In its latest report ‘The Future of Cybercrime & Security: Financial & Corporate Threats & Mitigation', Juniper Research predicts that the majority of these breaches will still come from existing IT and network infrastructure, with the number of mobile and Internet of Things attacks expected to be “minimal" in comparison to more traditional computing devices.
"Currently, we aren't seeing much dangerous mobile or IoT malware because it's not profitable", said report author James Moar.
"The kind of threats we will see on these devices will be either ransomware, with consumers' devices locked down until they pay the hackers to use their devices, or as part of botnets, where processing power is harnessed as part of a more lucrative hack. With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools."
On mobile, the group said that the relative lack of mobile malware, as detailed in recent reports, was down to “a combination of limited profitability for cyber-criminals (with no guarantee of valuable details through the hack) and the need to develop a sophisticated understanding of mobile software, which is still relatively new and evolving at a much faster rate than that observed for desktop PCs”.
The report further notes cyber-crime is becoming increasingly professional, with the emergence of cyber-crime products (like the sale of malware creation software) over the past year, and interesting believes that there is a decline in casual, activist hacks.
“Hacktivism has become more successful and less prolific – in future, Juniper expects fewer attacks overall, but more successful ones,” reads the report.
Other key findings include that almost 60 percent of anticipated data breaches worldwide in 2015 will occur in North, although this will decrease over time as other countries become richer and more digitised, while the average cost of a breach will exceed US$ 150 million (£95.7 million) by 2020, as more business infrastructure gets connected.
Juniper currently estimates the globe average cost of a cyber-crime attack to be US$ 6 million (£3.82 million), although higher in North America and Western Europe.
Neil Thacker, information security and strategy officer at Websense, told SCMagazineUK.com: “Data is and will continue to be the commodity item on the underground markets and Crime-as-a-Service (CaaS) is the business model the majority of cyber-criminals use.
"The value of data, including personal identifiable information (PII) is set to rocket as more services rely on the controlling and processing of this data. Compromising connected IoT sensors that monitor and model behaviour is a valuable target to cyber criminals. Selling sensor data and the business intelligence from corporate sensor information will be a future target, if not already."
Dafydd Stuttard, creator of the web security testing software Burp Suite and founder of UK start-up PortSwigger Web Security, told SC that data breaches would likely continue, but disputed the analyst firm's reason for low mobile device infections.
“The current low incidence of mobile device infection is probably due more to technical barriers than to lack of potential profitability,” he said via email. “Mobile platforms are inherently more restrictive than desktop computers, but the widespread use of applications like mobile banking probably means that mobile devices will be increasingly targeted by skilled attackers.
“In the medium term, the Internet of Things is also likely to present a much more important target for attacks than currently, due to widespread adoption, lack of software security updates, hugely increased capabilities, and inter-connectedness with systems that are already being targeted.”