spread quickly throughout the network, and caused untold damage. In fact, the damage it caused was so severe that Robert Morris became the first person to become successfully charged under the Computer Fraud and Misuse Act. The Computer Emergency Response Team (CERT) was also formed as a result, in order to prevent cyber issues like these happening again.

During the 1980s, the ARPANET network also became more commonly known as the internet, and became available to the public as the worldwide web during 1989.

1990s: The rise of firewalls

With the internet becoming available to the public, more and more people began putting their personal information online. Because of this, organised crime entities saw this as a potential source of revenue, and started to steal data from people and governments via the web.

By the middle of the 90s, network security threats had increased exponentially and, as such, firewalls and antivirus programs had to be produced on a mass basis to protect the public. It was a NASA researcher who created the very first firewall program design, following a computer virus attack at their California base. The research and their team created a virtual ‘firewall’ which they modelled on the physical structures that prevent the spread of actual fires within buildings or structures.

However, while these firewalls and antivirus programs went some way to minimising the risk of attacks, computer viruses and worms kept coming thick and fast, so hackers definitely had the upper hand at the time.

2000s: Proper punishment

In the early 2000s, governments began to clamp down on the criminality of hacking, giving much more serious sentences to those culpable – including extensive jail time and large fines. This was a far cry from the 1980s, where hackers were given much lighter sentences – ranging from stern warnings to probation.

Information security continued to advance as the internet grew as well but, unfortunately, so did viruses. Hackers quickly became able to create viruses that could not only target specific organisations, but whole cities, states and even continents as well.

2010s: The era of major breaches

Due to the consistent rise of technology, hacking became ever more complicated over the years that followed, and a number of major data breaches now largely define the era. These include:

  • Snowden & The NSA, 2013. Edward Snowden – a former CIA employee and contractor for the US Government – copied and leaked classified information from the National Security Agency (NSA), highlighting the fact that the government was effectively ‘spying’ on the public. He is controversially thought of as a hero to some, and a traitor to others.
  • Yahoo, 2013 – 2014. Hackers broke into Yahoo, jeopardising the accounts and personal information of all their three billion users. They were fined $35 million for failing to disclose news of the breach in a timely manner, and Yahoo’s sale price decreased by $350 million as a result.
  • WannaCry, 2017. More widely known as the first ‘ransomworm’, WannaCry targeted computers running the Microsoft Windows operating system and demanded ransom payments in the Bitcoin cryptocurrency. In only one day, the worm infected over 230,000 computers across 150 countries.

While each of these data breaches were incredibly severe, thankfully a number of companies exist to offer solutions to these potential travesties – so it’s not all bad.

Information security is constantly improving, and many companies are designing a vast array of novice attack mitigation options which utilise things like Network Behavioural Analysis (NBA), web application firewalls (WAF), and Denial of Service (DoS) protection.

However, on a more personal level, it is vital for people and businesses to keep on top of their information security, and implement techniques to ensure that their data stays protected. If you are a business for example, using an expert document scanning, storage and management service can provide you with the peace of mind you’re after, knowing that your documents are safe. Likewise, using a cloud-based platform to store your personal files can be an absolute godsend if you ever happen to lose or damage your physical files.

Moving forward

Information security is the ying to a computer virus’ yang – they come together. Fortunately though, cyber security is only becoming stronger and stronger as time goes on so, while there will always be someone out there wanting to cause havoc, let’s hope that one day good will triumph over evil, and information security can leave computer viruses behind for good.

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
Student of IITU(KZ)
Student of IITU(KZ)
April 23, 2020 5:37 am

Very interesting article.It helped me a lot!

January 8, 2021 11:31 am

Very Informative

March 19, 2021 10:50 pm

helpful information

Michael P.
Michael P.
June 23, 2021 8:35 am

Nicely put, thank you for taking the time

Last edited 2 years ago by Michael P.

[…] security is a system that is responsible for the protection of networks, servers, and apps that use the Internet. The main goal of cyber security is to prevent users from hacking […]

March 15, 2022 3:09 pm

can someone outline the historical transition from computer security to information security