Predicting the future of cybercrime has never been easy.
That’s why—instead of trying to do it ourselves—we’ve enlisted the help of a true industry veteran to do it for us.
This article is the final part of a series summarizing the findings of our new report:
Today, we’ll hear from Dan Schaupner on where he sees cybercrime heading over the next decade.
Who is Dan Schaupner?
Currently Head of Digital Security Consulting, US, at Atos, Dan is lifelong security engineer, cloud architect, and cybersecurity consultant.
Dan’s team advises large enterprises on cybersecurity and risk management, identifies gaps in their programs, and designs, tests, and implements new security architectures.
From here, we’ll pass over to Dan to give his predictions, worries, and top tip for cybersecurity teams.
Dan’s Predictions for the Future of Cybercrime
- Malicious insiders are a serious threat.
Our data shows insiders are already a big problem, and I don’t expect that to change.
In particular, organizations should be concerned about individuals that have extensive access, technical skills, and a deep enough understanding of business systems to allow them to act on criminal objectives such as committing fraud. The solution has to be tight internal processes, controls, and access, as, by definition, these attacks can’t be prevented any other way. - There will be (even more) issues with application security.
It’s no secret that codebases at many organizations are extremely bloated, making it tough to distinguish legitimate functionality from malicious activity. This is partly a factor of continuous rapid development over years, but it’s also due to bloat in commonly used libraries, binaries, and other dependencies.
The longer this goes unchecked, the greater the application security risk organizations will face, and it’s not an easy problem to solve. The first step is to maintain a current Software Bill of Materials (SBOM), but it’s going to be a long road. - Threats and patterns will remain roughly the same.
I’m fairly confident about this because defenders already have the odds stacked against them trying to protect IT environments that constantly grow in size and complexity.
Over time, organizations’ attack surfaces are becoming broader and more heterogeneous, and I see this as the number one threat to enterprise cybersecurity. Until we have a solution to protect such diverse IT environments, there won’t be much impetus for cybercriminals to develop significantly different tools or techniques. - There will be more cloud attacks.
In line with my last prediction, cybercriminals will continue to go after the softest targets. Right now, that’s cloud environments, and I believe that will continue to be true for several years. Whenever organizations adopt new technologies, there’s always a cybersecurity gap to be bridged, and that takes time, so the latest additions are always a tempting target for cybercriminals.
What Keeps Dan Up at Night?
My biggest worry is that one of the major hyperscalers will be hit.
Organizations put a lot of trust in these companies, and while they definitely have outstanding cybersecurity programs, nobody is infallible. I don’t believe a criminal group could do it, but if a nation-state had enough motivation, they might be able to. If successful, it would give them massive control, and the ramifications would be unprecedented.
Dan’s Top Tip for Defenders
It seems counterintuitive, but organizations need to be more comfortable with data leaving their network. If you don’t enable users to share data with external parties securely, they’ll do it anyway, and you’ll have zero control. Finding secure ways to enable a wider distributed information profile will be crucial over the next few years.
Final Thoughts: Is Spending Too Much Harming Your Security Outcomes?
“Many organizations are spending more on cybersecurity than they need to. Complicated security stacks usually have lots of overlapping capabilities, and the complexity it creates harms their ability to work efficiently. Although it runs against the tide, my team often recommends customers simplify their stacks to reduce cyber risk.”
— Dan Schaupner, Head of Digital Security Consulting, US, Atos
Get the Full Cybercrime Story
A cybercrime report could be anything from one page to a hundred pages long. As simple as saying, “Cybercriminals go where the money is,” or as complicated as digital forensics and malware analysis.
In our new report, we’ve striven for a happy medium that gives insight into current, past, and possible future cybercrime trends without getting bogged down in unnecessary details. We’ve also included the most important steps to protect against cybercrime over the next decade.
Download the report to learn:
- The two BIG exceptions to financially motivated cybercrime and why they’re so common.
- Why DDoS and destructive malware are so popular with hacktivists, script kiddies, military units, and state-sponsored hacking groups.
- Why statistics don’t tell the whole story regarding internal vs. external attacks—and why that matters when designing a risk-based cybersecurity program.
