We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
The devastating impact of cyberattacks and how to protect against them
Imagine one day you found out someone had hacked your phone. What would that mean for your life? With the right software, the bad guys might be able to get into your bank account, surveil your messages, or even steal your fingerprints and facial scans.
That's what happened to human rights attorney David Haigh, who became the first-known British victim of the powerful Pegasus spyware in 2021 while trying to help women of Emirati and Jordanian royalty escape alleged abuse. He learned that his phone was under surveillance – so his communications and the information stored on the device were compromised.
Two years on, he still lives in fear for the privacy of his loved ones and clients. "The police have done nothing,” he says. “There's no support from the government. There's no real information.”
Emerging technologies threaten to make the already-bleak cybersecurity environment all the more treacherous, opening new avenues of attack that could cost countries, companies, and individuals dearly without proactive measures.
Eurasia Group Senior Analyst Ali Wyne moderated a discussion on cybersecurity as part of “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute. The discussion focused on the blurring lines between attacks on governments and the private sector.
Wyne spoke with Kaja Ciglic, senior director of digital diplomacy at Microsoft, who referred to cybersecurity as “the defining challenge of our times.” The wars in Ukraine and Gaza have coincided with spikes in both cyberattacks and misinformation campaigns, which Ciglic called “harrowing examples of what can happen and how people can use technology to manipulate others into actions.”
Even in peacetime, states are investing in capabilities that can target critical infrastructure, schools, and hospitals, preparing for a new dimension of conflict. And in the private sector, hackers are exploiting lagging private-sector preparedness to grow and evolve.
Hacking is big business, with companies specializing in helping clients break into accounts. While these are usually about making financial gains, says Stéphane Duguin, CEO of the Cyber Peace Institute, his organization has seen a marked shift over the past two years. Since the Russian invasion of Ukraine, the institute has tracked a marked increase in attacks on humanitarian organizations, even those that have little to do with the conflict.
“At the end of the day, you end up having civilians who cannot benefit from essential services because of what has been escalated into another part of the world,” he said.
The attacks impact organizations more profoundly than one might think. Bonnie Leff, senior vice president of corporate security at MasterCard, said that when one suffers a cyber attack, “the impact to an NGO can really almost shut it down.” It leaves organizations unable to pay staff or run programs and can damage their reputation with donors, leaving them worse off in the long term.
- Hackers, innovation, malice & cybercrime ›
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals ›
- The threat of CEO fraud and one NGO's resilient response ›
- Hacked by Pegasus spyware: The human rights lawyer trying to free a princess ›
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- How cyberattacks hurt people in war zones - GZERO Media ›
- How rogue states use cyberattacks to undermine stability - GZERO Media ›
- Why snooping in your private life is big business - GZERO Media ›
Estonia's digital revolution: a global model of efficiency
In a recent GZERO livestream event presented by Visa, Carmen Raal, a digital transformation advisor and expert from e-Estonia, shared some remarkable insights into the nation's digital transformation. Estonia, often hailed as a digital pioneer, has undergone a profound digitalization process that sets it apart on the global stage. Carmen explained that 99.99% of Estonia’s public services are accessible online, which includes a strong collaboration between the nations’ public and private sectors. Raal points out how this unique partnership has created solutions that are versatile and user-friendly. One example is Estonia's electronic identity and signature system which isn't limited to government use; it extends to online banking across all banks in Estonia.
The emphasis on simplicity has been key to encouraging widespread adoption of digital solutions. This also includes the process of setting up a company in Estonia. Raal highlights that it takes less than three hours to establish a company online, and the world record is a just a hair over 15 minutes. According to Raal, this efficiency, especially for small and medium-sized enterprises, has positioned Estonia as an administrative haven, attracting entrepreneurs from around the world under the concept of e-residency, which allows individuals worldwide to obtain a digital identity card, granting them the ability to run an Estonian company without physical presence in the country. This offers access to the European single market, showcasing Estonia's commitment to fostering a global digital community. Raal highlights how Estonia's digital journey underscores the transformative potential of embracing technology, not only for enhancing efficiency but also for fueling economic growth and innovation.
To hear more about the challenges and opportunities that nation-states face when it comes to digitization, and how it could shape a more inclusive and resilient future, watch the full livestream conversation:
What Ukraine's digital revolution teaches the world
Introducing Patching the System, a new podcast series
As part of the Global Stage series, a partnership between Microsoft and GZERO Media, the podcast series “Patching the System” will explore the biggest cyber risks and challenges for governments, corporations, and consumers alike. Through the Cybersecurity Tech Accord, a public commitment from more than 150 technology companies, private sector tech leaders are working to create solutions and foster greater cyber resilience.
Michael Chertoff: Russia is not a long-term strategic rival for the US
Even as tensions build in Ukraine, Russia is not a long-term strategic rival for the United States. That’s according to former US Department of Homeland Security Secretary Michael Chertoff, who spoke to GZERO World last September. “The danger with Russia in the short-term is recklessness in the neighborhood,” he said. But even though Moscow may not be the same sort of adversary it was during the Cold War, Chertoff sees big challenges for Washington, especially in cybersecurity and hybrid warfare. “The real danger comes when the red lines are murky or fuzzy,” he added.
Watch all of Chertoff's interview on GZERO World with Ian Bremmer: Is America safer since 9/11?
Russian hackers' arrests timing likely just coincidence, says Ukraine analyst
Russia recently arrested 14 hackers from REvil, a ransomware gang involved in last year's cyberattack against the Colonial Pipeline in the US.
Some think it was a gesture by Vladimir Putin to deescalate tensions with the US over Ukraine. But analyst Alina Polyakova tells Ian Bremmer she doesn't buy it.
It's more likely, she says, that the hackers did something to irritate the Russians.
“When people see strategy in something that the Kremlin does, I usually see circumstantial reasons and coincidence, and maybe some incompetence here and there," Polyakova explains. "I think these were two separate events.”
Watch this episode of GZERO World with Ian Bremmer: Will Putin invade Ukraine?
- Hard Numbers: Tongan volcano, Ukrainian cyberattack, Zemmour ... ›
- A (global) solution for cybercrime - GZERO Media ›
- Hackers shut down US pipeline - GZERO Media ›
- Hard Numbers: US bounty for Colonial Pipeline hackers, China's ... ›
- Would you pay a cyber ransom? - GZERO Media ›
- Constant Russian attacks on Ukraine in cyberspace - GZERO Media ›
Can political leadership prevent cyberattacks in 2022?
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What are the positive changes in 2022 that we might expect to see in the cyber world?
Well, my hope is that more awareness of the harms of cyberattacks and intrusions on people will lead to stronger political leadership towards better prevention and accountability. Because too often criminals or states that attack others for their own gains simply get away with it. Only when we appreciate that the digital realm is not a universe detached from our own lives, and that attacks lead to patients sent away at hospitals, to food not reaching grocery stores, or fuel not being available at gas stations, we see more political concern over the systemic weakness throughout the technological system and ecosystem. We use both in everyday, mundane context or in very sensitive ones.
Russian hackers target US tech companies with little accountability
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
Has Russian behavior in cyber changed after President Biden and President Putin's meeting earlier this year?
Well, unfortunately, we see ongoing assertiveness and aggression from the Russian side, targeting the US government, but also US tech companies. And the fact that there is so little accountability probably keeps motivating. Shortly before the Russian elections, Apple and Google removed an app built by opposition parties, to help voters identify the best candidate to challenge Putin's party. The company cited pressure on their employees in Russia, but of course, the pressure on the Russian population is constant. And after these dramatic events, the silence from Western governments was deafening.
What about US companies being targeted by attackers from Russia?
Well, it is a very inconvenient truth that the very companies whose software we all rely on is not secure enough to withstand these attacks. And again, the lack of accountability of attackers is a problem. Intelligence gathering currently does not violate international law and is rarely met with sanctions, even if the consequences of breaching systems, can be significant throughout an ecosystem. There is a legal vacuum and a political vacuum, in clarity around what is and is not acceptable. So, a combination of state accountability, and corporate liability standards are needed, to change the status quo.
Beware perpetual cyberattacks, and protect education data
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
Experts want us to stop using the term "cyber 9/11". Why is that?
Well, indeed many cybersecurity experts, including my brilliant Stanford colleague, Jacquelyn Schneider, have pointed out that a "cyber 9/11" is not the metaphor that helps people understand the actual nature of the threats. You may have also heard politicians warning for a "cyber Pearl Harbor," and indeed experts are also pushing back against this metaphor. Cyberattacks happen often and are maybe more like massive shots of hail. By trying to probe many vulnerabilities and sending multiple phishing emails, criminals and state entities are trying which digital door might open, trying over and over again, and then can help them achieve their criminal, intelligence or geopolitical goals. The notion of a perpetual shot of hail may also make people realize that the attacks can be closer to them, and then empowering them to be part of the solution instead of feeling defeated by the notion of a massive terrorist attack, targeting a landmark far away, and causing major physical and human suffering.
How much should we worry about children's data leaking?
Well, we should worry. And for some reason, despite the risks, educational institutions are not part of critical infrastructure, even if between universities and schools, vast amounts of data that can be exploited for espionage or distortion are kept. So, I believe more support needs to be unlocked to prevent criminals from easy successes, and to support schools, universities, and other educational institutions with public resources and very solid expertise. And including them in a critical knowledge infrastructure category, might actually help