Cybercrime really hit the headlines in 2017, with the likes of WannaCry crippling the National Health Service in May, the Petya/NotPetya ransomware attack infecting global companies shortly afterwards and a whole host of data breaches from big companies like Equifax. It was a busy year for cyber security experts across the globe – and it’s not going to get any better in 2018.
Cybercrime will not only increase in 2018, it’s also going to become more sophisticated. Crime-as-a-Service – where cyber criminals rent their tools out to less-skilled individuals, will help increase the volumes of attacks, and we know that cyber gangs are already looking to see how advances in artificial intelligence and machine learning can be exploited.
The numbers involved are shocking. It’s widely predicted that the cost of cyber attacks will be in the region of $6 trillion per annum by 2021, which represents the greatest transfer of economic wealth in history. By then, cybercrime will be more profitable than the entire global trade in all major illegal drugs combined, according to Cybersecurity Ventures’ Official 2017 Annual Cybercrime Report.
In fact, global ransomware damage costs are predicted to exceed £20 billion in the next two to three years, and by 2019 somewhere in the world a business will fall victim to a ransomware attack every 14 seconds, according to Cybersecurity Ventures.
Considering that Cybersecurity Ventures reports that 85% of organisations are already falling victim to attack, this is a serious risk to the global economy.
Cybersecurity Ventures’ latest research indicates that cyber security spending will exceed $1 trillion from 2017 to 2021. The demand for competent cyber security experts is unprecedented, and unfortunately there just aren’t enough of us to go around. In 2018 we’re going to realise that every IT role will have cyber security responsibilities, and every employee will be expected to protect and defend their company’s data.
With the financial sectors in Europe and North America now getting ahead of the curve in terms of cyber protection and resilience, 2018 will see hackers continuing to look at exploiting banking systems in Latin America, Africa and the Far East. In the West, the health sector has now become the top target for cyber criminals who are looking to exploit weaknesses in medical systems to distribute ransomware or to harvest data.
It’s estimated that around 30% of phishing emails are still opened, regardless of the safety precautions put in place. Businesses and organisations consequently must wake up to the fact cyber awareness for their staff is not just a ‘nice to have’,and it deserves more than a putting your people through a ten-minute online course once a year. Business leaders must consistently drip feed educational messages to their staff with easy to understand examples on how to keep cyber safe, and especially when a significant attack hits the headlines.
GDPR will ensure that organisations face up to the realities of cybercrime quickly and effectively, but it will also, undoubtedly, raise the stats quite significantly regarding data breaches, as organisations will be required to report incidents involving personal data from May 25th.
But it is clear that many organisations throughout 2018 will see data breaches as inevitable, and therefore will invest heavily in breach containment and rapid recovery solutions, rather than on breach prevention alone. Resiliency will consequently be the new mantra for businesses for 2018 and beyond – and AI and machine learning tools will be harnessed much more ubiquitously, I envisage, to mitigate risk.
>See also: Cyber crime and the banking sector
The sale of credit card details will continue to be a strong source of cyber crime, as they can be easily sold on through the Dark Web, although we are now seeing the emergence of widespread account takeovers because of weak security practices, increased information mining from social media accounts, and weak username and password combinations, so individuals really will have to get more clued up to stay secure.
It could be expected that more financial institutions will demand that individuals prove they have adequate levels of security in place before being eligible for any type of compensation if they do become a victim of cybercrime. This could, perhaps, be the stick we all need to take our own data security more seriously. I think we’ll also see a marked increase in declined payments – regardless of whether they are valid or not – as banks attempt to cope with the volume and sophistication of fraud threats.
Cryptocurrencies will continue to be a driver for cybercrime. This is not surprising when you consider that a single Bitcoin was worth just under $1000 in January 2017, and was heading towards $20,000 by mid-December.
Ironically, though, the high price of Bitcoin will probably result in cyber criminals looking to get into alternative cryptocurrencies as they look to take advantage of low prices and potential high returns in future. There’s also going to be an increase in malware being used to mine cryptocurrency from unsuspecting victims, a practice which had seemingly died out back in 2013.
Lastly, in the race to make all things smart and interconnected, there is no doubt that a whole raft of security vulnerabilities have been overlooked as manufactures and retailers scramble to become the first to market.
Consequently, it should be expected that there will be a few more consumer stories this year around AI home assistants getting people into trouble and smart devices getting hacked. This, it seems, is currently the price to be payed for embracing the next generation of technological advances, without a full understanding of the risks.
Sourced by Vince Warrington, founder, Protective Intelligence