Over the last four decades, hackers have evolved from simple worm attacks to well-funded groups targeting highly profitable industries. Cybercrime now poses a major threat to all companies with internet-connected devices, and is causing significant economic damage on a global scale.
The origins of modern cyberattacks can be traced back to the Morris worm attack in 1988. Before the widespread use of the World Wide Web, a small program was released from a computer at MIT and quickly spread to infect around 6,000 of the 60,000 computers connected to the internet at that time. The exact extent of the damage caused by the Morris worm is unclear, but it is estimated to have cost anywhere from $100,000 to millions of dollars.
Over the years, cybercrime has evolved to become more complex, with threats often reflecting international tensions and hackers gaining recognition for their actions. For example, in 1999, a teenager managed to breach the Department of Defense and NASA systems, creating a backdoor entry to steal $1.7 million worth of software. Fast forward to 2021, the Colonial Pipeline in the United States fell victim to a ransomware attack that led to the shutdown of the pipeline and a payment of $4.4 million in Bitcoin. In 2023, the CIOp group exploited a previously unknown vulnerability in the MOVEit file transfer software, impacting 2,000 organizations and around 62 million individuals.
The United States has the largest economy in the world, with a GDP of $25.44 trillion in 2022. China is in second place with a GDP of $17.96 trillion. Despite this, cybercrime is increasing rapidly. In 2021, global damages from cybercrime amounted to $6 trillion, which is $2 trillion more than Japan’s GDP, making it the third-largest economy in the world.
Evolve Security predicts that cybercrime will increase by 15% each year for the next five years. Statista’s cybersecurity forecast suggests that the worldwide cost of cybercrime will reach almost $24 trillion by 2027, up from $8.4 trillion in 2022.
A study conducted in Germany by Bitkom revealed that cybercrimes have resulted in a total of 206 billion euros in damages, which is equivalent to 5% of the country’s GDP. Additionally, 62% of businesses consider cybersecurity threats to be a major concern, with phishing, password attacks, malware infections, ransomware, and SQL injection being the most frequently reported types of attacks.
As reported by IT Governance, a list has been compiled of the top 10 cybersecurity breaches in 2023. This list details the organizations affected, the locations of the breaches, and the types
Emerging technologies like artificial intelligence and machine learning are playing a key role in discussions about cybersecurity, leading to an increase in digital threats. The use of IoT and Industry 4.0 technologies has exposed new weaknesses, and more cyber attackers are using AI to improve their hacking skills. In addition, attackers are expanding their focus to include cloud platforms and the valuable data stored in software-as-a-service companies’ applications.
Cybercriminals are difficult to pin down, as they work together across different countries and have organized structures with specific roles, making them more advanced and harder for law enforcement to catch and prosecute.
Based on The Global Risks Report 2020 from the World Economic Forum, organized cybercrime groups are teaming up, and there is a very low chance of them being caught and prosecuted in the United States, estimated at only 0.05%.
These malicious individuals target particular sectors and customize their attacks accordingly. Furthermore, the rise of ransomware-as-a-service allows inexperienced hackers to carry out effective cyber attacks, while the dark web serves as a secure platform for planning activities anonymously.
Do you recall Analog Crimes? They still pose a threat. Cybersecurity incidents can still happen due to breaches in non-digital or physical system components, which are sometimes ignored. These non-digital aspects involve unauthorized entry into secure data centers or other physical locations where confidential information is kept.
Employees or contractors can exploit unsecured physical access to gain access to sensitive information for social engineering attacks. Organizations should also be wary of not properly disposing of sensitive documents and tampering with hardware, which can lead to devices being modified with malicious code.
Besides focusing on securing physical infrastructure, it is crucial for companies to also pay attention to the software supply chain. This aspect is often a vulnerable point that can cause significant harm. Companies should not only ensure their own security measures are in place, but also thoroughly evaluate the security practices of their third-party suppliers.
Moreover, cyber attackers are still utilizing deepfake social engineering techniques to carry out ransomware attacks, obtain permissions, and infiltrate sensitive information, much like how phishing campaigns are conducted.
Strengthening Protection Against Cybercrime
Cybercrime has become a major economic force with a GDP of $6 trillion, making it the third-largest in the world. No business, big or small, is safe from potential attacks, from local shops to large financial institutions. Cyber threats are a global issue affecting countries like Bulgaria and the U.S. As cybercriminals become more organized and advanced, cybersecurity is becoming a critical necessity for businesses, akin to essential services like energy and cloud computing.
The development of AI and machine learning has the potential to greatly improve business efficiency. However, if these technologies are used for malicious purposes, they could lead to widespread damage and disorder in the realm of intellectual property. Lack of knowledge could make networks vulnerable to cybercriminals and allow for continued financial gain through illegal activities.
In order to address the actions of this well-financed, global organization, we must implement consistent and thorough measures to enhance the security of physical and digital aspects of devices, platforms, and systems. Without a complete understanding of all possible ways attacks can occur, including through partner systems in the supply chain, a knowledgeable and well-trained workforce, and the use of advanced cybersecurity tools, organizations will remain vulnerable and inadvertently support those who seek to harm them.