The only constants in the cyberspace world are hacks and even more hacks. The past few years have seen businesses spend an average of $150 billion annually in an attempt to prevent hackers, but attacks continue and are too often successful. Even major corporations have been helpless against hacking, including the likes of Microsoft, Nvidia, Uber, and Rockstar Games; the latter two were allegedly hacked by an enthusiastic 17-year-old in London.

While major hacks are expected to continue this year and beyond, here are our predicted cybersecurity trends:

The spread of ransomware

Ransomware is a type of malware that uses encryption to lock down sensitive data, and demands payment in exchange for its release. When ransomware infects a company’s database or file servers, it can quickly shut down operations across the board. Additionally, as cloud-based servers and solutions grow in popularity, ransomware has become a more serious threat, resulting in billions in annual losses for businesses and public institutions. Each victory for the hackers represents a windfall for cybercriminals — money that can then be used to invest in new attacks.

Ransomware attacks are by no means limited to businesses, hospitals, and schools; government agencies in Costa Rica, Montenegro, and Albania have also been hit hard in recent years. The first national emergency to be declared in the wake of a ransomware attack occurred in Costa Rica last May. Another first in the field of cybersecurity involved the expulsion of Iranian diplomats from Albania, following a damaging ransomware attack just two months later.

Ransomware experts warn that the number of attacks of this type reached an all-time high in 2022, and is only expected to rise further in 2023. Moreover, ransomware has geopolitical implications that go beyond petty data theft. North Korea’s ransomware, called WannaCry, disrupted the United Kingdom’s National Health System as well as an estimated 230,000 computers worldwide. Cybercriminals have gone as far as spreading malware and ransomware via charging stations, a practice known as “juice jacking“, prompting the FBI to issue warnings across the United States.

Over time, however, the ransomware industry may become a victim of its own success. As criminal organizations merge and grow, governments and international intelligence agencies could have an easier time identifying and neutralizing them. Still, even in that optimistic scenario, cybercriminals would be able to do a great deal of damage by the time they are caught.

Crypto theft

The complex and decentralized nature of the cryptocurrency world makes it difficult for regulators and law enforcement personnel to identify perpetrators or enable victims of crypto theft to recover their funds. For this reason, cybercriminals find crypto theft very appealing, as there are numerous methods of siphoning and transferring funds while leaving no trace. As long as cryptocurrencies are in flux between established markets, P2P trading, and freebies, hackers will continue to target the sector.

In 2022, cryptocurrencies flowed not only from ransomware victims to hackers, but also directly out of crypto projects and Web3 businesses. According to Chainalysis, a company that tracks blockchains, hackers stole at least $3 billion worth of cryptocurrency in 2022, making such hacks a mainstream phenomenon for the first time. With more than a hundred major victims in the crypto world already, websites and Twitter accounts have sprung up to keep tabs on the seemingly daily hacks.

Among the most notable of these was the hack on the Nomad protocol, in which a hacker exploited a loophole to steal money. Since most of the hacker’s transactions were visible to the public, netizens (internet citizens) followed suit by copying and pasting the same exploit, resulting in the first decentralized crypto robbery in history.

Although similar instances of crypto theft are expected to continue in the years to come, the good news is that a new wave of cybersecurity experts are making their entry into the crypto landscape. They aim to provide the necessary tools and infrastructure to ensure security and resilience, resulting in a new and lucrative market based on crypto-based cybersecurity.

The blessing and curse of artificial intelligence and machine learning

The speed with which artificial intelligence (AI) and machine learning (ML) are advancing and being adopted by businesses is both exciting and unnerving. On the bright side, there will be significant advancements in areas like cybersecurity and healthcare. Unfortunately, AI will also spur new forms of cybercrime, and malicious actors may be able to train ML models to commit crimes as well.

Personal data handling is a major concern when it comes to privacy and security in AI. Data collected and processed by AI systems carries the potential risk of being improperly handled or leaked. The disclosure of such information could put the public at risk of identity theft, financial fraud, and other forms of abuse.

The risk that AI systems will be hacked or manipulated is another issue of concern to the general public. As AI systems become more complex and autonomous, they will become increasingly targeted by cyberattacks. Successful attacks of this type could allow malicious actors to take control of the AI system, or even copy ML models to be used for the siphoning of personal information, resulting in damage to individuals or society as a whole.

Furthermore, with the likely proliferation of sophisticated cyberattacks on national infrastructure and private companies, data security measures will see a shift in focus. Whereas previous security efforts were primarily about keeping data private, future efforts may also need to involve safeguarding its authenticity and provenance.

At present, there is a lack of clarity in how governments, companies, or communities will ensure that AI and other technology-based systems are built, deployed, and monitored safely and ethically — and there is no clear forum from which that guidance will come. While the regulation of AI development remains a gray area, the US and EU governments are proactively engaging in separate discussions to establish a regulatory framework governing the development of AI. The EU is currently pushing towards an Artificial Intelligence Act that will limit the use of AI for CV-scanning and social scoring, whereas the US has thus far left AI development relatively unregulated.

Looking ahead

In the future, governments will play an important role as both buyers and investors in digital or IT-related technology, while also developing necessary cybersecurity regulations. However, concerns have arisen regarding the blurring roles of government and private corporations in such efforts. Digital sovereignty issues also arise where governments rely on private companies to assist in the detection and prevention of cyberattacks.

Furthermore, since cybersecurity laws and regulations differ across the globe, particularly in terms of privacy rights, businesses may struggle to meet these divergent regulatory requirements. It remains to be seen whether new security tools will gain the upper hand moving forward, or whether the world of data will continue to resemble a cyber Wild West in which public, private, and non-state actors will endlessly engage in whack-a-mole competitions while attempting to establish a social and legal contract that governs data access for all.