New cybersecurity measures do not completely stop crime – they only slow it down. This is because cybercriminals are always adapting to overcome companies’ defences, meaning firms need to constantly stay two steps ahead. Exploring what moves will take place this year, Experian, the financial information and services company has released its ’11th annual Data Breach Industry Forecast’.
Experian has identified six ways that cybercriminals are expected to act following a relatively ‘successful’ 2023. Speaking on the findings, Michael Bruemmer, vice president, global data breach resolution at Experian said: “Cybercriminals are continually working smarter, not harder. They are leveraging new technologies like artificial intelligence. Furthermore, they are applying their talents in different ways to be more strategic and stay a step ahead.
“Organisations should not ignore even the slightest security abnormalities. They must be more aware of what global interests may make them a target.”
Six degrees of separation
There’s no question third-party data breaches have made headlines. With increased data collection, storage and movement there are plenty of partners down the supply chain that could be targeted. Experian predicts attacks on systems four, five or six degrees from the original source. Especially as vendors outsource data and technology solutions who outsource to other experts and so on.
Little by little becomes a lot
When trying to achieve a goal, it’s said that taking small steps can lead to big results. Hackers could apply that same rule. Instead of making drastic moves and trying to reap instant reward such as with ransomware, bad actors may just manipulate or alter the tiniest bits of data to stay under the radar such as changing a currency rate or adjusting the coordinates for transportation, which can have a major impact.
Not a third-wheel
It’s widely known who the major players are globally that sponsor attacks and a new country in South Asia may join the international stage with their large population of engineers and programmers. While reportedly having been in the game focusing on cyberattacks regionally due to political tensions, this country may broaden their sights in the future.
No, not Mother Earth!
Plutonium, terbium, silicon wafers — these rare earth materials that are the building blocks for today’s hardware are rapidly becoming the most sought-after resources on the planet. Any disruption to an already strained supply chain could send the industry (and the economy that relies on these materials) spinning. This presents an intriguing opportunity for hackers, or nation-states wanting to corner a market or disrupt an enemy’s economy.
The scarface effect
Like drug cartels, cybergangs are forming sophisticated organisations as joining like-minded actors can be incredibly advantageous. This spans globally with countries potentially helping each other to advance common goals and interests. We’ll see more hackers for trade, crews looking to expand their monopolies, and cyberwarfare alliances.
Winning from the inside
In 2024, we may see enterprising threat actors target more publicly traded companies. In doing so they will gain insights to cheat the stock market. Or alternatively, plan their attacks and sell their stash before value nosedives. Rather than breach an organisation and play in the underground with stolen data, threat actors could leverage data extraction and their talents in plain sight as everyday investors.
“Today, perpetrators can come from anywhere in the world and bring with them robust resources and expertise,” added Jim Steven, head of crisis and data response services at Experian Global Data Breach Resolution in the United Kingdom. “There are many global crime syndicates and nation-backed operations. Therefore, companies need to invest in sophisticated prevention and response methods to protect themselves.”