If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China.
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
The damage cost estimation is based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation-state sponsored and organized crime gang hacking activities, and a cyberattack surface which will be an order of magnitude greater in 2025 than it is today. Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
CYBERCRIME HITS HOME
The United States, the world’s largest economy with a nominal GDP of nearly $21.5 trillion, constitutes one-fourth of the world economy, according to data from Nasdaq.
Cybercrime has hit the U.S. so hard that in 2018 a supervisory special agent with the FBI who investigates cyber intrusions told The Wall Street Journal that every American citizen should expect that all of their data (personally identifiable information) has been stolen and is on the dark web — a part of the deep web — which is intentionally hidden and used to conceal and promote heinous activities. Some estimates put the size of the deep web (which is not indexed or accessible by search engines) at as much as 5,000 times larger than the surface web, and growing at a rate that defies quantification.
The dark web is also where cybercriminals buy and sell malware, exploit kits, and cyberattack services, which they use to strike victims — including businesses, governments, utilities, and essential service providers on U.S. soil. A cyberattack could potentially disable the economy of a city, state or an entire country.
Billionaire businessman and philanthropist Warren Buffet calls cybercrime the number one problem with mankind, and cyberattacks a bigger threat to humanity than nuclear weapons. A bullseye is squarely on a nation’s businesses.
Organized cybercrime entities are joining forces, and their likelihood of detection and prosecution is estimated to be as low as 0.05 percent in the U.S., according to the World Economic Forum’s 2020 Global Risk Report.
RANSOMWARE
Ransomware — a malware that infects computers (and mobile devices) and restricts their access to files, often threatening permanent data destruction unless a ransom is paid — has reached epidemic proportions globally and is the “go-to method of attack” for cybercriminals.
The latest forecast is for global ransomware damage costs to reach $20 billion by 2021 — which is 57X more than it was in 2015. We predict there will be a ransomware attack on businesses every 11 seconds by 2021, up from every 40 seconds in 2016.
The FBI is particularly concerned with ransomware hitting healthcare providers, hospitals, 911 and first responders. These types of cyberattacks can impact the physical safety of American citizens, and this is the forefront of what Herb Stapleton, FBI cyber division section chief, and his team are focused on.
In 2020, ransomware claimed its first life. German authorities reported a ransomware attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.
Ransomware, now the fastest growing and one of the most damaging types of cybercrime, will ultimately convince senior executives to take the cyber threat more seriously, according to Mark Montgomery, executive director at the U.S. Cyberspace Solarium Commission (CSC) — but he hopes it doesn’t come to that.
CYBER ATTACK SURFACE
The modern definition of the word “hack” was coined at MIT in April 1955. The first known mention of computer (phone) hacking occurred in a 1963 issue of The Tech. Over the past fifty-plus years, the world’s attack surface has evolved from phone systems to a vast datasphere outpacing humanity’s ability to secure it.
In 2013, IBM proclaimed data promises to be for the 21st century what steam power was for the 18th, electricity for the 19th and hydrocarbons for the 20th.
“We believe that data is the phenomenon of our time,” said Ginni Rometty, IBM Corp.’s executive chairman, in 2015, addressing CEOs, CIOs and CISOs from 123 companies in 24 industries at a conference in New York City. “It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true — even inevitable — then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.”
The world will store 200 zettabytes of data by 2025, according to Cybersecurity Ventures. This includes data stored on private and public IT infrastructures, on utility infrastructures, on private and public cloud data centers, on personal computing devices — PCs, laptops, tablets, and smartphones — and on IoT (Internet-of-Things) devices.
As a result of the COVID-19 pandemic, nearly half the U.S. labor force is working from home, according to Stanford University. As employees generate, access, and share more data remotely through cloud apps, the number of security blind spots balloons.
It’s predicted that the total amount of data stored in the cloud — which includes public clouds operated by vendors and social media companies (think Apple, Facebook, Google, Microsoft, Twitter, etc.), government-owned clouds that are accessible to citizens and businesses, private clouds owned by mid-to-large-sized corporations, and cloud storage providers — will reach 100 zettabytes by 2025, or 50 percent of the world’s data at that time, up from approximately 25 percent stored in the cloud in 2015.
Roughly one million more people join the internet every day. We expect there will be 6 billion people connected to the internet interacting with data in 2022, up from 5 billion in 2020 — and more than 7.5 billion internet users in 2030.
Cyber threats have expanded from targeting and harming computers, networks, and smartphones — to people, cars, railways, planes, power grids and anything with a heartbeat or an electronic pulse. Many of these Things are connected to corporate networks in some fashion, further complicating cybersecurity.
By 2023, there will be 3X more networked devices on Earth than humans, according to a report from Cisco. And by 2022, 1 trillion networked sensors will be embedded in the world around us, with up to 45 trillion in 20 years.
IP traffic has reached an annual run rate of 2.3 zettabytes in 2020, up from an annual run rate of 870.3 exabytes in 2015. Data is the building block of the digitized economy, and the opportunities for innovation and malice around it are incalculable.
CYBERSECURITY SPENDING
Global spending on cybersecurity products and services for defending against cybercrime is projected to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021.
“Most cybersecurity budgets at U.S. organizations are increasing linearly or flat, but the cyberattacks are growing exponentially,” says Cybersecurity Ventures’s Montgomery. This simple observation should be a wake-up call for C-suite executives.
Healthcare has lagged behind other industries and the tantalizing target on its back is attributable to outdated IT systems, fewer cybersecurity protocols and IT staff, extremely valuable data, and the pressing need for medical practices and hospitals to pay ransoms quickly to regain data. The healthcare industry will respond by spending $125 billion cumulatively from 2020 to 2025 to beef up its cyber defenses.
The FY 2020 U.S. President’s Budget includes $17.4 billion of budget authority for cybersecurity-related activities, a $790 million (5 percent) increase above the FY 2019 estimate, according to The White House. Due to the sensitive nature of some activities, this amount does not represent the entire cyber budget.
Cybersecurity Ventures anticipates 12-15 percent year-over-year cybersecurity market growth through 2025. While that may be a respectable increase, it pales in comparison to the cybercrime costs incurred.
AI AUGMENTS CYBER DEFENDERS
You don’t bring a knife to a gunfight. The U.S. has a total employed cybersecurity workforce consisting of nearly 925,000 people, and there are currently almost 510,000 unfilled positions, according to Cyber Seek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.
Faced with a domestic worker shortage, the heads of U.S. cyber defense forces — CIOs and CISOs at America’s mid-sized to largest businesses — are beginning to augment their staff with next-generation AI and ML (machine learning) software and appliances aimed at detecting cyber intruders. These AI systems are trained on big data sets collected over decades — and they can analyze terabytes of data per day, a scale unimaginable for humans.
The panacea for a CISO is an AI system resembling a human expert’s investigative and reporting techniques so that cyber threats are remediated BEFORE the damage is done. If enemies are using AI to launch cyberattacks, then a country’s businesses need to use AI to defend themselves.
Reference
- Future Cyberattacks Could Potentially Disable The Economy of an Entire Country – https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
