Cybercrime is predicted to cost the world $10.5 trillion USD in 2025, according to Cybersecurity Ventures.
If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China.
This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
Cybercriminals are smarter then we can ever guess and on war footing to never spare a moment to strike attack as we witness how ransomware surging 37% year-on-year as per Cybersecurity Ventures report (Cybercrime To Cost The World $12.2 Trillion Annually By 2031)
A breakdown of the methods cybercriminals are using shows many of the old favorites – credential abuse was involved in 22% of breaches, while vulnerabilities were exploited in 20% and phishing used in 16% of breaches.
Cybercriminals have proved resourceful in adapting to the changing enforcement environment, however: “Based on the inconsistent laws and difficulty in prosecuting, cybercrime unfortunately is easy to commit and very hard, if not impossible, to stop,” said Dr. Eric Cole, a former CIA hacker and founder of cybersecurity consultancy Secure Anchor.
Securitydive interviewed Dr. Eric Cole, Founder of Secure Anchor, Americas Cyber Czar who gave details on growing cyber crime and impact.
Dr Cole laid tips for organization to follow and be more cyber resilient. Read the full interview.
Securitydive: State-sponsored cybercrime is on surge. How are advances tech like gen AI & ML strengthening state supported cyber criminals.
ERIC – Quite simple, it allows them to execute attacks quicker, more focused, and higher probability of success. The primary method of attack is social engineering, with the goal of making these attacks look at legitimate as possible.
With the goal of increasing the probability the target user will click on the link or open the attachment. With AI, these attacks look real, they seem real and the user believes they are real.
Securitydive: With the use of advanced cybercrime techniques, the dark web criminals are scaling up their attacks. How can orgs defend their sensitive business data, the nature of attacks is unpredictable?
ERIC – One of the best methods of protecting data and securing information is with air gaps in which the data is not accessible from the Internet. While physical air gaps might only be feasible virtual air gaps are quite easy to implement and hard for an attacker to bypass.
It is also important for organizations to follow golden rules: 1) any system accessible from the Internet must be fully patched; 2) any system accessible from the Internet must never contain critical data; 3) critical data must be on servers that have limited accessibility; 4) critical data must be encrypted with different keys; 5) crypto keys must always be stored on a separate server and the keys must never leave the server
Securitydive: Do you think the sharing of real-time threat intelligence data among cross border institutions can be very significant to identify or smell the threat?
ERIC: Until there are international laws around cybercrime, in which international criminals can be prosecuted and executed, sharing threat data with other countries represents a national threat.
The other big challenge is the US has to stop one way cooperation, if the other country is not willing to reciprocate. For example earlier this year, the US stopped offensive operations with Russia but Russia continued offensive operations against the US.
Securitydive: As you mentioned, inconsistent laws and difficulty in prosecuting cybercrime are unfortunately easy to commit & hard to stop. What arrangement do you think should be in place to prevent cross-border cybercrimes.
ERIC: There needs to be international laws around cybercrime, where criminals can be both extradited and prosecuted for committing cyber crime anywhere in the world.
Securitydive: Cybercrime has now become a very organized business process, ethically and unethically both. To stop the negative and unethical side of the business, ethical hackers or experts are fighting against. What is the global scenario in terms of money invested in both these sides and fields?
ERIC: It is in the billions growing to trillions over the next 5 years. The exact predicted value can be quoted from the report.
The reality is cyber crime is big business and most individuals and many companies are not aware of the threat and therefore not prepared to defend against it.
Until awareness is raised and new laws passed – this will continue to be a problem
Securitydive: Rise of crypto crime has become a little weapon in the emerging cybercrime field or market. How do you see the progress of crypto crime.
ERIC: As long as people continue to only use passwords to protect their crypto wallets, this will continue to be easy prey for the attackers. The bigger issue is with regulation aggressively moving in, crypto currency is on the verge of explosion so anyone investing in crypto, the bigger concern is regulation of cyber attack.
Securitydive: How do you see the future of the cybercrime landscape moving further?
ERIC: As per report cybercriminals’ footsteps across the world, new technologies have complicated the chase – with GenAI, in particular, proving to have done exactly what pundits feared it would do: help cybercriminals craft and execute better, more convincing, and more personalized campaigns than ever before.
With cybercriminals’ use of GenAI already normalized, companies hoping to defend against those increasingly effective attacks must fight fire with fire – embracing AI-powered solutions capable of adapting to cybercriminals’ ever-changing attacks.
Business and individuals are caught in the crossfire – but by prioritizing proactive defensive mechanisms and working to stay ahead of the threats posed by new technologies like GenAI and quantum computing, challenges can be easy to overcome.
