With the volatile economic situation expected to continue into 2023, cyber scammers will be working harder to take advantage of people when they are more vulnerable, according Norton Labs.
Cybercriminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year, when scammers are particularly active (see How to Reduce the Impact of Cybercrime?).
Many of these cyber scammers will trick their victims into giving up their personal information and their hard-earned money for products, services or “lottery winnings” that never arrive.
Reported ransomeware incidents and their severity have skyrocketed in recent years, with monetary estimates of global 2020 cyberattack losses at around USD 945 billion. The types of attacks and targeted sectors have also evolved.
Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true.
According to Roundy, prevailing inflation and other unfavourable macroeconomic factors are likely to make people hungrier for good deals, putting them more at risk of scams than in previous years.
Top-20 cybercrime predictions for 2023
Cyber risks are considered as a top global risk for the financial sector and the economy as a whole (see New Cyber Risk & Ransomware Trends). The type of ICT risks to which the undertakings are exposed have not changed in the past years, however the frequency of incidents and the magnitude of their impact on financial entities has increased.
The frequency and severity of cyberattacks are ever increasing. Data breaches to steal personal information occur daily, but only the largest make the news.
1. Scammers will prey on vulnerable consumers
Norton expects a rise in financial-based scams, such as fake government assistance programs, to steal personal identifiable information; shopping deal scams that steal personal information or fail to deliver the order, and romance scams asking emotionally vulnerable consumers for money or gift cards (see Ransomware Insurance and Cyber Risk Landscape).
2. Short-staffed companies will be more open to vulnerabilities
Operating with smaller staff, short-staffed companies will experience a jump in data breaches and ransomware attacks. Hackers now use “triple extortion” techniques, and ransomware-as-a-service has lowered entry barriers to rogue actors (see Embedding Cyber Risk in Risk Management).
Small and medium-sized enterprises (SME) with little defence capacity have become easy targets for cyber criminals, while digitalisation of industries including the healthcare and critical infrastructure sectors, has increased vulnerabilities across entire supply chains.
3. Advances in AI will make scamming easier
Norton said scammers will increasingly wield AI in their crimes as this technology becomes even more accessible and easier to use. As language and video AI models advance, scammers can imitate real people in real time with deepfakes to trick people into giving over their financial and personal information.
In the last two years, first-party claims have become dominant, with ransomware incidents from organised crime shifting damages to core business.
Firms, insurers and public authorities have redoubled risk management efforts, and industry associations and insurers have worked together to address the related issue of “silent cyber” by clarifying the scope of traditional policies.
4. Anticipate more breaches
Cybercriminals are finding ways to breach standard multi-factor authentication technologies. Companies that continue to use weak two-factor authentication practices will leave themselves and their customers open to serious data breaches, which can lead to mass leaks of consumer information.
Norton expects to see more data breaches, making it even more critical for individuals to continue using unique, complex passwords across their accounts.
6. Global cybercrime damage predicted to hit $10.5 trln annually by 2025
According to Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year over the next three years, reaching $10.5 trillion USD annually by 2025. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
7. Global cybersecurity spending will exceed $1.75 trln cumulatively from 2021-2025
The imperative to protect increasingly digitized businesses, Internet of Things (IoT) devices, and consumers from cybercrime will propel global spending on cybersecurity products and services to $1.75 trillion cumulatively for the five-year period from 2021 to 2025, according to Cybersecurity Ventures.
In 2004, the global cybersecurity market was worth just $3.5 billion and now it’s one of the largest and fastest-growing sectors in the information economy.
8. World will have 3.5 mn unfilled cybersecurity jobs in 2023
Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure and people.
There will be 3.5 million unfilled cybersecurity jobs globally in 2023 — enough to fill 50 NFL stadiums — according to Cybersecurity Ventures.
This is up from Cisco’s previous estimation of 1 million cybersecurity openings in 2014. Surging cybercrime will result in a similarly large number of unfilled positions over the next 5 years.
9. Global ransomware damage costs are predicted to exceed $265 billion by 2031
Global ransomware damage costs were predicted to reach $20 billion annually in 2021, up from $325 million in 2015, which is a 57X increase. In a decade from now, the costs will exceed $265 billion.
Cybersecurity Ventures predicted that a business fell victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019. This makes ransomware the fastest-growing type of cybercrime.
The frequency of ransomware attacks on governments, businesses, consumers, and devices will continue to rise over the next 5 years and reach every two seconds by 2031.
10. World will need to cyber protect 200 zettabytes of data by 2025
Total global data storage is projected to exceed 200 zettabytes by 2025. This includes data stored on private and public IT infrastructures, on utility infrastructures, on private and public cloud data centers, on personal computing devices — PCs, laptops, tablets, and smartphones — and on IoT (Internet-of-Things) devices.
Cybersecurity Ventures predicts that the total amount of data stored in the cloud — which includes public clouds operated by vendors and social media companies, government-owned clouds that are accessible to citizens and businesses, private clouds owned by mid-to-large-sized corporations, and cloud storage providers — will reach 100 zettabytes by 2025, or 50% of the world’s data at that time, up from approximately 25% stored in the cloud in 2015.
11. Cyberinsurance market is predicted to hit $14.8 billion annually by 2025
The increasing rate of cyberinsurance adoption is expected to surge over the next decade, as the growing profile of large-scale cyberattacks — and the accompanying financial risk they impose — prompts company directors and executives to move to limit their company’s exposure to cybersecurity compromise.
Cybersecurity Ventures predicts the cyberinsurance market will grow from approximately $8.5 billion in 2021 to $14.8 billion in 2025, and exceed $34 billion by 2031, based on a CAGR (compound annual growth rate) of 15 percent over an 11-year period (2020 to 2031) calculated.
12. Cryptocrime is predicted to cost the world $30 billion annually by 2025
Rapid growth in the use of decentralized finance (DeFi) services is creating a new soft spot for global financial systems, fostering new methods of cryptocrime for cybercriminals whose “rug pulls” and other attacks will, Cybersecurity Ventures predicts, cost the world $30 billion in 2025 alone.
That’s nearly twice the $17.5 bilion — and expected to grow by 15 % annually as the cryptocurrency market continues to expand, fueling cybercriminals’ increasing interest in pilfering cryptocurrency stores.
Cybercriminals’ attention to crypto is manifesting in a range of ways, including direct exchange hacks and scams designed to trick people into handing over their cryptocurrency holdings for any number of false purposes.
13. Women are predicted to hold 30 % of cybersecurity positions globally by 2025
Women hold 25 % of cybersecurity jobs globally in 2022, up from 20 % in 2019, and around 10 % in 2013.
We predict that women will represent 30% of the global cybersecurity workforce by 2025, and that will reach 35% by 2031.
This goes beyond securing corporate networks and includes IoT, IIoT and ICS security, and cybersecurity for medical, automotive, aviation, military defense, and other.
The gender gap becomes a chasm when we consider the top roles in cybersecurity. For example, women hold only 17 % of chief information security officer (CISO) roles at Fortune 500 companies.
14. More than 90% of the human population, aged 6 years and older, will be online by 2030
Roughly one million more people join the internet every day. We expect there will be 6 billion people connected to the internet interacting with data in 2022, up from 5 billion in 2020 — and more than 7.5 billion internet users in 2030.
15. World will need to secure 338 billion lines of new software code in 2025
We estimate the world will need to secure 338 billion lines of new software code in 2025, up from 111 billion lines of new code in 2017, based on 15 % year-over-year growth in new code.
This little-known statistic has been one of the most important for CISOs and security leaders to take note of over the past 5 years.
Organizations globally have a major application testing and scanning chore on their hands which has been created (in part) by self-taught and renegade programmers who’ve generated a massive amount of insecure code.
16. Increase in digital supply chain attacks
With the rapid modernization and digitization of supply chains come new security risks. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains—this is a three-fold increase from 2021. Previously, these types of attacks weren’t even likely to happen because supply chains weren’t connected to the internet. But now that they are, supply chains need to be secured properly.
The introduction of new technology around software supply chains means there are likely security holes that have yet to be identified, but are essential to uncover in order to protect your organization in 2023.
If you’ve introduced new software supply chains to your technology stack, or plan to do so sometime in the next year, then you must integrate updated cybersecurity configurations. Employ people and processes that have experience with digital supply chains to ensure that security measures are implemented correctly.
17. Mobile-specific cyber threats are on-the-rise
It should come as no surprise that with the increased use of smartphones in the workplace, mobile devices are becoming a greater target for cyber-attack. In fact, cyber-crimes involving mobile devices have increased by 22% in the last year, according to the Verizon Mobile Security Index (MSI) 2022 with no signs of slowing down in advance of the new year.
As hackers hone in on mobile devices, SMS-based authentication has inevitably become less secure. Even the seemingly most secure companies can be vulnerable to mobile device hacks.
Case in point, several major companies, including Uber and Okta were impacted by security breaches involving one-time passcodes in the past year alone.
This calls for the need to move away from relying on SMS-based authentication, and instead to multifactor authentication (MFA) that is more secure. This could include an authenticator app that uses time-sensitive tokens, or more direct authenticators that are hardware or device-based.
18. Double down on cloud security
As more companies opt for cloud-based activities, cloud security—any technology, policy, or service that protects information stored in the cloud—should be a top priority in 2023 and beyond.
Cyber criminals become more sophisticated and evolve their tactics as technologies evolve, which means cloud security is essential as you rely on it more frequently in your organization.
The most reliable safeguard against cloud-based cybercrime is a zero trust philosophy. The main principle behind zero trust is to automatically verify everything—and essentially not trust anyone without some type of authorization or inspection. This security measure is critical when it comes to protecting data and infrastructure stored in the cloud from threats.
19. Ransomware-as-a-Service is here to stay
Ransomware attacks continue to increase at an alarming rate. Data from Verizon discovered a 13% increase in ransomware breaches year-over-year. Ransomware attacks have also become increasingly targeted — sectors such as healthcare and food and agriculture are just the latest industries to be victims, according to the FBI.
With the rise in ransomware threats comes the increased use of Ransomware-as-a-Service (RaaS).
This growing phenomenon is when ransomware criminals lease out their infrastructure to other cybercriminals or groups. RaaS kits make it even easier for threat actors to deploy their attacks quickly and affordably, which is a dangerous combination to combat for anyone leading the cybersecurity protocols and procedures. To increase protection against threat actors who use RaaS, enlist the help of your end-users.
20. Data privacy laws are getting stricter—get ready
We can’t talk about cybersecurity in 2023 without mentioning data privacy laws. With new data privacy laws set to go into effect in several states over the next year, now is the time to assess your current procedures and systems to make sure they comply. These new state-specific laws are just the beginning; companies would be wise to review their compliance as more states are likely to develop new privacy laws in the years to come.
Data privacy laws often require changes to how companies store and processing data, and implementing these new changes might open you up to additional risk if they are not implemented carefully. Ensure your organization is in adherence to proper cyber security protocols, including zero trust, as mentioned above.
The surge in ransomware attacks drove loss ratios higher in 2020. Insurers responded by increasing prices, improving underwriting discipline, introducing sub-limits and coinsurance, clarifying terms and conditions, and excluding – or explicitly pricing for – cyber exposures in other property and liability policies. These actions had a degree of success: loss ratios plateaued in 2021.
Cyberattacks are a real threat in today’s ever-evolving cyber risk landscape. Furthermore, the COVID-19 pandemic has forced almost all organizations to speed up their digital transformation priorities. It changed the way organizations learn from and deal with cyber risks.
Using industry type to classify risks is a good way to start pricing cyber risk, but insurers also need to consider a company’s data volume, data value, number of endpoints to protect and vendors (see Global Cyber Insurance Claims).
In summary, the future of cybercrime is likely to be marked by continued growth in ransomware attacks, increased use of AI and ML by cybercriminals, an increase in IoT attacks, the deployment of 5G networks, a focus on supply chain attacks, and the emergence of new cybercrime tactics and technologies.
To protect against these threats, organizations will need to invest in robust security measures, stay up-to-date on the latest trends, and educate their employees about how to identify and avoid cyber attacks.
AUTHOR: Oleg Parashchak – CEO Finance Media & Editor-in-Chief at Beinsure Media