New technologies will enable an expanded set of cyberthreats, and by 2020 cybercrime will become a key driver shaping how the Internet is governed, how data is used and stored, and how countries, companies, and consumers engage with each other in cyberspace.
These are among the key conclusions of “Project 2020: Scenarios for the Future of Cybercrime,” a study by the International Cyber Security Protection Alliance (ICSPA), a global nonprofit concerned with cybercrime, in collaboration with Europol, the EU’s law enforcement agency.
Project 2020 was initiated to understand the future of cybercrime and to help businesses, governments, and citizens prepare. It includes three well-constructed scenarios that illustrate what cybercrime and its impacts on the broader world could look like in 2020.
3 DRIVERS OF CYBERCRIME
Certain key trends will shape the future of cybercrime:
- Outsourcing of data storage and processing, which makes data more vulnerable by putting it in the cloud
- Third-party control of consumers’ personal data
- Aggregation of data in large datasets, which makes breaches more rewarding for cybercriminals
Cybercrime can be broken down into the following main categories:
- Online sales of counterfeit digital or physical items
- Monetary benefit, such as credit card breaches
- Manipulation of information or networks
- Data destruction
- Abuse of processing power
- Evasion tools and techniques
3 EMERGING THREATS
Many cybercrimes in 2020 will build on today’s challenges and threats (see sidebar, “Types of Cyberthreats”). However, new technologies will also enable new categories of cyberthreats.
- Physical harm from cyber-attacks. Threats to critical infrastructure, networked medical devices and implants, the Internet of things (e.g., networked vehicles or household appliances), and large datacenters (such as those maintained by Google and Amazon.com) will trigger offline destruction and physical harm.
- Psychological harm from cyber-attacks. Some cybercrimes will aim for psychological harm; e.g., via identity theft, reputation manipulation, hijacking of avatars, or scrambling mood-management apps.
- Physical attacks. Physical attacks on datacenters and Internet exchanges could become an issue. For instance, governments and large companies maintain massive datacenters housing thousands of servers in closely guarded locations, and these could suffer bombings or other physical attacks.
Based on the trends and drivers, challenges, and emerging threats outlined above, ICSPA has developed three scenarios for how cybercrime could plausibly look in 2020. The scenarios address the future from three perspectives: citizen, business, and government. Two assumptions underlie all of the scenarios:
- Mobile wireless Internet will be globally available in 2020 (even if it has fragmented along national or regional lines; see GL-2013-37: Wildcard—The Splinter Net for more on this).
- The current overarching dynamic of change, in which technology and the market economy lead, geopolitics and legislation follow, will persist.
Scenario 1. Citizen perspective — Kinuko
Scenario 2. Business perspective — Xinesys and Lakoocha
Scenario 3. Government perspective — South Sylvania
3 BUSINESS IMPLICATIONS
- Project 2020 offers a valuable resource for enterprises seeking to prepare for the future of cybercrime. With plausible, well- designed forecasts and scenarios, it may be useful as an input to strategy. Companies would do well to heed the key takeaways.
- If cybercrime escalates as much as ICSPA projects, the forecast that companies, countries, and consumers may all someday be judged on their “digital hygiene” (i.e., their cybersecurity policies and practices) is a credible one. High-profile breaches like the one Target experienced in December 2013 will reinforce this likelihood. For companies, the results will cut both ways.
- Current models of IP protection seem clearly unsustainable under the pressure from open/ collaborative digital environments, but the question is how to maintain security and profits in a more open world. ICSPA argues that “a major transition from absolute to conditional IP” is possible—but will be highly disruptive while it is occurring. In the worst case, governments could adopt divergent and incompatible policies around IP. This Gordian knot may still be unresolved by 2020, with most global enterprises watching and hedging their bets on how it will play out.