Unprepared and exposed – welcome to the grim present of cybercrime
A study from Juniper Research foresees that an enormous amount will come from fines related to breaches of General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and any other data privacy laws.
At the same time, a 70 percent increase in cybercrime is predicted until 2024. A lot of the advanced cyberattacks of the near future will be launched utilizing artificial intelligence (AI).
Inadequate compliance to the data privacy laws, the attacks, and the defense thereof, will make the costs of data breach run through the roof. This is of course projections, no one knows the future, but we do know that there will be a threat. Actions must be taken, and precautions implemented.
Mobile applications and Internet of things (IoT), are under constant attack. And it is just a question of time until the AI becomes mainstream, being the target of attacks and weaponized. Analogy, if cryptocurrencies become more mainstream, the so-called crypto jacking is likely to increase.
A cyber-attack has a distinct target, such as intellectual property, monetary gain or plain mischief.
There is good reason to draw the conclusion that the cybercriminals will grow stronger as they build up control over data and entire networks. And it will be exceedingly difficult to stop.
Through the IoT, criminals will be able to gain access and control of all devices in one organization, letting malware spread from one device to another via their interactions. Thus, the more links between devices, the more vulnerable we will get. As more and more devices connect to the internet, we become more and more vulnerable to cybercrime.
We are talking about 200 billion internet-connected devices, all of which has the capacity to be hacked.
Are cybersecurity losses a cost of doing business?
The notion that a group of people with criminal intent can take control of a plane, a pacemaker or a power grid is no longer fiction. It is the grim reality. The technology becomes more advanced and more mainstream. That makes it a fair assumption that the cybercrime will increase and also be more advanced.
Technological change is happening at an exponential rate. It is making it hard, or even, impossible for political and legal institutions to keep up.
Even keeping our laptops, smartphones and servers safe is now posing a real problem. Just consider the Microsoft Server Breach where 250 million customers records were exposed – no authentication was required to access them.
Thus, waiting for a breach to occur before taking measures, is not really an option. Instead, Anticipatory compliance, continuously studying and responding to potential threats, is the new standard. And it should be implemented in all organizations, thus making them more proactive.
The technological development gives regular people access to powerful tools and humongous amounts of information at their fingertips, a democratization of technology if you so will. A lot of us do not comprehend how vulnerable we really are. Neither do we understand the risk it imposes to tie everything to computers. But the tools we use to make our lives easier, is also accessible to those who mean to hurt us.
Thus, creating a security threat that was unimaginable only a couple decades ago, making it possible to rob millions of people. Not only a problem for the inflicted individual, but perhaps also a threat to society as we know it. For at the basis of a modern society we have critical infrastructure. That is something the current Covid-19 pandemic is giving us a taste of in bright, somewhat terrifying, light. A digital war of algorithms can be expected.
4 major risks
1. IoT Botnets & DDoS Emerging Security is still not being designed into much of the IoT, particularly those areas that work from legacy M2M (machine to machine) networks. This leaves them open to use by cybercriminals. They leverage them as part of botnets, in the absence of immediately valuable information of their own.
2. Rising Ransomware Threat. There was a huge increase in the amount of ransomware deployed in 2016, which is also increasing in complexity. Multiple cybersecurity organizations registered large increases in the use of this kind of attack. Several prevalent new variants of the software also came into use. These are also increasingly automated and presented as simple-to-use kits. Meaning that these attacks are quick and easy to execute, making high-volume, low-value ransomware more common.
3. File-less Attacks Increasingly Common. Several cybersecurity institutions have reported an increase in the number of non-malware attacks over the past year. These attacks either subvert the function of normally helpful programs, avoiding the detection of file-based analysis like traditional antivirus, or are caused by malicious insiders misusing the access they have legitimately been given. Over time this will cause many more businesses, and ultimately consumers, to rely on behavioural, rather than file-based, detection methods.
4. Traditional Attack Vectors Still Strong. Data from several sources shows that many years-old CVEs (common vulnerabilities and exposures) are being exploited. Despite increased awareness of the need to update systems. At the same time, social engineering remains a key way in for cybercriminals, via phishing emails and similar well-used vectors. However, such attacks are now being used more frequently. That is to deploy malware, rather than simply get credentials from users.
Cybersecurity Key Takeaways
Talent & Budget Shortage Increases AI Attractiveness
Cybersecurity has a shortage of trained professionals, and those SMEs (Small & Medium Enterprises) most at risk from cybercrime frequently have no budget for cybersecurity. These factors both mean that AI-based cybersecurity packages, which filter and automatically remedy a range of threats. That will be most appealing to many potential customers. Those companies that can most effectively leverage AI (in positioning as well as products) will be in the best position to tap into the large SME market.