Did you know if you were to compare the money generated by cybercrime with the GDP of world nations, it would come third behind the economic powerhouses of America and China?
Cybercrime is one of the greatest dangers facing both individuals and companies today. By the end of 2021, the total cost [PDF] of online criminality is expected to reach $6 trillion globally – with that figure increasing to an incredible $10.5 trillion by 2025.
If you were to compare the money generated by cybercrime with the GDP of world nations, it would come third behind the economic powerhouses of America and China. Somewhat unbelievably, the revenue tallied through online crime makes it larger than the entire global drugs trade and bigger than the damage caused by natural disasters annually.
Why cybercrime has become such an issue
Ninety percent of the total data created in history has been made in the last two years and the latest figures suggest the world is now outputting an incredible 2.5 quintillion bytes of data per day (for reference, there are 18 zeros in a quintillion). Experts claim that data is now the world’s most valuable commodity – ahead of even traditional heavyweights like oil and gold.
As is always the way, where there’s money to be made, the criminals soon follow and data is no exception. From hacking private Facebook accounts to phishing attacks, malware, and MitM attacks, no business or individual is above the sights of the modern cybercriminal.
Worse yet, hackers are becoming increasingly sophisticated and devious in their tactics and are now even employing Artificial Intelligence (AI) and machine learning to automate intelligent attacks against users and companies.
The problems with complacency – particularly among business owners
Unfortunately, many company owners believe their firm to be too small or their income too low to be the target of hackers – however, the truth is quite the opposite. With many Small to Medium-sized Enterprises (SMEs) often taking a laxer approach to their online security compared to larger firms, they are becoming an increasingly tempting prospect for cybercriminals.
Sometimes, this reduced data protection is down to the perceived high costs of security but, more often, it’s simply down to complacency, leading to a huge surge in attacks against SMEs. Indeed, recent research found that one in five SMEs has fallen victim to a cyberattack – and, of them, 60% fail to survive as a result and end up going out of business.
Hackers don’t just attack businesses – individual users are a target, too
While it might be tempting to think hackers are only interested in big-time corporate attacks, their reach extends to personal users, too. Cybercrime is now a massive problem for individual users with the criminals using a vast range of tactics used to infiltrate private data – everything from credit card and financial fraud to ransomware attacks and identity theft.
Hackers are also employing different types of so-called social engineering attacks to trick users into revealing sensitive data. In 2020, phishing became the most common type of cybercrime as it is particularly effective against individual users.
Phishing sees the hacker take on the guise of a trusted and respected individual or business to gain the confidence of the user. In a typical phishing attack, the cybercriminal will contact the user through a branded email, designed to look like it came from a trusted source.
Often, they will directly ask for users to divulge private account details but, more commonly, they will redirect the individual to a similarly branded, mock website requiring them to input their account credentials.
The problems with existing rigid cybersecurity techniques
In the past, cybersecurity took a largely reactive approach to protection – more often than not by studying previous attacks then building rules and employing security measures to ensure the same attack couldn’t happen again. One example of this approach can be seen in Web Application Firewalls (WAFs), which are still widely in use today.
WAFs offer protection by identifying potentially malicious code then determining the best course of action to secure a system. However, the major issue with WAFs is that they need to be hard-coded and the rules are rigid, built on evidence from previous attacks that are then extended to isolate the signs of a future attack.
This reactive approach to online security meant that, in real terms, the hackers were always one step ahead and had the upper hand. It also led to frequent false positives and slowing down network operability.
How data science is helping in the fight against cybercriminals
With so much data already in existence, it might seem slightly unlikely that data science principles could be used to protect the data itself. However, by studying data and, in particular, the tools and tactics used by hackers, it’s possible to build a better picture of how cybercriminals have been able to infiltrate networks and gain access to sensitive data.
By then applying machine learning processes, it’s now possible to build protection mechanisms that are proactive rather than reactive, increasing the protection of networks and digital infrastructures.
Cybersecurity Data Science (CSDS) is a growing field within the overall online security sector and represents the merging of the two disciplines. CSDS brings a more scientific approach to the protection of data.
Experts with an online master of computer science in data science can first study previous attacks then build machine learning applications that can proactively identify threats. For example, these intelligent apps can use anomalous code detection to prevent a previously unknown type of attack from gaining access to a network.
Turning the protection idea on its head, these same machine learning apps can also be used to launch autonomous attacks against firewalls and other similar security mechanisms to identify potential backdoors or potential points of penetration.
There’s little doubting the dangers of cybercrime will continue to increase in coming years with hackers employing an even wider range of techniques to gain access to our private data with malicious intent. As online criminals increase their use of AI to launch these attacks, it seems only logical that cybersecurity firms will fight like with like and use data science and machine learning to stay one step ahead.
If you thought data science was just about crunching numbers and making forecasts, think again. In the future, it’s highly likely data science will be powering your firewall and antivirus protection – from both a business and personal perspective.