September 18, 2019 By Sue Poremba 3 min read

By 2024, the collective cost of data breaches will reach $5 trillion, according to a study by Juniper Research. The study predicted this astronomical amount will be the result of an increase in fines due, in large part, to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and any other data privacy laws that come up in the next five years.

However, we should also expect to see a 70 percent rise in cybercrime during that time period — another reason for the spike in data breach costs. The study anticipated artificial intelligence (AI) will be responsible for much of the increase, not just because more organizations will rely on AI in the future, but also because threat actors will utilize the technology to launch advanced cyberattacks.

This, of course, is all predictive — probably accurate based on the history of cyberthreats — but it also raises the question: What is the future of cybercrime? What will the threat landscape look like, not so much in five years, but in one or two? The more we know about what the future will look like, the more accurate threat analysis will be.

What Today’s Threat Landscape Can Tell Us About Tomorrow

Looking at the technology of today can guide predictions for the future. Technology that is in the earliest stages of popularity is at its safest point — the ideal time for organizations to build out predictive threat analysis.

For example, most of us remember how malware attacks used to be focused on Windows machines, leaving Apple users feeling superior because they were “safe” from cyberattacks. Then, Apple became more mainstream, and their operating systems (OSs) are no longer immune from attacks. It was the same with mobile apps and now with the internet of things (IoT). As AI becomes more mainstream, it will be both attacked and weaponized.

Where will we see cybercrime go? According to Nicole Eagan, CEO of Darktrace, we can expect to see a digital war of algorithms.

“Autonomous cyber-attacks may have a defined target — intellectual property — or persist opportunistically for monetary gain or mischief,” Eagan noted in a Forbes article. “As they sustain their presence, they will grow stronger in their insider knowledge as they build up control over data and entire networks.” And it will be nearly impossible to stop.

But AI isn’t the only threat on the horizon. As the world becomes more connected and everything is turned into a smart device, expect cybercriminals to spread malware from one device to another as they “talk” to each other. Through the IoT, threat actors will be able to gain credentials that will allow them to access and control all of the devices in one organization or household.

Cryptojacking made a lot of headlines in the past year, but cryptocurrency still isn’t mainstream enough for people to pay attention. Will that shift over the next few years? It is likely that cryptocurrencies will become more mainstream, which is why you should be thinking about how to protect from cryptojacking now.

Develop a Predictive Threat Analysis Approach

“Cybersecurity losses are a cost of doing business in the digital age,” Tim Erlin, vice president of product management and strategy with Tripwire, told SC Magazine.

But that doesn’t have to be the case if you look at the future and use some predictive analysis to see what is coming. It may require thinking outside the box and using new approaches to anticipate future cybercrime.

“Anticipatory compliance — showing that an organization is studying and responding to potential threats — should be embraced by organizations, not necessarily from the compliance lens, but from the security and privacy lens,” said Tom Garrubba, senior director and CISO at Shared Assessments, in an email statement.

There is a tendency for organizations to be reactionary; maybe it is easier to put out fires after they’ve begun. But that is also a never-ending project. You may not know exactly what’s coming, but looking at the past and understanding what’s happening in the present makes predicting threats a whole lot easier.

If you can anticipate what the future will bring, you can better prepare your organization for the worst. It may just keep you from contributing to 2024’s $5 trillion in data breach fines or from being a victim of cybercrime much sooner.

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today