10 York Road

We conclude our cybercrime series, which has thus far looked at common cyber-attacks and how organisations can better protect themselves, by considering what lies in store. What are some of the threats on the horizon and how can businesses better prepare for the future?

We’ve discussed organisations suffering from cyber-attacks in the form of physical infrastructure, such as extorting data or money, but EY’s Megatrend report points to “synthetic media” as a cyber risk for businesses in the future. Described as “media content that is generated or altered by AI”, it may cause an issue for businesses, as information can be adapted without permission and presented as fact.

This in turn can have a negative impact on brand reputation, consumer trust, revenue, and stakeholder relations. Doctored content may be believed, frustrations around the inability to control the spread of incorrect information could rise, and stock prices driven down – all as a result of synthetic media or weaponised disinformation.

Within the synthetic media umbrella includes “deepfakes”, whereby AI uses deep learning to digitally alter videos – making anyone they want, say anything they like. High profile examples of deepfakes include Mark Zuckerberg boasting how he “owns users” and Obama calling Trump “a total and complete dipshit”. Deepfakes don’t just manipulate images or videos but can replicate voices too. The leader of a UK subsidiary of a German energy firm fell victim to this, being duped into paying nearly £200,000 into a Hungarian bank account, after being phoned by an imposter that replicated the German CEO’s voice.

Whilst deepfakes have yet to be carried out in high profile attacks in the private sector, it’s easy to see where the damage could lie. Altered videos of CEOs “admitting” to wrongdoing, or encouraging unwanted behaviour from customers, could all irreparably damage an organisation. Whilst technology is being developed to better protect organisations, such as digital watermarking and forensics, it’s an area that business need to be aware of in the future.

Planning how to mitigate the threat of synthetic media and educating customers in spotting incorrect information are just some of the tactics currently being deployed. But this will need to be much more sophisticated in the future, as cyber criminals continue to push security boundaries.

Cybersecurity experts predict that there will be a cyberattack incident every 11 seconds in 2021. This is four times the rate five years ago (every 40 seconds in 2016). And with financial damages from cybercrime expected to reach $6 trillion (£4.4 trillion) by the end of this year, demand for talent globally continues to be extremely competitive, as businesses seek better protection.

In a cyber security conference with top technology moguls, president Joe Biden said that half a million cybersecurity jobs remain unfilled – representing a significant challenge in keeping organisations and individuals safe from attack. Shortages are felt globally, with countries doing everything they can to attract talent. Currently Washington, Singapore and Germany rank as the top three places to live for cyber security jobs, taking into account salary, job availability and the cost of living.

Research by PwC and CBI finds that 70% of financial services firms plan to increase spend in IT – specifically in cybersecurity – with 87% saying they plan on upskilling staff. If businesses are to stay ahead in the war for cyber talent, upskilling internally and offering competitive packages for external hires will continue to remain crucial to operations.

“Data is the new oil” and businesses and governments will need to do more to protect their assets – building defensive and offensive capabilities. As geopolitical tensions worldwide increase, protecting data from cyber-attacks is becoming ever more important – therefore compliance and regulations for businesses will only become stricter.

Another prediction is that fines will become larger and prison sentences longer for breaches in data. Business intelligence firm Dun & Bradstreet were sanctioned for illegally obtaining personal information from 150 million Chinese citizens, with a corporate fine of one million renminbi (£115,000) and two years detention for four employees. As data becomes more precious to governments, greater sanctions will be issued to protect intelligence.

The world of technology moves at rapid pace, so whilst these predictions are relevant now – they can change very quickly. This is what businesses will have to contend with now and in the future, staying ahead of the relentless march of technology – with all of the opportunities and challenges it presents. By keeping an eye on future cyber trends, businesses can stay one step ahead of criminals, protecting some of their greatest assets.