During the past 40 years, hackers have graduated from worm attacks in the 1980s to fully funded organizations tapping into some of the most lucrative industries in the world. Today, cybercrime is a significant threat to any company with a device attached to the internet and continues to cause substantial economic impact worldwide.
The modern-day cyberattack can trace its roots back to the 1988 Morris worm attack. Before the World Wide Web had made an impact, a small program launched from a computer at the Massachusetts Institute of Technology (MIT) propagated remarkably. It infected an estimated 6,000 of the approximately 60,000 computers connected to the internet at the time. Although it was difficult to calculate the exact damage caused by the Morris worm, estimates put it anywhere between US$100,000 and the millions.
Over the decades, cybercrime has become more sophisticated, with threats reflecting geopolitical tensions and hackers gaining notoriety. In 1999, a teenager hacked into the DoD and NASA and installed backdoor access to servers to download $1.7 million in software. Fast-forward to 2021, and the Colonial Pipeline in the U.S. was subject to a ransomware attack that forced the company to shut the pipeline down and pay $4.4 million via Bitcoin. In 2023, the CIOp gang exploited a zero-day vulnerability in the MOVEit file transfer software that affected 2,000 organizations and an estimated 62 million people.
Economic Scale of Cybercrime
The United States, with a gross domestic product (GDP) of $25.44 trillion at the end of 2022, is by far the world’s largest economy. China followed in second place, with a GDP of $17.96 trillion. However, cybercrime is growing at a remarkable rate. In 2021, it caused global damages that cost $6 trillion — approximately $2 trillion more than the GDP of Japan — the country with the world’s third-largest economy.
According to Evolve Security, cybercrime will grow by 15% annually over the next five years. Estimates from Statista’s cybersecurity outlook see the annual global cost of cybercrime rising to nearly $24 trillion by 2027, compared to $8.4 trillion in 2022.
In Germany, a study by Bitkom highlighted that cybercrimes have caused total damages amounting to 206 billion euros, representing 5% of the nation’s GDP. Furthermore, 62% of companies view cybersecurity threats as significantly large, with phishing, password attacks, malware infections, ransomware, and SQL injection being the most commonly recorded forms of attack.
According to IT Governance, the Top 10 Cybersecurity Breaches in 2023 by organization, location, and records breached were:
- DarkBeam, U.K., 3,800,000,000 records breached
- Real Estate Wealth Network, U.S.,1,523,776,691 records breached
- Indian Council of Medical Research (ICMR), India, 815,000,000 records breached
- Kid Security, Kazakhstan, 300,000,000 records breached
- Twitter (X), U.S., 220,000,000 records breached
- TuneFab, Hong Kong, 151,000,000 records breached
- Dori Media Group, Israel, 100 TB of data breached
- Tigo, Hong Kong, 100,000,000 records breached
- SAP SE Bulgaria, Bulgaria, 95,592,696 records breached
- Luxottica Group, Italy, 70,000,000 records breached
New Tools Bring Elevated Cyberthreats
As artificial intelligence (AI) and machine learning become central to the cybersecurity dialogue, the landscape of digital threats is intensifying. The adoption of technologies like IoT and Industry 4.0 unveils new vulnerabilities, while an increasing number of threat actors leverage AI to enhance their hacking capabilities. Furthermore, attackers are broadening their targets to include cloud environments and the sensitive data housed in SaaS companies’ application services.
Cybercriminals are nebulous; they collaborate across borders and have adopted hierarchies and specialized roles that make these bad actors more sophisticated, which is a significant challenge for law enforcement to track and prosecute them.
According to The Global Risks Report 2020 by the World Economic Forum, “Organized cybercrime entities are joining forces, and their likelihood of detection and prosecution is estimated to be as low as 0.05% in the United States.”
These bad actors focus on specific industries and accurately tailor their exploits. In addition, the emergence of ransomware-as-a-service enables hackers with limited experience to execute successful attacks, and the dark web remains an encrypted communication channel to plan activities with anonymity.
Remember Analog Crimes? They Are Still a Factor
Cybersecurity breaches still occur from non-digital or physical system components and are often overlooked. These non-digital areas include unauthorized access to secure data centers or other physical locations where sensitive information is stored.
Unsecured physical access allows employees or contractors to leverage sensitive information for social engineering breaches. Organizations must also be concerned about improperly disposing of sensitive documents and hardware tampering that modifies devices with malicious code.
In addition to the physical analog tightening, the software supply chain needs particular attention. It is still a weak link that can have a devastating impact. Companies must not only maintain their security protocols but also scrutinize the security practices of their third-party suppliers.
Furthermore, threat actors continue to use deepfake social engineering attacks to foster ransomware, gain permissions, and access sensitive data with the relative success and ease of phishing campaigns.
Fortifying Cybercrime Defenses
Cybercrime’s GDP of $6 trillion has made it the world’s third-largest economic superpower. No one is immune to an attack from small mom-and-pop Main Street shops to Wall Street financial juggernauts. From Bulgaria to the U.S., we are all targets. As these shadow organizations become more organized and sophisticated, cybersecurity will have to morph into a must-have business utility such as energy or cloud services.
The advent of AI and machine learning holds immense possibilities for advancing corporate productivity. By contrast, the same tools applied to nefarious activities will unleash global IP devastation and chaos. Ignorance will be the Trojan Horse that opens networks to bad actors and continues a revenue stream for cybercrimes.
To remedy the activities of this well-funded, borderless entity, we need persistent, pervasive measures to tighten the physical and digital aspects of devices, platforms, and systems. Without the full knowledge of all attack vectors — including partner systems in the supply chain — a well-informed and trained employee base, and the application of sophisticated cybersecurity tools, organizations will continue to be the victims and unwillingly fund their perpetrators.
