Information Center

Cybercrime: An Escalating Problem With No End in Sight.

What do cybercriminals want? Why is cybercrime on the rise despite significant advancements in security technologies and widespread cyber awareness campaigns?

Financial gain is undoubtedly the primary motivation for most hackers. However, people who study cybercrime say recognition, achievement, and political beliefs also play a role. More traditional crimes like corporate espionage, state actors, and insider threats now have digital capabilities, expanding their impact as well.

With data often deemed more valuable than gold, the sad truth is that most malicious actors find it exciting to wield their power in the cyber realm, reveling in creating sophisticated tools and tactics to bypass even the most robust security measures. For those being attacked, the anonymity offered by the internet and the rapid evolution of technologies make combatting these cyber threats complex and challenging.

There’s no turning back from the digital revolution, nor should we want to, as its advantages and benefits far outweigh the risks. As cybercrimes continue to escalate in scale and sophistication, it is up to organizations to proactively bolster defenses and ensure cyber resilience, safeguarding critical data and operations.

What is Cybercrime?

Cybercrime is an umbrella term for illegal activities criminals carry out online, targeting data and digital systems. The methods used to perpetrate the crimes range from deploying malware to exploiting system and software vulnerabilities and using advanced persistent threats or APTs.  

There seem to be as many types of cybercrime as there are ways to exploit them. Today’s most prevalent cyber threats include:

  • Phishing attacks or deceptive communications designed to steal sensitive data
  • Ransomware attacks where malware is used to encrypt data, which is held until monies are received for its release
  • DDoS (distrubuted denial-of-service) attacks that disrupt a server’s normal traffic by overwhelming it with a flood of internet traffic
  • Identity theft to illegally use someone’s data for deceptive or malicious purposes
  • Cyber espionage, or the unlawful interception, damage, and stealing of data to gain an economic, competitive, or political advantage

A particularly notorious case of cybercrime was the WannaCry ransomware attack in 2017 that impacted over 150 countries and was caused by a National Security Agency (NSA) tool leak. Taking advantage of a Windows vulnerability, hackers encrypted data across numerous systems worldwide, including the UK’s National Health Service, and demanded Bitcoin payment for its release. While responses varied, with some organizations paying ransoms and others restoring their systems, global coordination helped control the outbreak. Still, it highlighted the need for rigorous cybersecurity protocols, particularly in the healthcare industry, which experts say is at a heightened risk from cyberattacks.

Another 2017 high-profile case is the Equifax data breach, where hackers accessed the personal information of nearly 150 million individuals by exploiting an Apache Struts web application framework vulnerability. Viewed as one of the most significant data breaches in history, the fallout was substantial, with Equifax incurring hefty fines and suffering considerable reputational damage.

Both instances underscore the ongoing need for stringent cybersecurity protocols and a collective global approach toward mitigating cybercrime’s constant threat.

Technological and Strategic Advances in Cybercrime

The excitement accompanying the introduction of advanced technologies is often swiftly tempered by cybercriminal ingenuity. It sets the stage for a perpetual cat-and-mouse dynamic, with hackers developing sophisticated methods, including the use of artificial intelligence, to infiltrate, disrupt, and capitalize on emerging digital landscapes.

Malicious use of AI is especially concerning, as the technology can build evermore complex phishing schemes while at the same time adapt and learn from the security measures it encounters. Blockchain technologies are being used to create secure and untraceable ransomware attack payment systems. Moreover, like their non-digital counterparts, cybercriminals are forming organized syndicates, sharing knowledge and resources to maximize their illicit activity’s impact and profitability.

Another concern? AI-driven deepfake technology is powering social engineering attacks, with cybercriminals creating hyper-realistic but entirely fake content that deceives victims into making financial transactions or revealing personal information. In 2019, scammers used the technology to trick the CEO of a UK-based energy firm into transferring over a quarter million dollars by mimicking the firm’s CEO’s voice.

Cryptocurrencies are another recent frontier for cybercriminals. The Federal Trade Commission found that crypto scams increased by an astounding 900 percent since the start of the pandemic. And more than 46,000 people were cheated out of more than a billion dollars in crypto-related schemes from 2021 and 2022. Prime targets include decentralized finance platforms (DeFi) that offer financial services outside of traditional banks. For instance, in 2022, a major DeFI platform lost over $200 million in various cryptocurrencies following a particularly sophisticated account. Cryptojacking, when criminals hijack one or more unwitting victims’ computer resources to mine cryptocurrencies, is also becoming more widespread.

Unfortunately, cryptocurrency crimes fuel other illegal activities, including so-called dark web transactions that involve the sale of illicit goods, stolen data, and malicious software. Staying ahead of these and other evolving threats is paramount for organizations, who must adopt robust cybersecurity frameworks that:

  • Employ cutting-edge technologies like threat intelligence and machine learning to identify and neutralize threats
  • Prioritize cybercrime awareness initiatives that educate staff on recognizing and mitigating potential threats
  • Include a responsive incident management plan to ensure minimized impact and structured recovery during a cyber breach

Cybercrime-as-a-Service (CaaS)

If all the above weren’t enough, cybercrime is now such a thriving industry that various actors are providing a broad range of services and equipment to cybercriminals to support their “work.” This presents several significant risks and challenges:

  • Democratization of cybercrime. By providing tools that eliminate any need for technical know-how, CaaS providers open the door to a greater number of potential criminals.
  • Scalability. As CaaS tools can be rented, cybercriminals can engage in larger-scale attacks at a lower cost.
  • Specialization and professionalism. Some CaaS providers are specialists in specific attacks and focus on making them more effective and harder to defend against.
  • Anonymity. Most service models add layers of separation between the criminal and the crime.
  • Continuous evolution. Driven by market demand, CaaS providers are constantly updating their offerings, making it challenging for defenses to keep up.
  • Global reach. Attacks can be launched from anywhere at any time, making legal enforcement more complex.

CaaS’ resemblance to legitimate SaaS offerings illustrates the software’s increasing sophistication and commercialization of the cybercrime ecosystem. Individuals, organizations, and governments must take the risks seriously and increase their efforts to safeguard digital assets and information.

Cybercrime’s Economic and Social Impact: It Costs Everyone

Whether you call it cybercrime, cyber espionage, cyber warfare, or cyber terrorism, it’s a grave problem that’s having a global impact. The US has been the prime target for recent cybercrime activity, but it is not alone. Cybercriminals are targeting governments, organizations, and individuals worldwide, causing:

  • Financial, social, and economic damage, including online fraud
  • Intellectual property and sensitive data loss
  • Decreased revenue due to weakened international trade
  • Disruption to business operations
  • Reputational harm

The global cost of cybercrime in 2023 is estimated to be $8 trillion, and most experts expect that number to reach $10.5 trillion by 2025. It’s “estimated” because many organizations and industries are reluctant to report cybercrimes against them to prevent liability and reputational damage. It’s also challenging to assess how companies are financially impacted by people avoiding online transactions out of cybercrime fear.

Cases we do know about hint at what organizations and governments around the world are facing and dealing with. For instance, in 2021, The Colonial Pipeline ransomware attack resulted in the company paying about $4.4 million to hackers who disrupted fuel supplies along the US east coast, causing spikes in gas prices and panic buying. And in April 2022, Russia-based hacking group Conti managed to encrypt Costa Rican governmental files before demanding $20 million for their safe return.

Beyond immediate economic fallout, there’s a social cost to cybercrime as well. Personal data infiltration threatens victims’ privacy, causes stress, and has the potential to manipulate societal norms and political landscapes. In the US, the FBI is especially concerned about the healthcare sector’s ransomware vulnerability. In September 2020, for example, Germany recorded the first death because of an attack on a Dusseldorf hospital. Studies suggest about 66% of healthcare organizations were hit by ransomware in 2021, an almost 100% increase over similar attacks in 2020.

One significant obstacle in managing the rising incidents of cybercrimes? A 2023 cybercrime report released by ISACA, the international professional association focused on IT governance, found that over 60% of cybersecurity teams are understaffed. This inability to regularly assess cyber risks and take appropriate measures leaves everyone vulnerable to attacks and increases the risk of breaches going undetected for extended time periods.

As the digital era expands, establishing equitable access to cybersecurity resources is paramount to safeguarding economic stability and social well-being against the unending barrage of cybercriminal activities.

The Implications of Cybercrime on Remote Work

Remote work exploded during the pandemic, significantly altering the cybersecurity landscape. Cybercriminals, of course, quickly adapted, exploiting new vulnerabilities brought on by the shift. Phishing attacks saw a significant uptick, with criminals pretending to offer COVID-19 information or assistance to unsuspecting remote workers, leading to breaches and data thefts. The increased use of personal devices and less secure home-based networks presented fresh system vulnerabilities, with cybercriminals exploiting security gaps in home routers and IoT devices to gain unauthorized access to employer systems and data.

Increased use of video conferencing is another criminal hotspot. During the pandemic, “Zoombombing” became a novel form of harassment, with confidential information shared during virtual meetings intercepted and missued for various malicious activities. Multi-factor authentication, VPNs, and end-to-end encryption are helping to safeguard these risks, as is enhanced employee training that prioritizes building a cybersecurity culture that recognizes and mitigates threats effectively.

A New Era: The Intersection of Cybercrime and Geopolitics

Cybercrime is also increasingly connected with geopolitics. Nation-states use cyberattacks to achieve strategic objectives, disrupt adversaries, and exert global influence. They attack critical infrastructures like electricity grids, water supplies, and public health systems, aiming to create chaos and undermine societal norms and confidence. Recent tensions between global powers are mirrored in cyberspace, with sophisticated attacks— some suspected of being state-sponsored—targeting government institutions, stealing sensitive data, and manipulating public opinion through disinformation.

These geopolitical undertones amplify the severity and complexity of cyberattacks and make coordinated global responses more challenging and critical. Nations must bolster their cyber defenses not only against cybercriminals but also against potential state-sponsored threats that bring with them significant geopolitical implications.

How Governments and Organizations Are Responding to Cybercrime & Cyber Threats

Organizations looking to optimize their cyber insurance strategy must collaborate with government entities, deploying strategic and tactical mechanisms that safeguard digital landscapes.

Governments worldwide are introducing robust cyber legislation and policies, such as the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the US. These mandates join other international initiatives prioritizing legal collaboration and collective capabilities to counteract cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) in the US has been instrumental in strengthening the country’s cyber defenses, with efforts including:

  • Enhancing public and private sector collaboration
  • Sharing threat intelligence
  • Providing guidelines to improve cybersecurity postures

Organizations are also fortifying their defenses, investing heavily in:

  • Advanced cybersecurity technologies and infrastructures
  • Advanced technologies and frameworks like the ISO/IED 27001 to manage and mitigate cybersecurity threats
  • Training programs that equip employees to recognize cyber threats and prevent cyberattacks

Collaboration, education, and technological solutions can help create a resilient environment that adapts to current and future increases in cybercrimes. A collective approach enhances cybersecurity strategies, making them more effective and responsive, positioning organizations and nations as a unified front against cybercrime’s growing challenges.

The Future Landscape: Predicting Threats and Creating Solutions

Will organizations and governments ever be able to precisely predict potential cyber threats? Probably not, but they can remain agile in protecting themselves from AI-driven attacks, quantum computing challenges, and other emerging threats by:

  • Continuously updating and adapting cybersecurity strategies and technologies to lessen risks
  • Emphasizing the need for continuous learning to stay one step ahead of cybercriminals
  • Developing proactive, predictive analytics and threat intelligence capabilities to identify vulnerabilities before criminals exploit them

A silver lining is that as cyber threats escalate, so too do cybersecurity innovations. Emerging technologies and approaches like Zero Trust Architecture (ZTA), quantum cryptography, and automated threat hunting are setting new benchmarks in cybersecurity resilience.

  • Zero Trust Architecture (ZTA) promotes a “never trust, always verify” approach that’s especially useful in remote and hybrid work environments
  • Quantum cryptography offers unprecedented security in data transmission, ensuring information remains secure as computational capabilities improve
  • Automated threat hunting proactively identifies and analyzes potential threats in networks and systems, preemptively uncovering, isolating, and remediating threats before they become attacks or breaches

Basic security measures like software updates, patches, and open security architectures will also play an essential role in preventing cyber crimes, as will personal responsibility. The private sector and international law enforcement agencies must work together to combat threats, and existing policies and procedures must be improved to increase data security.

Experts know the problem is more prevalent in countries with weak cybercrime legislation, so it’s critical for like-minded governments to remain firm on solutions like the Budapest Convention, which has made at least modest progress against cybercrime. Finally, the international community must keep up the pressure on countries that are currently havens for cybercriminals, developing penalties that compel them to change their ways and support the global effort in combatting cybercrime.

The Case for Ethical Hacking

Ethical hacking is emerging as a powerful tool in cybersecurity. Organizations and governments employ ethical or “white hat” hackers to legally break into their computers and networks to test their overall security. Tech giants like Facebook (Meta) and Google often sponsor hackathons and bug bounty programs where hackers are nicely rewarded for discovering vulnerabilities and reporting potential security threats. Microsoft hosts an annual “BlueHat” convention where hackers test products and find security issues.

Over the past two decades, ethical hacking has gone from being a controversial weapon to the mainstream. Today, it’s considered a necessity as “black hat” hackers have rocketed. White hat initiatives are a proactive way to leverage the skills of ethical hackers to identify and address vulnerabilities before malicious actors can exploit them.

Building Cybersecurity Resilience

The digital landscape is and will continue to be a target for threats and investment. Security teams must be equipped to react quickly to emerging risks and vulnerabilities, protecting organizations and governments against hacks and responding to cybercrimes effectively.

Organizations will be expected to accept increased liability for any financial risk customers experience, and there’s a growing call for cyber risk insurance. They’ll also need to demonstrate greater resilience so they can fight back and quickly recover from cyberattacks. Some businesses may need to rebuild their systems altogether to meet these requirements.

Data protection, ethics, and respect for the individual are excellent ways for organizations to gain a strong competitive advantage. Veritas’ proven, integrated approach to data management and protection combines these principles with advanced technological solutions that deliver a formidable defense against cybercrime. Sophisticated encryption, real-time threat intelligence, and adaptive response mechanisms join forces to safeguard sensitive data while ensuring accessibility and compliance.

Moreover, our holistic approach secures your data landscape, significantly enhances operational efficiency, and reduces costs, delivering unparalleled value, performance, and peace of mind in an interconnected digital world.

Learn more about how Veritas is committed to safeguarding your data at our Veritas Trust Center.


Get in touch with us today to secure your company’s long-term future with reliable data backup solutions


Veritas customers include 95% of the Fortune 100, and NetBackup™ is the #1 choice for enterprises looking to protect large amounts of data.

Learn how Veritas keeps your data fully protected across virtual, physical, cloud and legacy workloads with Data Protection Services for Enterprise Businesses.