September 18, 2019 By Sue Poremba 3 min read

By 2024, the collective cost of data breaches will reach $5 trillion, according to a study by Juniper Research. The study predicted this astronomical amount will be the result of an increase in fines due, in large part, to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and any other data privacy laws that come up in the next five years.

However, we should also expect to see a 70 percent rise in cybercrime during that time period — another reason for the spike in data breach costs. The study anticipated artificial intelligence (AI) will be responsible for much of the increase, not just because more organizations will rely on AI in the future, but also because threat actors will utilize the technology to launch advanced cyberattacks.

This, of course, is all predictive — probably accurate based on the history of cyberthreats — but it also raises the question: What is the future of cybercrime? What will the threat landscape look like, not so much in five years, but in one or two? The more we know about what the future will look like, the more accurate threat analysis will be.

What Today’s Threat Landscape Can Tell Us About Tomorrow

Looking at the technology of today can guide predictions for the future. Technology that is in the earliest stages of popularity is at its safest point — the ideal time for organizations to build out predictive threat analysis.

For example, most of us remember how malware attacks used to be focused on Windows machines, leaving Apple users feeling superior because they were “safe” from cyberattacks. Then, Apple became more mainstream, and their operating systems (OSs) are no longer immune from attacks. It was the same with mobile apps and now with the internet of things (IoT). As AI becomes more mainstream, it will be both attacked and weaponized.

Where will we see cybercrime go? According to Nicole Eagan, CEO of Darktrace, we can expect to see a digital war of algorithms.

“Autonomous cyber-attacks may have a defined target — intellectual property — or persist opportunistically for monetary gain or mischief,” Eagan noted in a Forbes article. “As they sustain their presence, they will grow stronger in their insider knowledge as they build up control over data and entire networks.” And it will be nearly impossible to stop.

But AI isn’t the only threat on the horizon. As the world becomes more connected and everything is turned into a smart device, expect cybercriminals to spread malware from one device to another as they “talk” to each other. Through the IoT, threat actors will be able to gain credentials that will allow them to access and control all of the devices in one organization or household.

Cryptojacking made a lot of headlines in the past year, but cryptocurrency still isn’t mainstream enough for people to pay attention. Will that shift over the next few years? It is likely that cryptocurrencies will become more mainstream, which is why you should be thinking about how to protect from cryptojacking now.

Develop a Predictive Threat Analysis Approach

“Cybersecurity losses are a cost of doing business in the digital age,” Tim Erlin, vice president of product management and strategy with Tripwire, told SC Magazine.

But that doesn’t have to be the case if you look at the future and use some predictive analysis to see what is coming. It may require thinking outside the box and using new approaches to anticipate future cybercrime.

“Anticipatory compliance — showing that an organization is studying and responding to potential threats — should be embraced by organizations, not necessarily from the compliance lens, but from the security and privacy lens,” said Tom Garrubba, senior director and CISO at Shared Assessments, in an email statement.

There is a tendency for organizations to be reactionary; maybe it is easier to put out fires after they’ve begun. But that is also a never-ending project. You may not know exactly what’s coming, but looking at the past and understanding what’s happening in the present makes predicting threats a whole lot easier.

If you can anticipate what the future will bring, you can better prepare your organization for the worst. It may just keep you from contributing to 2024’s $5 trillion in data breach fines or from being a victim of cybercrime much sooner.

More from Risk Management

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Are we getting better at quantifying risk management?

4 min read - As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs.What approach do companies use today for cyber risk quantification? And how has cyber risk…

Cybersecurity Awareness Month: Cybersecurity awareness for developers

3 min read - It's the 21st annual Cybersecurity Awareness Month, and we’re covering many different angles to help organizations manage their cybersecurity challenges. In this mini-series of articles, we’re focusing on specific job roles outside of cybersecurity and how their teams approach security.For developers, cybersecurity has historically been a love-hate issue. The common school of thought is that coders are frustrated with having to tailor their work to fit within cybersecurity rules. However, many companies are embracing a security-first approach, and some developers…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today