As we gear up for the 20th anniversary edition of SC Magazine
, set to drop in November, I've been forced to get pretty nostalgic about the security industry.
Considering I joined the staff here in January 2006 -- and the extent of my IT security knowledge prior to that was the Melissa worm
-- I don't have a lot of memories from which to draw.
In fact, I still can't believe that SC
is turning 20. I would have loved to see that inaugural 1989 edition. Hopefully, we still have it laying around somewhere, but considering the publication took shape in the UK, under different ownership, I'm not so sure that gem will ever be found.
But as our staff brainstorms ideas for this momentous occasion, we, of course, plan to look at how the threat landscape has changed. Clearly, quite a bit. Compliance demands, the rise of the CSO, botnets, targeted malware.
I don't need to rehash how professional and sophisticated the cybercriminal underground has gotten compared to as soon as just a few years ago.
Yet, there's also so much that remains the same. And I think it's important to show that.
Spam immediately comes to mind. But so does the biggest security story of the last couple of weeks: the Twitter distributed denial-of-service attacks
attacks have been happening for years -- an assault on the Department of Justice website in 1996 was how former OMB director Karen Evans
got her first taste of cybercrime.
It was funny seeing some of the more mainstream outlets last week write the obligatory sidebar about what a DDoS is. They could've just as easily pulled from the archives. Not much was different about this attack -- other than the target. (If anything, let this be a wake-up call to some of these social networking sites that security must be a priority).
So, in the end, not much has changed within this space. Maybe that's why security pros can get pretty frustrated with their jobs -- they're always fighting the same fires. And now with more check boxes
to fill out than ever before.