When it comes to cybersecurity, the 2010s were a rollercoaster.
On the one end, technology further entrenched itself into our daily and professional lives, becoming indispensable. It enables a wider and more diverse pool of people to access the internet. But all wasn’t without some far-reaching consequences.
So that we’re on the same page, the goal of this blog post isn’t to document the decade’s major cybersecurity events—the topic has already been covered intensively. Instead, I’m looking to shine the light on the implications of these events and how they might affect our present and future.
For anyone even remotely interested in cybersecurity—a certified expert or not—the past ten years have taught us many lessons. Not strictly tech lessons, but also abstract lessons necessary to survive what’s yet to come.
1. No one’s safe
One realization that hit particularly hard for me as I first ventured into the world of tech is that no one’s safe.
And there doesn’t seem to be any exception to the rule. Whether you’re an international mega-corporation, a small business, a non-profit organization, or a state-owned enterprise, we’re all at constant risk.
The reason?
Data.
It’s become glaringly obvious that hosting any amount of data paints a huge, bright red target on your back. Of course, some data types are more sought-after than others, like medical records and social security numbers, but even data as innocuous as your anonymized browsing data can still fetch a good price on the black market.
Now that data is worth more than ever, and we’re creating more of it (402.74 million terabytes daily, to be precise), cyberattacks have increased by a whopping 440% since 2009.
2. Trust no one*
I’m not saying that the majority of society is leading double lives as cybercriminals. What I am saying is that anyone you come into contact with could be used as a vehicle to infiltrate your defenses.
You trust your best friend or your brother not to maliciously send you a virus (I know I do), but do you trust their commitment to internet hygiene?
It’s even worse for businesses.
Nowadays, it’s downright impossible to run a 100% self-reliant business, from phone systems to IT infrastructure and storage servers, there’s no way around hiring a third-party service provider. Working with others means granting access to your network, leading to more endpoints to protect, and an increased risk of attack even if you do everything right. As of 2019, 44% of data breaches were through a third-party vendor.
And it gets much, much worse.
A mere 15% of companies were notified by their contractors of the attack early on, preventing the majority of businesses from reacting quickly enough.
*This isn’t a pitch for abolishing third-party services; rather, you should be cautious of who you work with. Trust is already a fickle thing, and having millions of dollars on the line doesn’t help.
3. One attack to end it all
Despite being a daily occurrence, cyberattacks and data breaches are far from insignificant, and you rarely get a second chance to learn from your mistakes.
It’s estimated that around 60% of SMBs go out of business within a year following a cyberattack. But that’s not necessarily because they went bankrupt.
Surprisingly enough, the financial repercussions are often the lesser of two evils.
Being ready with a cybersecurity insurance policy and regularly backing up data to avoid paying ransom are often sufficient to mitigate the financial losses. What actually destroys the company is its ruined reputation.
If the blame game were a mobile app, it’d rank #1 by a long shot. People want something or someone to blame for the violation of privacy and compromise of their data, and more often than not, it’s going to be the company that pays the price.
Reputations are difficult and incredibly time-consuming to repair, especially when competitors with a clean slate offer similar services and products.
4. Innovation kinda sucks
(At least in the wrong hands.)
The thing about innovation and technological advancements is that they’re universal. If you have them, then so do those with ill intent.
Advancements in tech aren’t just helping hackers break into complex, and presumably, secure systems; they’ve also created new avenues of attack.
The average hacker no longer needs special equipment or software to cause harm.
They don’t even need to be particularly good at programming. Social engineering attacks are on the rise and are still as effective as when people had little to no cybersecurity awareness. From phishing emails to voice emulators and deepfakes, social engineering plays a crucial role in close to 99% of all cyberattacks.
(Despite having written this blog post in 2020, updating it now in 2025, it’s ironic how little consideration we gave to the role of artificial intelligence in phishing schemes and cyberthreats.)
5. Investing in people is crucial
The 2010s were a time of rapid automation. Everything that could be digitized was digitized. Whatever a skilled worker can do, there’s software that can do it better, faster, and cheaper.
But that’s not the case with cybersecurity.
Unless you plan to run a business without a single employee in sight, you still need to invest in cybersecurity education.
Technology is evolving at dizzying rates; a 2013 knowledge of cybersecurity can barely keep an email address safe when faced with the sophisticated scams of 2020.
Even if you have dedicated in-house security and IT teams, cybersecurity is an all-or-nothing commitment. If even just one person on your team doesn’t know the proper precautions to take, they can lead to the downfall of a decade-old business.
Depending on your business’s industry and size, security education can take various forms, anywhere from monthly seminars to keep staff up to date on the latest news to regular workshops that explore the ins and outs of the current cybersecurity landscape.
Whatever the intensity of training you decide is right for you, it needs to be rolled out on a regular basis and all staff members accounted for.
After all, you can invest in the most robust lock ever created, but if you don’t know how to turn the key, you might as well leave the door open.
6. Staying offline is no longer an option
Back in the good ol’ days, keeping data safe was pretty straightforward: keep the files locked in a safe, behind a couple of closed doors.
No sneaky backdoors, no hacks, no tricks.
But, for rather obvious reasons, that’s no longer an option.
Sure, you can keep a couple of servers separated from the open network and offline 99% of the time, but those aren’t the only files that matter.
People nowadays expect businesses in all industries to be available online at all times. Anything less is an inconvenience that could affect client satisfaction and, subsequently, the bottom line.
The majority of your business’s data needs to be accessible by staff, management, and/or clients from multiple locations. Having to constantly go back and forth into a locked room to update a file is a colossal waste of time and effort.
These days, you have to be online, and you have to keep yourself safe.
No buts.
7. Double-edged tech
While some tech was created in favor of keeping data secure, others helped leak it, and the rest are a double-edged sword.
The Internet of Things (IoT) is a great example. It can be of great benefit to the prosperity of a business, offering a customizable network that increases staff productivity and efficiency.
But introducing IoT to your main network means more endpoints to maintain. After all, IoT devices can be challenging to secure, making them the weakest link in an otherwise steel chain.
Due to their large numbers, they’re hard to keep track of, and they rarely receive proper maintenance in the form of frequent updates, checkups, and password changes.
8. It’s no longer a question of “if” but “when”
While having the latest version of antivirus software on your personal device and regularly changing up your passwords was sufficient ten years ago, they don’t even scratch the surface of what’s needed today.
It’s irresponsible to focus the meat of your resources on protection while leaving detection and response with the scraps.
Sure, protection against threats is essential, but you’re still more likely to face a data breach in your lifetime than not. And when it happens, you need to be ready.
Being well prepared can be split into two main categories: detection and response.
Detection is necessary to catch an attack or breach as soon as it occurs. This could be anything from locating a backdoor to dormant ransomware or spyware, waiting for the right moment to strike.
Cyber threat hunting is one example of a proactive detection approach. It ensures your network gets regularly scanned for any malware, weaknesses, and abnormalities.
Response, meanwhile, is a set of directions for the IT staff to follow in order to recover from an attack as quickly and as efficiently as possible.
It typically includes details about critical aspects such as which devices store the most valuable data and who to contact to share news of the breach, like clients, authorities, and insurance companies.
Having a solid response plan in place minimizes the damage incurred as a result of attacks and breaches, making it necessary for all businesses, regardless of size or industry.
9. It’s Never Over
The cyberworld isn’t getting any safer, and criminals are more motivated than ever to get their hands on some easy data money. Zero-day attacks are getting more frequent and more difficult to detect.
Sadly, we’re nowhere near the cyber-utopia we dreamed we’d be in by the futuristic year of 2020, but that doesn’t mean we should stop working toward it.
While things might already feel out of hand, even though we’ve only had advanced tech for less than 20 years, its rapid development doesn’t seem to be slowing down anytime soon.
The fight for data security and privacy is one we might never win. We may never emerge triumphant over the black hat hackers of the world. But it’s a fight we can’t afford to lose.