Past is prologue: The evolution of cybercrime informs the future of cybersecurity
February 26, 2026 | 5 minute read
Key takeaways:
- Cybercriminals continually shift tactics in response to improved corporate defenses.
- Businesses and users must proactively adapt to stay ahead of emerging threats.
- Companies must monitor emerging threats, invest in adaptive security strategies and foster a culture of vigilance to future-proof defenses.
Cybercrime has remained a persistent threat for businesses large and small, despite continual enhancements in security defenses and practices. Cybercriminals are adept at adapting their tactics to exploit new vulnerabilities in the ever-evolving threat landscape. However, understanding past shifts in cybercriminal behavior helps businesses anticipate future threats, including those involving artificial intelligence (AI) and quantum computing.
Here are some key ways the landscape has evolved:
Cybercrime is now a big business
Gone are the days of the lone wolf — self-taught hackers who compromised systems just to satisfy their egos and show off capabilities. Cybercriminals have become increasingly sophisticated in how they identify targets and execute attacks. Moreover, state-sponsored attackers and criminal ecosystems are collaborating more closely, and for many attackers, this is a full-time profession.
As law enforcement and victim organizations have implemented measures to battle cybercrime, criminals have pivoted to using new techniques. Examples include the following:
Hackers exploited magnetic credit card data to create fakes until the payments industry introduced cards embedded with chips to combat credit card fraud.
When chip-enabled credit and debit cards and online security codes reduced the value of stolen card data, cybercriminals shifted to ransomware.
Ransomware attacks surged with the rise of cryptocurrencies such as Bitcoin, which enabled anonymous, cross-border payments and made it harder to trace illicit transactions.
As businesses adopted backup strategies to avoid ransom payments, attackers began stealing and disabling critical data, threatening to leak or sell it unless their demands are met.
With stronger technical defenses in place, attackers turned to social engineering — manipulating users or administrators to gain access.
As companies got better at mitigating social engineering techniques, cybercriminals began using AI-driven tactics more convincingly, including deepfakes, to gain access to essential data and systems.
As businesses improved their cybersecurity, cybercriminals increasingly started to target third-party vendors, such as software providers or contractors, to exploit indirect access to secure networks.
This game of cat and mouse should endure for the foreseeable future, as cybercriminals adapt to security improvements and employ advanced technologies like generative AI. Understanding how these attacks evolve helps businesses anticipate and counter future threats.
Easily detected malware may become a thing of the past
Hackers are caught when they use coding and techniques that trigger red flags in detection systems. Attackers now exploit legitimate administrative tools already present on systems or networks. Called “living off the land,” this technique helps them operate under the radar of detection systems.
Encryption and compression tactics are here to stay
Attackers aren’t just disabling data and systems to block access to them; they’re also encrypting and compressing stolen data to avoid detection. These techniques obscure data exfiltration and complicate forensic analysis.
How companies can defend themselves against emerging threats
With cybercriminals constantly evolving their techniques, businesses and users can’t be complacent. They, too, must transform their defenses and practices to keep pace or, ideally, move a step ahead of the criminals.
Train workers to spot the latest scams
Constantly update your employee training to reflect emerging threats. Cultivate awareness among workers by distributing samples of deepfake audio and videos to build awareness of realistic deception tactics. Ensure employees know about policies and processes on how to respond to suspicious communications.
Commit to multifactor authentication
Enforce the use of unique and strong passwords for every account and deploy multifactor authentication to block unauthorized access.
Patch software vulnerabilities
Staying on top of software updates and patches closes known vulnerabilities often exploited in attacks.
Segment your networks
Segmenting critical data and systems from everyday business networks can prevent a simple breach from becoming a catastrophic one. Limit access to critical systems and data to only those who need it.
Purge legacy systems
Legacy systems often lack updates and provide easy entry points for cybercriminals. Audit your network and remove unused systems and accounts.
Regularly back up data and practice recovery process
Effective offline backups and recovery tools are key to fast ransomware recovery. Establish protocols that back up data daily or weekly (depending on the volume of new data you produce and your capacity to withstand data loss). Store backups offline to prevent malware access. Practice restoring from backups once or twice a year, so everyone involved understands the time and tools it will take to resume operation of your business.
The threat landscape is dynamic and constantly evolving, and businesses must adapt to stay ahead. Attackers frequently shift their tactics searching for unrecognized vulnerabilities, making proactive defense essential. Staying ahead means more than reacting to incidents. Rather, it requires anticipating how adversaries will innovate next. By understanding how attackers operated and pivoted in the past, businesses can monitor emerging techniques, invest in adaptive security strategies and foster a culture of vigilance.
Security & Information Management
Phishing. Vishing. Smishing. Keeping up with threats from scams, fraud and cyberattacks is difficult. Our resources and insights can help you protect your company and customers.
Important Disclosures and Information
Bank of America, Merrill, their affiliates and advisors do not provide legal, tax or accounting advice. Consult your own legal and/or tax advisors before making any financial decisions. Any informational materials provided are for your discussion or review purposes only. The content on the Center for Business Empowerment (including, without limitations, third party and any Bank of America content) is provided “as is” and carries no express or implied warranties, or promise or guaranty of success. Bank of America does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content, regardless of who originates that content, and disclaims the same to the extent allowable by law. All third party trademarks, service marks, trade names and logos referenced in this material are the property of their respective owners. Bank of America does not deliver and is not responsible for the products, services or performance of any third party.
Not all materials on the Center for Business Empowerment will be available in Spanish.
Certain links may direct you away from Bank of America to unaffiliated sites. Bank of America has not been involved in the preparation of the content supplied at unaffiliated sites and does not guarantee or assume any responsibility for their content. When you visit these sites, you are agreeing to all of their terms of use, including their privacy and security policies.
Credit cards, credit lines and loans are subject to credit approval and creditworthiness. Some restrictions may apply.
Merrill Lynch, Pierce, Fenner & Smith Incorporated (also referred to as “MLPF&S” or “Merrill”) makes available certain investment products sponsored, managed, distributed or provided by companies that are affiliates of Bank of America Corporation (“BofA Corp.”). MLPF&S is a registered broker-dealer, registered investment adviser, Member SIPC, and a wholly owned subsidiary of BofA Corp.
Banking products are provided by Bank of America, N.A., and affiliated banks, Members FDIC, and wholly owned subsidiaries of BofA Corp.
“Bank of America” and “BofA Securities” are the marketing names used by the Global Banking and Global Markets division of Bank of America Corporation. Lending, derivatives, other commercial banking activities, and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities, are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, BofA Securities, Inc., which is a registered broker-dealer and Member of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities, Inc. is a registered futures commission merchant with the CFTC and a member of the NFA.
Investment products: