Technological developments and the future of cybercrime

Skull hologram on modern computer background, cybercrime and hacking concept, photo by Igor/Adobe Stock

Igor/Adobe Stock

To prepare for and mitigate the impact of emerging technologies on cybercrime, Estonia could consider broad anti-cybercrime capacity building; seek legal, regulatory and organisational agility; and invest in technological expertise, skills and research.

What is the issue?

Digital systems and Information Communication Technology (ICT) have become critical in all areas of economic activity in Europe and beyond. Access to the internet and an uninterrupted flow of information now underpins many businesses and the day-to-day functioning of societies.

Cybersecurity incidents, either intentional or accidental, can therefore severely disrupt essential services as well as economic and societal activities. One significant and growing threat to digital systems and to the secure functioning of digital institutions and economies is cybercrime.

How did we help?

RAND Europe was commissioned by the European Commission Structural Reform Support Service (DG REFORM), by request of the Government of Estonia, to conduct an analysis of future technologies and identify those which could have an impact on cybercrime.

Using an approach leveraging horizon scanning, desk research, expert interviews and serious gaming, the study looked at the effects that technological change may have on cybercrime and identified possible ways for preventing future technologies from being exploited by criminals.

What did we learn?

Researchers identified seven new and emerging technology clusters expected to have a significant impact on cybercrime over the next decade:

  • Artificial Intelligence/Machine Learning
    AI and machine learning could increase the automation, speed, frequency and efficiency of attacks, as well as the potential for tailored attacks targeting specific groups. From a cybersecurity perspective, they could also increase the speed of cyber detection, prevention and recovery systems.

  • Autonomous Devices and Systems
    Autonomous systems could be used to carry out disguised criminal acts, develop new operation methods for criminals, or conduct large-scale and automated attacks. They may also increase the complexity of forensic investigations and make it harder to identify the source of crimes caused by autonomous devices.

  • Computing and Data Storage Technologies
    The development and increasing use of computing and data storage technologies could be exploited by criminals to gain access to and disseminate non-consensual recordings and illicit data.

  • Telecommunication Infrastructure
    Technological advances could be used to enhance the anonymity, speed and capacity of criminal activities or to steal personal and sensitive data. Telecommunication infrastructure could also be targeted to cause large-scale disruption.

  • Internet of Things (IoT)
    Growing volumes of data collected by IoT devices could become vulnerable to theft, corruption, destruction, extortion, or sale. IoT devices are also likely to increase the scope of attacks for cyber-dependent crimes and introduce new vulnerabilities in complex IT systems and environments.

  • Privacy-Enhancing Technologies (PETs)
    PETs could be exploited by malicious actors to pursue illicit activities anonymously and secretly, making it increasingly difficult to detect, monitor and investigate criminal activity. PETs could also be targeted by malicious actors to access confidential or private information.

  • Blockchain and Distributed Ledger Technologies (DLTs)
    As transactions become digitalised and processed through DLTs, these could be manipulated for malicious purposes such as preventing transactions from being processed. DLTs could also be used to store disruptive or inappropriate content that could become difficult to remove.

Additional technology clusters were identified but excluded from the main analysis. This was due to their being perceived by experts and stakeholders as comparatively less relevant to cybercrime, or only likely to come to large-scale fruition outside the timeframe of this study.

What do we recommend?

  1. Pursue broad anti-cybercrime capacity building in light of technological development
    Strengthen the overall cybersecurity resilience of Estonia through awareness, education and capacity building.

  2. Seek legal, regulatory and organisational agility
    Prepare the Estonian legal, regulatory and organisational environment to adequately respond to cybercrime challenges resulting from technological change.

  3. Invest in technologies relevant to the Estonian context
    Ensure that Estonia has sufficient technological expertise, skills and research in relation to high-priority emerging technologies.