The devastating impact of cyberattacks and how to protect against them

Imagine one day you found out someone had hacked your phone. What would that mean for your life? With the right software, the bad guys might be able to get into your bank account, surveil your messages, or even steal your fingerprints and facial scans.

That's what happened to human rights attorney David Haigh, who became the first-known British victim of the powerful Pegasus spyware in 2021 while trying to help women of Emirati and Jordanian royalty escape alleged abuse. He learned that his phone was under surveillance – so his communications and the information stored on the device were compromised.

Two years on, he still lives in fear for the privacy of his loved ones and clients. "The police have done nothing,” he says. “There's no support from the government. There's no real information.”

Emerging technologies threaten to make the already-bleak cybersecurity environment all the more treacherous, opening new avenues of attack that could cost countries, companies, and individuals dearly without proactive measures.

Eurasia Group Senior Analyst Ali Wyne moderated a discussion on cybersecurity as part of “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute. The discussion focused on the blurring lines between attacks on governments and the private sector.

Wyne spoke with Kaja Ciglic, senior director of digital diplomacy at Microsoft, who referred to cybersecurity as “the defining challenge of our times.” The wars in Ukraine and Gaza have coincided with spikes in both cyberattacks and misinformation campaigns, which Ciglic called “harrowing examples of what can happen and how people can use technology to manipulate others into actions.”

Even in peacetime, states are investing in capabilities that can target critical infrastructure, schools, and hospitals, preparing for a new dimension of conflict. And in the private sector, hackers are exploiting lagging private-sector preparedness to grow and evolve.

Hacking is big business, with companies specializing in helping clients break into accounts. While these are usually about making financial gains, says Stéphane Duguin, CEO of the Cyber Peace Institute, his organization has seen a marked shift over the past two years. Since the Russian invasion of Ukraine, the institute has tracked a marked increase in attacks on humanitarian organizations, even those that have little to do with the conflict.

“At the end of the day, you end up having civilians who cannot benefit from essential services because of what has been escalated into another part of the world,” he said.

The attacks impact organizations more profoundly than one might think. Bonnie Leff, senior vice president of corporate security at MasterCard, said that when one suffers a cyber attack, “the impact to an NGO can really almost shut it down.” It leaves organizations unable to pay staff or run programs and can damage their reputation with donors, leaving them worse off in the long term.