Information has always been a powerful tool—so powerful that entire civilizations have built their survival around controlling who gets access to it. From the beginning of human history, secrets have been guarded, and knowledge has been withheld to maintain power, protect communities, and advance society. Today, this struggle to protect and restrict access to information continues in the form of cybersecurity.
The eternal struggle to protect knowledge has been a constant theme throughout history. From the biblical story of Adam and Eve to the modern-day encryption methods used in cybersecurity, the desire to control and protect knowledge has shaped our societies and technologies.
Unveiling the ancient roots of cybersecurity
Let’s journey through time and across cultures to see how deeply rooted this concept of guarding knowledge is.
In the Judeo-Christian tradition, the knowledge of good and evil was hidden from Adam and Eve in the fruit of the forbidden tree. God’s desire to prevent access to this powerful information shows us that even at the dawn of humanity, there was an understanding that some knowledge needed to be protected for the good of all. We will revisit this story when discussing controls, incident response, and post-incident policy changes.
Across the Mediterranean, the ancient Greeks told the story of Zeus keeping the secret of fire on top of Mount Olympus, out of humanity’s reach. Prometheus, who crafted humans from the spit of Zeus and the soil of Gaia, stole fire from Olympus and delivered it to humans. This was a dangerous act in the eyes of Zeus because with fire came technology, creativity, and power, making humans too godlike, essentially giving them access to knowledge that they did not know how to handle. Zeus sentenced Prometheus to be chained to a rock and have his liver eaten by a hawk every day, healing every night, since he was a Titan, until the bird was destroyed by Heracles (or Hercules).
Prometheus’ theft of fire from the gods represents unauthorized access to powerful knowledge that can be misused. This can be compared to modern insider threats. In 2019, a former employee of Capital One used their inside knowledge to exploit a misconfiguration, leading to a data breach affecting over 100 million customers. Capital One claimed that their Vulnerability Disclosure Program (VDP) made them aware of an exploitable vulnerability in their system. While following up on this vulnerability, the Capital One team discovered that the vulnerability did lead to an attacker exploiting their system and stealing customer data.
In ancient China, the formula for silk production was one of the most closely guarded secrets for centuries. The Chinese monopoly on silk allowed them to control a vital part of the world’s economy. This “information advantage” is similar to how companies today keep their algorithms, processes, and intellectual property under lock and key, both physically and digitally, to maintain their competitive edge in the market.
Even the ancient Indian Vedas, sacred texts of spiritual and philosophical knowledge, were orally passed down only to select individuals who were deemed to have the proper understanding and capability to handle such powerful insights, preserving the integrity and authority of that knowledge.
As societies evolved, the need to protect information became a matter of national security. Think of Sun Tzu’s The Art of War, which emphasizes that knowledge of your enemy and yourself is critical to victory. The practice of espionage, from ancient dynasties to modern intelligence agencies, has always revolved around stealing or protecting knowledge. In medieval Islamic culture, scholars protected critical scientific and philosophical works using encryption, creating ciphers that guarded their intellectual property. This was one of the earliest uses of cryptography.
This continues throughout modern history: during World War II, the Navajo Code Talkers used their native language to encrypt US military communications, making it impossible for enemies to decipher their messages. At the same time, the Enigma machine, a German encryption device, was being used to secure military communications. The British effort to crack Enigma at Bletchley Park remains one of the most famous examples of how the ability to access or block information can alter the course of history.
These examples highlight a fundamental truth: the need to protect knowledge is not new. What has changed is the sheer scale of information and the sophisticated tools we employ to safeguard it. What once required codes, spies, and secret agents now demands firewalls, encryption algorithms, and cybersecurity professionals. While the methods and tools may have evolved from code-breaking machines and spies to encryption algorithms and cybersecurity teams, the underlying goal remains unchanged: to control access to information and protect it from those who misuse it.
Bridging the past to the digital present
As we move into the 20th century, the need to protect information becomes increasingly tied to technology. The rapid advancement of industrial, military, and communication technologies requires new methods of securing knowledge. Cryptography, once a manual art, became a field dominated by machines and computers. Securing information took on new dimensions during the Cold War of the mid-20th century. Governments and militaries realized that control over communication and information would be pivotal to their success, in addition to protecting against physical threats. The development of the Advanced Research Projects Agency Network (ARPANET) in the late 1960s marked the beginning of the modern internet. Initially designed for academic institutions and the US military to communicate, the system focused on resilience and security from external threats. Only a few entities, mainly governments, universities, and defense organizations, had access to this early internet. It was a tool for the privileged few—those responsible for protecting nations or pushing the boundaries of scientific discovery.
The network expanded in the 1970s and 1980s, connecting more universities and research institutions. With this growth came a heightened awareness of safeguarding sensitive information. However, the internet remained primarily a tool for academia and the military, far removed from ordinary people’s everyday lives.
By the 1990s, everything had changed. The internet was opened to the public, and what had been a tightly controlled tool for military and academic use became a global phenomenon. Governments, businesses, and individuals were suddenly sharing and storing information worldwide. While the ability to communicate globally created immense opportunities, it also introduced new risks.
Cybersecurity, as we know it today, began to take shape during this period. The rise of personal computers, followed by the dot-com boom, brought millions online. At the same time, threats emerged—from the first viruses and worms to email phishing scams. Organizations and individuals alike were suddenly vulnerable to attacks that didn’t require physical access but could be carried out worldwide with the click of a button.
Hacker culture also rose to prominence in the late 1990s and early 2000s. What had been a community of curious tech enthusiasts grew into a much broader underground movement. Some hackers sought to expose vulnerabilities for fun or challenge, while others did so for financial gain or political motives. The infamous Melissa virus in 1999 and the I Love You virus in 2000 infected millions of computers via separate email attachments that automatically emailed others in a contact list, waking the world up to the dangers of the internet age.
The explosion of connectivity: The past 20–30 years
In the past 20–30 years, the internet has expanded exponentially. What started as a handful of connected computers in the 1960s is a global network that touches nearly every aspect of life. The internet is no longer just for academics, scientists, or businesses. It’s for everyone—no matter where they are in the world. Children in remote villages watch the same cartoons as kids in bustling cities. People across continents speak different languages but interact in the same digital space—thanks to the internet’s vast reach, made possible by fiber-optic cables running under oceans and cell towers scattered across every corner of the globe.
Smartphones, Wi-Fi, and globalized content now connect billions of people. Every home, business, and public space has become a hub of digital activity. The devices we carry—smartphones, tablets, and laptops—are all interconnected, exchanging data over wireless networks, satellite signals, and cables in the air, underground, and even underwater.
This interconnectedness causes an exponential rise in security challenges. From social media accounts being hacked to massive data breaches exposing the personal information of millions, we have entered a new age of cyber threats. The explosion of online shopping, cloud storage, and remote work means that both individuals and corporations are at risk, and the scale of these threats has grown beyond anything that could have been imagined just a few decades ago.
As of today, data is the new currency. In this digital age, the data we produce—our social media activity, personal emails, banking information, or even our movements tracked by fitness apps—can be as valuable as money. Attackers no longer just want to steal passwords or credit card numbers. They’re after everything: medical records, proprietary corporate secrets, and even state secrets.
The rise of Artificial Intelligence (AI) and big data analytics has further complicated the cybersecurity landscape. On one hand, AI tools are being developed to help detect and prevent cyberattacks, automating scanning for vulnerabilities. On the other hand, cybercriminals are leveraging the same technology to launch more sophisticated attacks, using machine learning to find weaknesses in systems faster than ever before.
The past century saw the internet transform from a military tool to a commercial one and now to a fully integrated global resource. Today, the fight to protect information doesn’t take place in physical vaults or war rooms; it happens in data centers, on servers, and within cloud infrastructure. The battlefield is digital, and everyone is a potential target.
But the need to protect that information, whether it’s the private details of your emails or the critical data that runs national infrastructure, is the same as it’s always been. Just as past empires protected trade routes and scientific knowledge, today’s governments, corporations, and individuals must protect their data and digital identities.
Moving deeper into this chapter, we will examine specific examples of cyberattacks, their real-world consequences, and what modern cybersecurity professionals are doing to fight back. Whether preventing state-sponsored cyber warfare, stopping criminal enterprises from siphoning money from corporations, or keeping your data safe, cybersecurity has never been more critical.
Modern vulnerabilities
In the digital world, vulnerabilities are like cracks in a wall—weak spots in software, systems, or networks that can be exploited to get through by means other than those intended. These weaknesses can enable someone to bypass security measures, access information, or disrupt normal operations. Just as a structural crack in a building can lead to more significant problems if not repaired, digital vulnerabilities can lead to substantial risks if left unaddressed.
Every technology we use—our smartphones, computers, and the websites we visit—operates based on rules and processes designed by the people who created it. These rules tell the system how to behave, protect data, and interact with other systems. However, sometimes, gaps or errors in these rules form. When that happens, vulnerabilities form, creating unintended ways for someone to access information or functions that are supposed to be secure.
Common vulnerabilities: Everyday examples
Understanding vulnerabilities doesn’t have to be complicated. Let’s examine some simple, everyday examples of vulnerabilities and how they can be used to access systems in unintended ways. Vulnerabilities can exist for a variety of reasons:
- Human error: People who design, build, and use technology sometimes make mistakes, leaving unintended system openings
- Outdated software: If systems aren’t regularly updated, known weak spots remain exploitable
- Complex systems: The more complex a system is, the more likely it is to have vulnerabilities due to unforeseen interactions
- Misconfigurations: Improper setup of security settings can leave systems exposed
- Default settings: Failure to change default passwords or security settings can provide easy access points for attackers
- Lack of encryption: Unencrypted data transmission or storage can be easily intercepted or accessed
- Insufficient access controls: Overly permissive user rights can allow unauthorized access to sensitive areas
- Third-party vulnerabilities: Weaknesses in external services or software libraries can compromise otherwise secure systems
- Social engineering: Manipulation of human psychology can bypass technical security measures
- Physical security gaps: Inadequate protection of physical assets can lead to unauthorized access to digital systems
These vulnerabilities manifest in various ways, often with severe consequences. Let’s explore some common types of vulnerabilities through real-world examples that demonstrate the high stakes of cybersecurity in action.
Weak passwords: The unlocked door
Imagine your front door is protected by a lock, but instead of using a strong key, you use 12345 as the code; it won’t do much to stop anyone! The movie Space Balls presents this situation in a comedic turn of events, with one character saying, “That’s the kind of thing an idiot would have on his luggage!” (https://youtu.be/a6iW-8xPw3k?si=lQcQGyg3SKFbUUOy). Police report that most larceny from vehicles occurs because the car is left unlocked and unattended. We will discuss how to avoid this problem in later chapters. Further, many people reuse the same password for many different websites. Unfortunately, so many credentials have been leaked in the past that the combination of your username, email address, and password is available for anyone who knows where to look. We will also address how to find this later in Chapter 11, Open-Source Intelligence (OSINT): Uncovering Information Like a Spy.
Password reuse and weak passwords led to the 2021 Colonial Pipeline Company ransomware attack. The company reacted to the attack by shutting down its pipeline, leading to panic-buying, which caused gas shortages in the Southeastern US. Colonial Pipeline paid the ransom, and while the FBI recovered most of the cryptocurrency, the more significant loss that occurred was due to a loss of business and a drop in stock price due to the company’s handling of the incident.
Outdated software: The festering wound
Imagine you have an injury that is left untreated. The lack of proactive treatment could lead to infection and bigger problems. Not updating your software is similar. While some software updates are rolled out to fix annoying bugs or improve features, the most critical updates occur because of security flaws that were identified and fixed. Now, it is the user’s responsibility to update their computer with the latest version offered by the software developer and ensure effective protection of their data.
In 2022, a system administrator’s personal computer for the software company LastPass was infected because it was hosting an out-of-date version of the Plex video hosting software. Attackers hijacked the administrator’s credentials. With these credentials, attackers accessed the LastPass database and stole thousands of customer records. Due to the event, LastPass saw a massive hit to its stock and a loss of customers.
The consequence of leaving software outdated is further highlighted in the 2017 Equifax attack. Equifax utilized a fairly common website software called Apache Struts. Apache became aware of a vulnerability in its software and told users to install the update promptly, if not immediately. Equifax became a victim of a group hunting for this exact Apache Struts vulnerability in large companies. The vulnerability was easily attacked through the Equifax website, and attackers got in and wreaked havoc on other unpatched systems. By the time Equifax was able to remove attackers and seal up their environment, over 140 million customers had been affected. Many of those affected did not even know they were Equifax customers. Because Equifax is a credit bureau, its customers are anyone who has or may ever want to utilize credit. Lawsuits, fines, and market conditions resulting from the incident have cost Equifax over $1.3 billion.
Overcomplexity: The enemy of security
In Greek mythology, King Minos of Crete had Daedalus design a labyrinth to be a prison for his enemies and a home for his wife’s son, the Minotaur. The labyrinth was so complex that even Daedalus could not give Theseus the secret to successfully make it through the maze. However, Princess Ariadne gave Theseus a simple solution: a ball of string. By tying one end at the entrance and unraveling it as he walked, Theseus would always know the way back to the exit. Just like the labyrinth, modern systems can be very complex, but the vulnerabilities can still be simple. A simple, overlooked weakness can lead to a serious security risk.
A great example of this is the MGM Resorts attack of 2023. The attackers found details for one of the system administrators and used a relatively simple method to gain access. They called tech support and intimidated them into resetting the administrator’s passwords by pretending to be the administrator and claiming they would get the tech support technician in trouble if they didn’t help them. This methodology is called social engineering, and we will cover more details of that in Chapter 5, The Human Factor: Why People Are the Key to Success in Cybersecurity In the end, the attacker convinced tech support to change the password and bypass multi-factor authentication, which we will also explain later. The attack cost MGM Resorts over $100 million, including $10 million in one-time consulting cleanup fees.
A similar event occurred at Uber in 2022. An attacker convinced technical support to give the attacker the username and password to log in with high-level access. Fortunately for Uber, this attacker was not interested in money or malice and had participated in this attack for the thrill. Had the attacker been motivated by financial gain, they would have been able to shut down the company for days, if not longer.
Having all the guards, locks, and sensors is fine and dandy. But when you walk the attacker right into the vault and hand them the keychain for all of the safes, the rest doesn’t matter. The concept of social engineering will be discussed in detail later in this book. It can be the most powerful tool in an attacker’s arsenal.
Insider threat: The classic folly
A few of the examples from early in this chapter—the Garden of Eden, Prometheus, and Ariadne and the labyrinth—illustrate those who have access or knowledge of a system either taking advantage of that knowledge themselves or sharing it with another. In cybersecurity, this is a form of insider threat attack. Other forms of the attack are less malicious or malevolent but can still harm the organization, including accidents and negligence. Some examples we have shared might fall under multiple types of vulnerability or attack.
An expensive example of an insider threat attack was the 2019 Capital One data breach. A former employee knew of a misconfiguration in a web application security feature. After leaving the company, the former employee broke back in using that known flaw and exposed the personal information of over 100 million customers and applicants.
At a water treatment facility in Ellsworth County, Kansas, in 2019, a former employee remotely accessed the plant and attempted to shut down the facility’s cleaning and disinfecting processes, which are crucial for providing clean water to the public. After the attacker was fired, they retained credentials (username and password) to access the facility’s control systems remotely. Proper access control methods, personnel onboarding, and offboarding procedures could have prevented this and several other incidents we have discussed. We will explain all of that in more detail in the upcoming chapters.
In 2019, a rogue employee leaked the personal data of 9.7 million Canadian credit union Desjardins Group customers. The employee exported sensitive data over time and sold it to third parties. Similarly, if we look at the cases of Edward Snowden in 2013, Chelsea Manning in 2010, and Harold T. Martin III between 1996 and 2016, we see that many insider threat actors work slowly and operate over a long period before they are caught or complete their attack. In these three cases, government contractors and a military intelligence analyst gained access to sensitive data, removed it from proper storage, and either released it to the public or stored it insecurely in their homes.