Hackers have evolved from 1980s worm attacks into fully-funded organizations that are now able to tap into some of most lucrative industries around the globe. Cybercrime today is a major threat for any company that has a device connected to the Internet and continues to have an economic impact around the globe.
The roots of the modern cyberattack can be traced back to the 1988 Morris worm attack. A small program, launched by a computer in the Massachusetts Institute of Technology’s (MIT), spread remarkably before the World Wide Web. The worm infected 6,000 out of 60,000 computers that were connected to the Internet at the time. Morris Worm damage was hard to estimate, but estimates ranged from US$100,000.00 up to US$millions.
Over the past few decades, cybercrime became more sophisticated. Threats reflected geopolitical tensions. Hackers gained fame. In 1999, the DoD and NASA were hacked by a teenager who installed backdoor access on servers in order to download $1.7m worth of software. Then, in 2021 the Colonial Pipeline A ransomware attack in the U.S. forced a company to close the pipeline, and pay $4.4M in Bitcoin. CIOp, a group of hackers from 2023, exploited an unknown vulnerability in MOVEit’s file transfer software. This affected approximately 62,000,000 users and 2,000 companies.
Cybercrime: The Economic Impact
With a Gross Domestic Product (GDP), estimated at $25.44 trillion by the year 2022, the United States is the largest economy in the world. China, which ranked second with a gross domestic product (GDP) of $17.96 billion, was not far behind. Cybercrime, however, is increasing at an astonishing rate. In 2021, it caused global damages that cost $6 trillion — approximately $2 trillion more than the GDP of Japan — the country with the world’s third-largest economy.
According to Evolve SecurityOver the next five-year period, cybercrime is projected to increase by 15%. Estimates from Statista’s cybersecurity outlook Cybercrime will cost the global economy nearly $24 trillion per year by 2027. This is up from $8.4 trillion per annum in 2022.
In Germany, A Study by Bitkom Cybercrimes are responsible for damages of 206 billion euros. This is equivalent to 5% the country’s GDP. 62% of businesses also consider cybersecurity threats to be significant. Phishing, password attacks on computers, malware infections, Ransomware and SQL injection are the most common types of attack.
According to IT GovernanceThe Top 10 Cybersecurity Breaches by Organization, Location, and Records Breached in 2023 were:
- DarkBeam, U.K. – 3,800,000,000 records broken
- Real Estate Wealth Network, U.S.,1,523,776,691 records breached
- Indian Council of Medical Research, India: 815,000,000 records broken
- Kid Security, Kazakhstan, 300,000,000 records breached
- Twitter (X), U.S. 220,000,000 records are broken
- TuneFab Hong Kong: 151,000,000 records broken
- Dori media group, Israel: breach of 100 TBs of data
- Tigo Hong Kong – 100,000,000 records broken
- SAP SE Bulgaria Bulgaria breaches 95,592,696 records
- Luxottica Group, Italy, 70,000,000 records breached
Cyberthreats are on the Rise with New Tools
The digital threat landscape is growing as AI and machine learning are increasingly central in the cybersecurity conversation. In addition, the adoption of IoT technologies and Industry 4.0 exposes new vulnerabilities. A growing number of cybercriminals are using AI to enhance their hacking skills. Attackers are also expanding their target list to include cloud environments, and sensitive data stored in SaaS application services.
Cybercriminals have become more sophisticated. They are multi-national, they work across borders and they use hierarchies.
According to The Global Risks Report 2020 According to the World Economic Forum “organized cybercrime groups are joining forces and their likelihood of being detected and prosecuted is estimated at as low as 0.05 percent in the United States.”
They target specific industries with their attacks. In addition, the emergence of ransomware-as-a-service enables hackers with limited experience to execute successful attacks, and the dark web remains an encrypted communication channel to plan activities with anonymity.
Remember Analog Crimes? They are still a factor
Cybersecurity breaches can still be caused by non-digital components or physical systems. These are often ignored. This includes unauthorized access to data centers, or other physical locations that contain sensitive information.
Employees or contractors can use sensitive information to commit social engineering breaches if they have unsecure physical access. Organisations should also be worried about the improper disposal of sensitive documents, and hardware tampering which modifies devices with malware.
Software supply chain requires special attention in addition to physical analog tightening. The software supply chain is still vulnerable and can have a disastrous impact. It is important that companies not only adhere to their own security protocols, but also examine the security practices of third-party providers.
With the relative ease and success of phishing campaigns, it is not surprising that threat actors are continuing to use deepfake attacks to spread ransomware, obtain permissions and access sensitive information.
Cybercrime defenses: strengthening them
Cybercrime is the third largest economic superpower in the world, with a GDP of $6 trillion. Everyone is vulnerable to attack, from Main Street shops and mom-and-pops to Wall Street financial juggernauts. We are all at risk, from Bulgaria to the U.S. As these shadow organisations become more organized and sophisticated cybersecurity will need to evolve into a necessity for business, similar to energy or cloud services.
AI and machine-learning hold immense potential for improving corporate productivity. Those same tools, when used for nefarious purposes, will cause global IP destruction and chaos. Ignorance, on the other hand, will open networks to bad actors. This will continue a revenue source for cybercrimes.
We need to take persistent and pervasive steps to tighten up the physical and digital aspects on devices, platforms and systems. Without the full knowledge of all attack vectors — including partner systems in the supply chain — a well-informed and trained employee base, and the application of sophisticated cybersecurity tools, organizations will continue to be the victims and unwillingly fund their perpetrators.