Nov 13, 2015

The Future of Cybercrime – A Point of View

Prakash Santhana photoBy Guest Blogger Prakash Santhana | Deloitte Transactions and Business Analytics LLP

Now that we are accustomed to malware, phishing attacks, and hacking, what can we expect from cybercrime in the future? Will we see the same trends and patterns of attacks, or is there a possibility that we will witness something new and insidious? Would it be driven by for-profit cybercriminals or state-sponsored groups?

Here are five areas that could have a big impact on the future of cybercrime:

  1. Currently, the United States is undergoing a change in the way we make credit card payments at a physical location. The introduction of EMV (Chip & PIN) provides additional levels of security to help reduce fraud related to card account compromises. As Chip cards cannot be cloned and magnetic stripe transactions will likely decline, magnetic stripe data will no longer be valuable. Many card security compromises associated with retailers will likely disappear over time. Cyber criminals may shift their focus to online and mobile transactions in areas such as online account takeover and compromises of a retailer’s online portal. Phishing attacks may increase as a result.

  2. State-sponsored cyber espionage activity will likely escalate until companies deploy National Institute of Standards and Technology (NIST) cyber security measures. Federal agencies, such as the SEC, may mandate cyber security measures and compliance disclosures in an entity’s 10-K or 10-Q across a wide range of industries. With these disclosures, the risk of noncompliance by an entity could have an impact on its market capitalization. This material impact could hasten compliance across all industries and sectors, and might significantly decrease the impact of cyber espionage.

  3. Globally, many mobile network operators are launching mobile financial services (MFS) for the unbanked and underbanked. Financial inclusion is the goal in many countries in the underdeveloped world, and MFS provides a good platform to reach the unbanked because of the ubiquity of mobile phones. Mobile phones, however are vulnerable to cyber hacks or in-app attacks. Additionally, most MFS implementations involve an ecosystem of agents, merchants, and customers, and there is the added complexity of satisfying Know Your Customer requirements across these three entities in many countries. As such, they are likely to attract cybercriminals and organized crime around the world.

  4. The Internet-of-things (IoT) relates to any Internet-connected device capable of interacting via the Internet. For example, webcams, Internet-connected thermostats, and industrial sensors that are capable of being monitored remotely via the Internet are common examples of IoT devices. It is expected that the market for these devices will grow by 40 percent each year, and that the total number of devices will exceed 25 billion by 20201.The emergence of a virtual network of IoT devices collecting, processing, and analyzing  the context of information and data will impact day-to-day life, as well as provide enhanced productivity. Many of these devices may contain or transmit Personally Identifiable Information data, payment data, and other sensitive data. This makes them attractive targets for cyber criminals and state-sponsored groups.

  5. The innovation that brought us Bitcoins is poised to revolutionize the financial industry. Cryptocurrencies run on a framework called the blockchain. The general purpose of the blockchain is to create an encrypted distributed ledger of all transactions and provide a copy of the ledger to anyone participating in the system. Updating the ledger happens via a process called mining or consensus. The ultimate goal of the blockchain is to allow for an irrevocable transfer of value between any two entities anywhere in the world. Cryptocurrencies provide anonymity of a user but not anonymity of transactions. As a consequence of the user anonymity, cryptocurrencies have been used by criminals for money laundering and to purchase illicit goods. Sanctioned regimes have shown interest in cryptocurrencies as they can bypass mainstream payment networks. Regulations are being introduced in many countries to thwart such illicit activities.

Recent innovation in the cryptocurrency framework now provides for a complete programming language on top of the distributed ledger, which allows the blockchain to hold contracts. As an example, an escrow account contract could be created on the blockchain that would release the funds in the escrow to the receiving party when that party satisfies some condition. This ability to embed a self-enforcing contract in the blockchain, also known as Smart Contracts, can be exploited to create myriad applications within financial services. However, such contracts could also be used to perpetrate calling card crimes. For example, a contract created by a criminal could contain the objective of the crime to be committed and the money tied to the escrow account attached to the contract. Anyone wishing to win this money may sign up with the contract. Upon independent validation that the crime has been committed by the news media, the contract can automatically release the escrow account to the perpetrator.

As we learn to exploit innovations for improved productivity, lower transactional cost, and ease of use, cybercriminals will continue to exploit associated vulnerabilities to their advantage. As these innovations are widely adopted, more transactions and environments become susceptible to cyber attacks. The complexity and the interconnectedness of these technologies will impact downstream systems. As a result, we are likely to see an increasing trend in cybercrime.

Anticipating and mitigating these threats and crimes will rely on becoming secure, vigilant, and resilient. Security embeds the controls to guard against known or emerging threats. Vigilance utilizes technology and analytics to detect malicious or unauthorized activity. Resilience requires a plan of action to minimize the impact and recover quickly if a cyberattack were to happen. It is imperative for any enterprise to start planning and investing in these three areas to stay on top of what may occur in the future.

Explore the current landscape of cybercrime and much more at this year’s Accounting and Auditing Conference in Malvern on Dec. 7. Register today to save your seat at www.picpa.org/aac.

[1] Gartner, IDC, BI Intelligence, and Intel

Leave a comment

Topic Suggestions
Have a suggestion for a topic? Want to be a guest blogger or speaker?

Let us know! Fill out this form.
Follow @PaCPAs on Twitter