“The modern thief can steal more with a computer than with a gun; Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb.”
– National Research Council, “Computers at Risk”
The technological advancement which was estimated to be a boon for mankind has started casting a darker spell instead. The omnipresence of technology in our lives has made the task of managing cyber threats more challenging. Cyber-attacks, malware, identity theft, ransomware, phishing and spam are the menacing cybersecurity threats through which cyber criminals launch these attacks.
Over the years, the cyber attacks have grown in leaps and bounds. The concept of an organization limiting its business operations strictly within the organizational space is not possible anymore. The complete visibility of nay business is long gone with the advent of data-driven digitally interconnected business enterprise. Today we operate in the age of extended enterprise where external stakeholders like service providers and vendors and contractors have access to business networks to deliver value. Additionally, employees are more digitally agile and active in social media networks. It is also a common practice for the office staff to use personal mobile devices to connect to corporate IT networks for the completion of their daily tasks, as and when the requirement arises.
Facts and figures about the Cybercrime market
The World Economic Forum (WEF) has listed cyberattacks as the third most likely global risk in 2018 and given the lucrative market for cyber criminals this is not going to scale down in the coming years.
According to Forbes, the global information security spending is poised to hit $124 billion by 2019, mainly driven by privacy concerns and regulations. The scenario of a considerable rise in the cybercrime activities has put huge pressure on industry players. If the cyberattacks have increased, then it must be noted that the attack vectors have also proliferated – from emails, websites to IoT devices and weaponization of AI-enabled devices, it’s all-pervasive leaving them vulnerable. New age threats like ransomware, cryptojacking for cryptomining, attacks on cyber-physical systems involving critical infrastructure such as power grids, transportation systems and other areas are lethal. Similarly, the old methods like phishing attacks and malware infection are equally damaging for any business.
The costs of cybercrimes are mind boggling – loss, theft, manipulation of data, data processing infrastructure, theft of money, identity, intellectual property, personally identifiable data, change of application functionality to facilitate fraudulent transactions leading to gaining money illegally or disrupt business operations, digital forensic investigations, loss of productivity, reputation loss for organizations, fines, penalties, damages and law suits for organizations, loss of customers leading to dip in revenues, cost of restoration activities to bring business operations to normalcy are some of the ways in which these cybercrimes prove that they are dangerous. There have been times when business could not identify a malicious code written in a complex manner and hence, they incurred heavy losses or had to temporarily suspend business services. Some of the other impacts are that the key executives were removed from their positions and even had to face prison time which further damaged their reputation in the eyes of the public.
It is already been touted that the cybercriminal activity is going to be the biggest challenge that mankind will face in the next few decades. It is estimated that cybercrimes will cost $6 trillion annually (up from $2 trillion in 2015) in 2021. It is interesting to note that as per the Cost of Data Breach Report, 2018 of Ponemon Institute, the average total cost rose from $3.62 to $3.86 million, an increase of 6.4 percent from 2017 and the average cost for each lost record rose from $141 to $148 in 2018. The prediction is that these numbers would only grow in the years to come.
Efforts required to tackle the cybercrime market
If the market for the cybercrime is expanding, then the cybersecurity strategies must match up to obstruct the malicious attacks. According to the cybersecurity experts, one of the major issues that we are facing is that a majority of cybercrime goes unreported and uninvestigated. Every time there is a cyber attack, the entire emphasis is given to the country that might be behind the attack when the major focus should be on designing effective cybersecurity products and technologies to reduce the impact of these attacks on the economy. To slower the pace and eventually end the ever-expanding cybercrime market, there is a dire need of skilled professionals who have completed cybersecurity trainings and certifications and hence, are qualified to design stronger imperatives to deal with the issue.