What do cybercriminals want? Why is cybercrime on the rise despite significant advancements in security technologies and widespread cyber awareness campaigns?
Financial gain is undoubtedly the primary motivation for most hackers. However, people who study cybercrime say recognition, achievement, and political beliefs also play a role. More traditional crimes like corporate espionage, state actors, and insider threats now have digital capabilities, expanding their impact as well.
With data often deemed more valuable than gold, the sad truth is that most malicious actors find it exciting to wield their power in the cyber realm, reveling in creating sophisticated tools and tactics to bypass even the most robust security measures. For those being attacked, the anonymity offered by the internet and the rapid evolution of technologies make combatting these cyber threats complex and challenging.
There’s no turning back from the digital revolution, nor should we want to, as its advantages and benefits far outweigh the risks. As cybercrimes continue to escalate in scale and sophistication, it is up to organizations to proactively bolster defenses and ensure cyber resilience, safeguarding critical data and operations.
Cybercrime is an umbrella term for illegal activities criminals carry out online, targeting data and digital systems. The methods used to perpetrate the crimes range from deploying malware to exploiting system and software vulnerabilities and using advanced persistent threats or APTs.
There seem to be as many types of cybercrime as there are ways to exploit them. Today’s most prevalent cyber threats include:
A particularly notorious case of cybercrime was the WannaCry ransomware attack in 2017 that impacted over 150 countries and was caused by a National Security Agency (NSA) tool leak. Taking advantage of a Windows vulnerability, hackers encrypted data across numerous systems worldwide, including the UK’s National Health Service, and demanded Bitcoin payment for its release. While responses varied, with some organizations paying ransoms and others restoring their systems, global coordination helped control the outbreak. Still, it highlighted the need for rigorous cybersecurity protocols, particularly in the healthcare industry, which experts say is at a heightened risk from cyberattacks.
Another 2017 high-profile case is the Equifax data breach, where hackers accessed the personal information of nearly 150 million individuals by exploiting an Apache Struts web application framework vulnerability. Viewed as one of the most significant data breaches in history, the fallout was substantial, with Equifax incurring hefty fines and suffering considerable reputational damage.
Both instances underscore the ongoing need for stringent cybersecurity protocols and a collective global approach toward mitigating cybercrime’s constant threat.
The excitement accompanying the introduction of advanced technologies is often swiftly tempered by cybercriminal ingenuity. It sets the stage for a perpetual cat-and-mouse dynamic, with hackers developing sophisticated methods, including the use of artificial intelligence, to infiltrate, disrupt, and capitalize on emerging digital landscapes.
Malicious use of AI is especially concerning, as the technology can build evermore complex phishing schemes while at the same time adapt and learn from the security measures it encounters. Blockchain technologies are being used to create secure and untraceable ransomware attack payment systems. Moreover, like their non-digital counterparts, cybercriminals are forming organized syndicates, sharing knowledge and resources to maximize their illicit activity’s impact and profitability.
Another concern? AI-driven deepfake technology is powering social engineering attacks, with cybercriminals creating hyper-realistic but entirely fake content that deceives victims into making financial transactions or revealing personal information. In 2019, scammers used the technology to trick the CEO of a UK-based energy firm into transferring over a quarter million dollars by mimicking the firm’s CEO’s voice.
Cryptocurrencies are another recent frontier for cybercriminals. The Federal Trade Commission found that crypto scams increased by an astounding 900 percent since the start of the pandemic. And more than 46,000 people were cheated out of more than a billion dollars in crypto-related schemes from 2021 and 2022. Prime targets include decentralized finance platforms (DeFi) that offer financial services outside of traditional banks. For instance, in 2022, a major DeFI platform lost over $200 million in various cryptocurrencies following a particularly sophisticated account. Cryptojacking, when criminals hijack one or more unwitting victims’ computer resources to mine cryptocurrencies, is also becoming more widespread.
Unfortunately, cryptocurrency crimes fuel other illegal activities, including so-called dark web transactions that involve the sale of illicit goods, stolen data, and malicious software. Staying ahead of these and other evolving threats is paramount for organizations, who must adopt robust cybersecurity frameworks that:
If all the above weren’t enough, cybercrime is now such a thriving industry that various actors are providing a broad range of services and equipment to cybercriminals to support their “work.” This presents several significant risks and challenges:
CaaS’ resemblance to legitimate SaaS offerings illustrates the software’s increasing sophistication and commercialization of the cybercrime ecosystem. Individuals, organizations, and governments must take the risks seriously and increase their efforts to safeguard digital assets and information.
Whether you call it cybercrime, cyber espionage, cyber warfare, or cyber terrorism, it’s a grave problem that’s having a global impact. The US has been the prime target for recent cybercrime activity, but it is not alone. Cybercriminals are targeting governments, organizations, and individuals worldwide, causing:
The global cost of cybercrime in 2023 is estimated to be $8 trillion, and most experts expect that number to reach $10.5 trillion by 2025. It’s “estimated” because many organizations and industries are reluctant to report cybercrimes against them to prevent liability and reputational damage. It’s also challenging to assess how companies are financially impacted by people avoiding online transactions out of cybercrime fear.
Cases we do know about hint at what organizations and governments around the world are facing and dealing with. For instance, in 2021, The Colonial Pipeline ransomware attack resulted in the company paying about $4.4 million to hackers who disrupted fuel supplies along the US east coast, causing spikes in gas prices and panic buying. And in April 2022, Russia-based hacking group Conti managed to encrypt Costa Rican governmental files before demanding $20 million for their safe return.
Beyond immediate economic fallout, there’s a social cost to cybercrime as well. Personal data infiltration threatens victims’ privacy, causes stress, and has the potential to manipulate societal norms and political landscapes. In the US, the FBI is especially concerned about the healthcare sector’s ransomware vulnerability. In September 2020, for example, Germany recorded the first death because of an attack on a Dusseldorf hospital. Studies suggest about 66% of healthcare organizations were hit by ransomware in 2021, an almost 100% increase over similar attacks in 2020.
One significant obstacle in managing the rising incidents of cybercrimes? A 2023 cybercrime report released by ISACA, the international professional association focused on IT governance, found that over 60% of cybersecurity teams are understaffed. This inability to regularly assess cyber risks and take appropriate measures leaves everyone vulnerable to attacks and increases the risk of breaches going undetected for extended time periods.
As the digital era expands, establishing equitable access to cybersecurity resources is paramount to safeguarding economic stability and social well-being against the unending barrage of cybercriminal activities.
Remote work exploded during the pandemic, significantly altering the cybersecurity landscape. Cybercriminals, of course, quickly adapted, exploiting new vulnerabilities brought on by the shift. Phishing attacks saw a significant uptick, with criminals pretending to offer COVID-19 information or assistance to unsuspecting remote workers, leading to breaches and data thefts. The increased use of personal devices and less secure home-based networks presented fresh system vulnerabilities, with cybercriminals exploiting security gaps in home routers and IoT devices to gain unauthorized access to employer systems and data.
Increased use of video conferencing is another criminal hotspot. During the pandemic, “Zoombombing” became a novel form of harassment, with confidential information shared during virtual meetings intercepted and missued for various malicious activities. Multi-factor authentication, VPNs, and end-to-end encryption are helping to safeguard these risks, as is enhanced employee training that prioritizes building a cybersecurity culture that recognizes and mitigates threats effectively.
Cybercrime is also increasingly connected with geopolitics. Nation-states use cyberattacks to achieve strategic objectives, disrupt adversaries, and exert global influence. They attack critical infrastructures like electricity grids, water supplies, and public health systems, aiming to create chaos and undermine societal norms and confidence. Recent tensions between global powers are mirrored in cyberspace, with sophisticated attacks— some suspected of being state-sponsored—targeting government institutions, stealing sensitive data, and manipulating public opinion through disinformation.
These geopolitical undertones amplify the severity and complexity of cyberattacks and make coordinated global responses more challenging and critical. Nations must bolster their cyber defenses not only against cybercriminals but also against potential state-sponsored threats that bring with them significant geopolitical implications.
Organizations looking to optimize their cyber insurance strategy must collaborate with government entities, deploying strategic and tactical mechanisms that safeguard digital landscapes.
Governments worldwide are introducing robust cyber legislation and policies, such as the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the US. These mandates join other international initiatives prioritizing legal collaboration and collective capabilities to counteract cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) in the US has been instrumental in strengthening the country’s cyber defenses, with efforts including:
Organizations are also fortifying their defenses, investing heavily in:
Collaboration, education, and technological solutions can help create a resilient environment that adapts to current and future increases in cybercrimes. A collective approach enhances cybersecurity strategies, making them more effective and responsive, positioning organizations and nations as a unified front against cybercrime’s growing challenges.
Will organizations and governments ever be able to precisely predict potential cyber threats? Probably not, but they can remain agile in protecting themselves from AI-driven attacks, quantum computing challenges, and other emerging threats by:
A silver lining is that as cyber threats escalate, so too do cybersecurity innovations. Emerging technologies and approaches like Zero Trust Architecture (ZTA), quantum cryptography, and automated threat hunting are setting new benchmarks in cybersecurity resilience.
Basic security measures like software updates, patches, and open security architectures will also play an essential role in preventing cyber crimes, as will personal responsibility. The private sector and international law enforcement agencies must work together to combat threats, and existing policies and procedures must be improved to increase data security.
Experts know the problem is more prevalent in countries with weak cybercrime legislation, so it’s critical for like-minded governments to remain firm on solutions like the Budapest Convention, which has made at least modest progress against cybercrime. Finally, the international community must keep up the pressure on countries that are currently havens for cybercriminals, developing penalties that compel them to change their ways and support the global effort in combatting cybercrime.
Ethical hacking is emerging as a powerful tool in cybersecurity. Organizations and governments employ ethical or “white hat” hackers to legally break into their computers and networks to test their overall security. Tech giants like Facebook (Meta) and Google often sponsor hackathons and bug bounty programs where hackers are nicely rewarded for discovering vulnerabilities and reporting potential security threats. Microsoft hosts an annual “BlueHat” convention where hackers test products and find security issues.
Over the past two decades, ethical hacking has gone from being a controversial weapon to the mainstream. Today, it’s considered a necessity as “black hat” hackers have rocketed. White hat initiatives are a proactive way to leverage the skills of ethical hackers to identify and address vulnerabilities before malicious actors can exploit them.
The digital landscape is and will continue to be a target for threats and investment. Security teams must be equipped to react quickly to emerging risks and vulnerabilities, protecting organizations and governments against hacks and responding to cybercrimes effectively.
Organizations will be expected to accept increased liability for any financial risk customers experience, and there’s a growing call for cyber risk insurance. They’ll also need to demonstrate greater resilience so they can fight back and quickly recover from cyberattacks. Some businesses may need to rebuild their systems altogether to meet these requirements.
Data protection, ethics, and respect for the individual are excellent ways for organizations to gain a strong competitive advantage. Veritas’ proven, integrated approach to data management and protection combines these principles with advanced technological solutions that deliver a formidable defense against cybercrime. Sophisticated encryption, real-time threat intelligence, and adaptive response mechanisms join forces to safeguard sensitive data while ensuring accessibility and compliance.
Moreover, our holistic approach secures your data landscape, significantly enhances operational efficiency, and reduces costs, delivering unparalleled value, performance, and peace of mind in an interconnected digital world.
Learn more about how Veritas is committed to safeguarding your data at our Veritas Trust Center.
Get in touch with us today to secure your company’s long-term future with reliable data backup solutions.
Veritas customers include 95% of the Fortune 100, and NetBackup™ is the #1 choice for enterprises looking to protect large amounts of data.
Learn how Veritas keeps your data fully protected across virtual, physical, cloud and legacy workloads with Data Protection Services for Enterprise Businesses.