Cybercrime is on the rise and shows no sign of stopping. If the cybercrime industry were a country, it would be the world's third-largest economy.
However, cybercrime was not always so profitable. So what took cyberattacks from rarities to a common, costly threat? Technology has recently changed in ways that are beneficial to cybercriminals.
WEBIT Services is an IT provider that is passionate about education and cybersecurity. For over 25 years, WEBIT has helped educate and protect hundreds of clients.
By reading this article, you'll learn the five factors that contributed to the increase in cyberattacks.
5 Factors that changed cybercrime
1. Increased internet speeds and decreased cost
Cheaper, faster internet has given everyone greater access to the sites they want. But, unfortunately, it's also allowed cybercriminals to easily enter and exit networks and accounts.
Ten years ago, internet connections were slower. Moreover, some rural areas didn't have readily available internet connections.
Slow internet made breaking into networks and accounts difficult and risky for cybercriminals. They risked failure and exposure if they couldn't get their programs or a site to load quickly or reliably.
Cybercrime relies on stealth.
Now, internet connections are flourishing. As a result, there's a massive demand for more available connections and faster speeds. Even our mobile devices connect online.
As we connect to streaming services in a blink of an eye, so can cybercriminals.
But they're not connecting to view television shows. Instead, they're looking for valuable information they can sell or ransom. Then, before they're noticed, they vanish, taking the intel with them.
More opportunities have opened for cybercriminals due to fast and available internet connections.
2. The rise of cryptocurrency
The growing popularity of cryptocurrency gave cybercriminals an untraceable payment method.
Previously, asking for money transfers was risky for cybercriminals. Authorities can trace government-recognized currencies and follow the cash to careless criminals.
Because of this risk, cybercriminals focused instead on stealing and selling information on the dark web or black market. Still, even maneuvering in the financial shadows could expose them.
Cryptocurrency presented both reduced risk and increased profitability of cybercrime.
Unregulated, untraceable payments
Cryptocurrency is not regulated by any governing body, so it is both unstable and essentially untraceable. Anyone can create a new kind of cryptocurrency. The value system is set by what people are willing to pay.
Buying and transferring cryptocurrency also takes time. First, you have to set up your crypto "wallet." Then you have to decipher the current conversion rate for your cryptocurrency of choice. Finally, you purchase the currency you want to transfer.
The longer this takes, the harder it becomes to locate the cybercriminals.
Even if cybercrime victims refuse to pay, cybercriminals can remain undetected.
When cryptocurrency first came onto the market, cybercriminals didn't request large ransoms. Initially, ransomware criminals didn't demand more than $10,000 at a time.
The US government was not going to spend time chasing small claims.
In 2015, the Assistant Special Agent in Charge of the Cyber and Counterintelligence Program, Joseph Bonavolonta, said, "The ransomware is that good … To be honest, we often advise people just to pay the ransom."
This statement seemed to encourage cybercrime victims to make payments. As such, cybercriminals began testing the waters with more significant demands.
Their small ransoms slowly but steadily grew until they became the massive ransomware industry we know today.
In 2021, the average cost of a ransomware attack was $1.85 million.
Furthermore, experts estimate that ransomware costs will continue to grow by 30% each year over the next decade. If that's the case, ransomware attacks could cost a collective total of $265 billion by 2031.
3. AI programs save time and effort
In recent years, AI programs and systems are becoming more prevalent in personal and professional spaces. But, unfortunately, they've also found a home in cybercrime.
Cybercriminals now have artificial intelligence do their work for them.
AI programs can help break into networks and then observe them.
First, AIs create "blunt force" cyberattacks that guess passwords to gain access.
Then, these programs analyze this particular network's defenses. Once they know how the network's protections and setup, the cybercriminal can shut down the system, steal data, or both.
Using AI programming makes the cybercriminal's job more manageable. For example, in the past, criminals would have to guess or steal passwords to gain access. Now, a program will do guesswork in significantly less time.
In addition, cybercriminals no longer risk exposure by poking around a network on their own. An AI program can sit in stealth mode within a network for months before being detected. The damage is already done by the time it's found (if found at all).
4. The pandemic opened new security weaknesses
Cybercriminals discovered new opportunities when the COVID-19 pandemic sent the masses home for lockdowns.
Many businesses were unprepared for a remote workforce, so many employees worked on personal devices. Unfortunately, this inadvertently opened a door for cyberattacks.
Home networks and computers do not have the same defenses as their professional counterparts. If an infected personal computer connects to a business network, it exposes the network.
For example, during the lockdown, Bob works from home on his personal computer because his office doesn't have a spare laptop.
His son uses that same computer to download games. One day, his son downloads malware without realizing it. When Bob logs into work the next day, the malware spreads to his company and puts business data at risk for exploitation.
Bob and his son didn't intentionally expose the company to a cyberattack. Instead, it happened through a lack of planning, resources, and protection.
5. The goal of cybercrime changed
Cybercrime has evolved from causing chaos to a money-making industry.
Cybercrime once focused on creating confusion and damage to organizations. Often it included both nation-states attacking infrastructures and aspiring coders testing their mettle. These were targeted attacks focused on disrupting systems.
Now, cybercrime has become a highly-profitable industry.
Criminals now focus on ransomware attacks—holding your information and systems hostage until you meet their demands. Networks are unusable until ransoms are paid, and ransom prices are growing in cost and frequency.
Is it still disruptive and chaotic? Absolutely. But now, cyberattacks have an even higher price tag.
How fighting cybercrime has changed
Once upon a time, backups, antivirus, and firewalls were enough to protect your business from cyberattacks. Not anymore.
As cybercriminals and their software became more innovative, the tools to repel them changed. An advanced enemy requires advanced defenses.
Cybersecurity systems require several tools, including AI programs, to keep cybercriminals out of their networks. These tools have moved beyond "antivirus" (now an antiquated term) and are known instead as "endpoint protection."
Endpoint protection tools include:
- DNS filtering
- Employee training
- Multi-factor authentication
- Mobile device security
- Software and operating system patches and updates
- Anti-spam programs
- Data encryption
- Password management
- Security policies
Networks without these tools are particularly vulnerable to cyberattacks.
Cybersecurity has grown so advanced that it has become its own industry.
Once, IT providers included security as part of their services. However, as cybersecurity continued to evolve and grow more complex, it required new, specialized experts.
Today, businesses can hire a Managed Security Service Provider (MSSP) to monitor and protect their networks.
An MSSP can partner with a Managed IT Service Provider (MSP), or you can hire a hybrid MSP with an MSSP branch to manage and protect your technology.
Next steps to protect your business from cyberattacks
Over the last decade, technology exploded with innovations. Unfortunately, some of those changes contributed to the rise in cyberattacks on individuals and companies alike.
Five factors that helped grow the cybercrime industry are:
- Increased internet speed and availability for easier, faster attacks.
- The growing popularity of untraceable cryptocurrency.
- The development of AI software to aid in attacks.
- The lack of security in the pandemic remote workforce.
- A change in focus from disrupting infrastructures to demanding ransom payments.
Fortunately, quality IT providers and MSSPs have also developed tools and systems to help protect businesses from cyberattacks.
To learn more about your company's cybersecurity setup, speak to your provider and review your most recent risk assessment. Your provider will use this assessment to determine how to increase security for your unique organization.
If it's been more than three months since your last evaluation or a significant change to your infrastructure, you can request a risk assessment.
If your IT provider has not performed or is unwilling to discuss a risk assessment, this is a red flag that this provider may be unable to meet your security needs.
WEBIT Services has helped build cybersecurity systems and education for hundreds of clients in the Chicago area.
If you are looking for a new IT provider, schedule a free 30-minute consultation to see how WEBIT can help.
If you aren't ready to make a commitment but would like to learn more about cybersecurity, we recommend the following articles:
- 7 Tips for building a culture of cybersecurity
- Is my business secure? | 6 cybersecurity practices to know
- Two-factor authentication: what it is and how it protects your organization
- Cybersecurity Risk Levels: Where do you draw the line?
- Managed IT vs. Managed Security vs. Compliance: What are the differences, and where do they overlap?