Global cybercrime damage: A cause for alarm
THE projected cost of cybercrime is predicted to grow from $3 trillion in 2015 to $10.5 trillion in 2025, according to Cybersecurity Ventures. Its Cybercrime Report enumerates “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm” as cybercrime costs.
While cyberspace offers expansive opportunities for various sectors, it also comes with critical vulnerabilities. An organization’s information network and technology are constantly at risk from a variety of bad cyber actors. Some of these malicious entities are profit-driven, particularly in the areas of identity theft and other types of financial cybercrime. Europol reports that online investment fraud is on the rise, as identified by law enforcement agencies and financial services, causing substantial financial losses and impacting numerous victims across Europe.
However, cybercrime extends beyond being a purely economic problem. It is a massive threat to a country’s national security. Cyber threats also come from nation-states and other entities that seek to exploit information to gain an advantage over other countries. They might seek to access sensitive data, such as confidential military documents or foreign policies, for political reasons or economic advantage.
Cybercrime could also create lucrative illicit funding streams that are difficult to attribute to any organization or state. Moreover, proceeds from these illegal activities can be used to fuel terrorism.
Notably, cyber insecurity ranks as the fourth most severe global risk over a two-year period, according to the 2024 Global Risks Report by the World Economic Forum. Cyber insecurity refers to the use of cyber weapons and tools to conduct cyberwarfare, cyberespionage, and cybercrime to gain control over a digital presence and/or cause operational disruption.
To add, based on a research paper published by Trend Micro Research, “criminals are likely to make use of AI (artificial intelligence) to facilitate and improve their attacks by maximizing opportunities for profit within a shorter period, exploiting more victims, and creating new, innovative criminal business models — all the while reducing their chances of being caught.”
The rampant usage of “AI-asa-service” nowadays enables less skilled individuals or those with no technical expertise to conduct sophisticated attacks, which will further widen the threat landscape. The potential for AI to be abused by cybercriminals and for it to become a driver of future crimes is a prime example of the downside of technological evolution.
In the Philippines, the Philippine National Police Anti-Cybercrime Group (PNP ACG) reported 21,300 complaints in 2023, with attacks targeting government websites being particularly prevalent. A total of 2,999 cases of cyber identity theft were reported last year, a 12.2-percent increase from 2022.
In response to the recent hacking attempts of the Overseas Workers Welfare Administration (OWWA) website in January, the Senate issued a press release strongly condemning the attacks. These escalating incidents underscore the boldness and persistence of cyberattacks in the country.
Mitigating the threats against modern ransomware, social engineering, crypto crime, and the level of state-sponsored attacks requires a multi-layered defense strategy that includes round-the-clock security monitoring, visibility, and coverage over the entire attack surface and an incident response plan in the event of a successful attack.
The National Institute of Standards and Technology (NIST) cybersecurity framework provides five easy-to-remember strategies to help organizations prevent and recover from cyberattacks: “Identify, Protect, Detect, Respond, and Recover.” Organizations should have a plan for notifying customers, employees, and others whose data may be at risk; keeping business operations up and running; reporting the attack to law enforcement and other authorities as appropriate; investigating and containing an attack; updating cybersecurity policies and plans with lessons learned; and preparing for inadvertent events that may put data at risk.
When cybersecurity efforts are solely focused on guarding access to account-based information and not monitoring what users do afterward, organizations are vulnerable to several forms of attack. We need to constantly remind ourselves that
nothing is secured in cyberspace. No amount of money, technology or hardware can provide complete protection from cyberattacks, especially if the weak link in the cybersecurity chain is your people. Creating a human firewall still remains one of an organization’s best defenses in a global war against cybercrime.
Web Ebio is a senior managing consultant at P&A Grant Thornton. One of the leading audit, tax, advisory, and outsourcing firms in the Philippines, P&A Grant Thornton is composed of 29 partners and 1,500 staff members. We’d like to hear from you! Tweet us at @GrantThorntonPH, like us on Facebook at P&A Grant Thornton, and email your comments to pagrantthornton@ph.gt.com. For more information, visit our website at www. grantthornton.com.ph.