Light Dark
September 18, 2019 By Sue Poremba 3 min read
Risk Management

By 2024, the collective cost of data breaches will reach $5 trillion, according to a study by Juniper Research. The study predicted this astronomical amount will be the result of an increase in fines due, in large part, to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and any other data privacy laws that come up in the next five years.

However, we should also expect to see a 70 percent rise in cybercrime during that time period — another reason for the spike in data breach costs. The study anticipated artificial intelligence (AI) will be responsible for much of the increase, not just because more organizations will rely on AI in the future, but also because threat actors will utilize the technology to launch advanced cyberattacks.

This, of course, is all predictive — probably accurate based on the history of cyberthreats — but it also raises the question: What is the future of cybercrime? What will the threat landscape look like, not so much in five years, but in one or two? The more we know about what the future will look like, the more accurate threat analysis will be.

What Today’s Threat Landscape Can Tell Us About Tomorrow

Looking at the technology of today can guide predictions for the future. Technology that is in the earliest stages of popularity is at its safest point — the ideal time for organizations to build out predictive threat analysis.

For example, most of us remember how malware attacks used to be focused on Windows machines, leaving Apple users feeling superior because they were “safe” from cyberattacks. Then, Apple became more mainstream, and their operating systems (OSs) are no longer immune from attacks. It was the same with mobile apps and now with the internet of things (IoT). As AI becomes more mainstream, it will be both attacked and weaponized.

Where will we see cybercrime go? According to Nicole Eagan, CEO of Darktrace, we can expect to see a digital war of algorithms.

“Autonomous cyber-attacks may have a defined target — intellectual property — or persist opportunistically for monetary gain or mischief,” Eagan noted in a Forbes article. “As they sustain their presence, they will grow stronger in their insider knowledge as they build up control over data and entire networks.” And it will be nearly impossible to stop.

But AI isn’t the only threat on the horizon. As the world becomes more connected and everything is turned into a smart device, expect cybercriminals to spread malware from one device to another as they “talk” to each other. Through the IoT, threat actors will be able to gain credentials that will allow them to access and control all of the devices in one organization or household.

Cryptojacking made a lot of headlines in the past year, but cryptocurrency still isn’t mainstream enough for people to pay attention. Will that shift over the next few years? It is likely that cryptocurrencies will become more mainstream, which is why you should be thinking about how to protect from cryptojacking now.

Develop a Predictive Threat Analysis Approach

“Cybersecurity losses are a cost of doing business in the digital age,” Tim Erlin, vice president of product management and strategy with Tripwire, told SC Magazine.

But that doesn’t have to be the case if you look at the future and use some predictive analysis to see what is coming. It may require thinking outside the box and using new approaches to anticipate future cybercrime.

“Anticipatory compliance — showing that an organization is studying and responding to potential threats — should be embraced by organizations, not necessarily from the compliance lens, but from the security and privacy lens,” said Tom Garrubba, senior director and CISO at Shared Assessments, in an email statement.

There is a tendency for organizations to be reactionary; maybe it is easier to put out fires after they’ve begun. But that is also a never-ending project. You may not know exactly what’s coming, but looking at the past and understanding what’s happening in the present makes predicting threats a whole lot easier.

If you can anticipate what the future will bring, you can better prepare your organization for the worst. It may just keep you from contributing to 2024’s $5 trillion in data breach fines or from being a victim of cybercrime much sooner.

 |  |  |  |  |  |  |  |  | 
Sue Poremba

More from Risk Management
July 25, 2024

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

July 24, 2024

Crisis communication: What NOT to do

4 min read - Read the 1st blog in this series, Cybersecurity crisis communication: What to doWhen an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can cause permanent reputational damage.Because of the stress and many moving parts that are involved, businesses often fall short when it comes to communication in a crisis.…

July 10, 2024

Digital solidarity vs. digital sovereignty: Which side are you on?

4 min read - The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty.The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, positioning it as a counterpoint to the protectionist approach of digital sovereignty.What are the main differences between these two concepts, and why does it matter? Let’s…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature