By 2024, the collective cost of data breaches will reach $5 trillion, according to a study by Juniper Research. The study predicted this astronomical amount will be the result of an increase in fines due, in large part, to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and any other data privacy laws that come up in the next five years.
However, we should also expect to see a 70 percent rise in cybercrime during that time period — another reason for the spike in data breach costs. The study anticipated artificial intelligence (AI) will be responsible for much of the increase, not just because more organizations will rely on AI in the future, but also because threat actors will utilize the technology to launch advanced cyberattacks.
This, of course, is all predictive — probably accurate based on the history of cyberthreats — but it also raises the question: What is the future of cybercrime? What will the threat landscape look like, not so much in five years, but in one or two? The more we know about what the future will look like, the more accurate threat analysis will be.
What Today’s Threat Landscape Can Tell Us About Tomorrow
Looking at the technology of today can guide predictions for the future. Technology that is in the earliest stages of popularity is at its safest point — the ideal time for organizations to build out predictive threat analysis.
For example, most of us remember how malware attacks used to be focused on Windows machines, leaving Apple users feeling superior because they were “safe” from cyberattacks. Then, Apple became more mainstream, and their operating systems (OSs) are no longer immune from attacks. It was the same with mobile apps and now with the internet of things (IoT). As AI becomes more mainstream, it will be both attacked and weaponized.
Where will we see cybercrime go? According to Nicole Eagan, CEO of Darktrace, we can expect to see a digital war of algorithms.
“Autonomous cyber-attacks may have a defined target — intellectual property — or persist opportunistically for monetary gain or mischief,” Eagan noted in a Forbes article. “As they sustain their presence, they will grow stronger in their insider knowledge as they build up control over data and entire networks.” And it will be nearly impossible to stop.
But AI isn’t the only threat on the horizon. As the world becomes more connected and everything is turned into a smart device, expect cybercriminals to spread malware from one device to another as they “talk” to each other. Through the IoT, threat actors will be able to gain credentials that will allow them to access and control all of the devices in one organization or household.
Cryptojacking made a lot of headlines in the past year, but cryptocurrency still isn’t mainstream enough for people to pay attention. Will that shift over the next few years? It is likely that cryptocurrencies will become more mainstream, which is why you should be thinking about how to protect from cryptojacking now.
Develop a Predictive Threat Analysis Approach
“Cybersecurity losses are a cost of doing business in the digital age,” Tim Erlin, vice president of product management and strategy with Tripwire, told SC Magazine.
But that doesn’t have to be the case if you look at the future and use some predictive analysis to see what is coming. It may require thinking outside the box and using new approaches to anticipate future cybercrime.
“Anticipatory compliance — showing that an organization is studying and responding to potential threats — should be embraced by organizations, not necessarily from the compliance lens, but from the security and privacy lens,” said Tom Garrubba, senior director and CISO at Shared Assessments, in an email statement.
There is a tendency for organizations to be reactionary; maybe it is easier to put out fires after they’ve begun. But that is also a never-ending project. You may not know exactly what’s coming, but looking at the past and understanding what’s happening in the present makes predicting threats a whole lot easier.
If you can anticipate what the future will bring, you can better prepare your organization for the worst. It may just keep you from contributing to 2024’s $5 trillion in data breach fines or from being a victim of cybercrime much sooner.