Today, Secure by Design is a necessity – but it wasn’t always the way. So, what changed? Here’s a quick look back at how we got here.

–

1970s-1980s: Early years

In the early days of computing, security very much took a back seat. The priority was on building functionality and exploring the potential of this new technology. The internet, as we know it now, was still in its infancy, and the interconnected digital landscape we have today was yet to emerge.

However, some initial groundwork was already being laid in computer security. Thought leaders like Willis Ware were establishing foundational principles as early as 1967, shaping the discipline’s future. This era introduced concepts like the CIA triad – confidentiality, integrity, and availability – that would guide security practices for decades to come.

1990s: The rise of the internet

With the widespread adoption of the internet in the 1990s, connectivity opened up new opportunities for businesses and consumers alike. But this new interconnectedness also multiplied vulnerabilities.

This decade saw the first significant wave of cyber attacks, primarily through viruses and network intrusions. The industry’s response was mostly reactive, with security measures coming after incidents had occurred. Antivirus software and firewalls emerged as essential tools, designed to detect and contain threats that had already entered systems.

2000s-2010s: The push for proactive security

By the early 2000s, cyber attacks had evolved dramatically, with attackers using more sophisticated techniques, such as social engineering and targeted ransomware.

Reactive measures quickly proved insufficient as high–profile breaches started making big headlines. The infamous Target breach, which exposed 40 million credit card details, highlighted the devastating financial and reputational toll of inadequate security.

This era saw a gradual shift in mindset, recognising that adding security as an afterthought was no longer sustainable. This change laid the foundation for the Secure by Design philosophy.

2020s-Present: Secure by Design becomes a necessity

The 2020s have marked a significant turning point, with Secure by Design not just a best practice, but a necessity. The sheer scale and sophistication of cyber threats, coupled with the rising costs of data breaches, have made proactive security essential. The need is further intensified by emerging technologies, such as AI and quantum computing, which present new vulnerabilities.

Government agencies and industry groups are now actively pushing for Secure by Design practices, emphasising the importance of building resilient systems from the outset. The White House Memory Safety report, for instance, strongly advocates for proactive security, stressing that addressing vulnerabilities during the design phase is far more effective than patching them after deployment.

–

As we look to the future (which we’ll do in more depth in later posts), one thing is clear: in an era where threats are evolving faster than ever, building secure systems from the ground up is no longer just good practice; it’s essential.