Business Technology

What can the Millennium bug teach us about cybersecurity?

6 min read

07 November 2019

Features Editor, Real Business

It's 'cybersecurity month' where businesses are encouraged to learn how to better protect their data, is it time to go back to the first 'cyber-scare' of them all – and see what we can learn?

Wherever you happened to be living at the time, you can’t deny that the years of the nineties were a period of transition. From the financial success of the 1980s to a period of recession and the advent of mainstream consumer tech use during the years leading up to the millennium.

The old was certainly giving way to the new. Even if that ‘new’ was still pretty basic. While consumer technology such as ‘domestic’ computers were only just becoming popular by this period, they were still part of a new tech frontier for many – (the World Wide Web was only invented in 1990).

Then, during the last year of the 1990s, we had the Y2K bug, commonly known as the Millennium bug scare.

But, what were people so scared of?

The Millenium bug: 1999

Y2K

Was the Y2K bug a serious threat?

There was a risk that our computer systems (first written during the 1960s and continuing to the 1980s), wouldn’t be able to process the new ’00’ digit code when the year turned from 1999 to 2000.

This, IT experts feared, would create a world-wide system stall.

The potential to wreak devastation

In theory, the Millenium bug could have had a devastating impact across all sorts of important industries.

Banks that calculate interest rates daily for loan holders could have rates of interest calculated not by the day, but “for minus almost 100 years” if the bug took hold.

Our reliance on computers ‘exposed’

The airline and transportation industries (both relying on the regularity of computer data to run smoothly), were also at risk.

The safety of nuclear energy plants was also thought to be compromised.

Relying on computers to monitor water and radiation levels, it was feared that a faulty computer system could create multiple ‘Chernobyls’ worldwide.

During this time, compliance programmes were hastily hammered together to protect IT hardware and software systems from the threat.

“The Millennium bug catapulted cybersecurity into the public domain and raised the importance of planning to mitigate a breach and that lesson still stands – always have the right people, training, resources and protocols in place.” – Peter Bradley, CEO Torsion Information Security 

But the Millennium bug never happened.

Was the event rooted in mass hysteria over nothing? Or was the ‘no show’ simply the effect of a thorough and successful prevention strategy?

Preparation and testing is key

“The Millennium bug was real, and whilst we can never know what the impact would have been, without the methodical testing and fixing that had happened there would certainly have been many vital systems impacted.” – Rob Pritchard, founder, The Cyber Security Expert Ltd

A ‘due diligence’ and ‘test first’ approach in the world of IT, as in every other industry, is never an unsensible thing, and that’s how businesses prepared for the Millennium bug.

“Doing nothing about the Millennium bug in the late 1990s was not an option that industries dependent on the smooth running of computer systems could afford to take.” – Roy Cellan Jones, BBC

Adopting the same approach to modern cybersecurity

cybersecurity

Should we be taking cyber threats more seriously?

Fast forward to 2019, and the need to have strategies in place to safeguard digital systems from threats is as crucial now as it was for those protecting themselves against the Y2K bug in 1999.

“In IT when things fail there’s a lot of noise, but when things work we don’t celebrate them enough which can lead us to be complacent about the next big issue. There’s another ‘Millennium bug’ coming in 2038 – we are in fact halfway between the original one and the next. If we were to have a similar issue to that in 1999 the work involved to mitigate the potential risk would be far, far greater given the evolution of technology.” – Paul Tacey -Green, founder, Amito

With modern cybersecurity, and considering the threat of increasingly sophisticated hacks, being reactive to breaches is not enough.

According to Hiscox, a small business is “successfully hacked every 19 seconds” in the UK – which costs an average of £25,7000 a year to clean up.

The average UK salary is £29,588, giving you an idea of the extent of the funds a small business can lose to modern cybercrime.

From keeping software up to date to putting formal security policies in place and educating staff on how to spot the signs of an attempted breach, modern business owners should be as serious about protecting their systems as engineers were back in 1999.