Cybersecurity: To care or not to care, that is the question
|Date:||10 May 2022|
Malware, ransomware, phishing emails, and encryption are words that every one of us is confronted with once we open up our laptops or connect to the internet. Most often we simply ignore the push notifications containing these words that are sent to us by our virus protection programs telling us how many cybercrimes attacks it has prevented during our last visit to the internet. Or we deem ourselves protected from any attention from hackers at all because we think we are not possessing anything of value to them that could threaten or disadvantage us (Spoiler alert: You have something of interest regardless of your financial or social status that can be helpful to hackers and can have a great impact on your life). We are all at risk of becoming victims of cybercrime attacks such as identity theft or theft of personal information such as bank details, fraud, and extortion at any time. Norton, an antivirus program, has stated in their “2021 Norton Cyber Safety Insights Report Global Results” that more than 50 percent of their customers have experienced a cybercrime of some sort, such as unauthorized access to email or social media accounts or malicious software on a personal device. Nonetheless, almost all of the other 50 percent of Norton’s customers are not worried about becoming a victim of any kind of cybercrime. Such a neglectful attitude can not only be found among everyday consumers but also among the higher circles of government. One famous example is Rudy Giuliani, former mayor of New York and formerly part of ex-President Donald Trump’s legal team, who stated in January 2017 in an interview with CNN that Cybercrime “is like cancer. Everybody is studying it. Everybody has solutions. But nobody really talks to each other. Maybe we’ve cured it and don’t know.” During Giuliani’s time as one of Trump’s cybersecurity advisors, he, and 13 other high-ranking officials were hacked and their passwords published. Furthermore, Giuliani’s appointment was criticized by many cyber security experts, who highlighted easily exploitable weaknesses in Giuliani’s personal website. (Maybe the former mayor should have sought the conversation with these experts before making his statement.) Giuliani’s statement is probably the overstatement of the century as it severely underestimates the speed, flexibility, and impact of cybercrimes and hacker groups and it simplifies the way how society, politics, and academia converse about potential threats. Furthermore, it implies a certain degree of neglect, as it indicates that sufficient measures may have already been undertaken but no one knows it.
It seems cybersecurity and cybercrime are victims of a particular form of benign neglect in society and politics. The term benign neglect describes a process of letting something just run its course without any interference from outside bodies to the benefit of another group. This non-interference is supposed to be more beneficial than undivided attention. The term is most associated with American Democrat Daniel Patrick Moynihan who stated, controversially, in the 1970s that the USA’s race issue could benefit from a period of “benign neglect”.
The reason why benign neglect is of importance to the topic of this blog is that, during certain phases, such as the Sony Pictures Hack of North Korean hackers in 2014 or the Bangladesh Bank Heist in 2016, all attention is on the dangers and impact of hacking in the countries afflicted and then this wave of attention washes over to other countries who could be similarly targeted by criminals. Then the question arises of how countries, companies, and individuals have to and can protect themselves from this great threat and expert groups and committees are established and are put at the forefront of this battle. But the moment these “fifteen minutes of fame” (or panic) are over and the public, the governments, and academia have found another threat; hacking and cybercrime are treated with benign neglect or “an hour of ignorance” which gives hacker initiatives opportunities for new attacks.
Another aspect of hacking that is often overlooked is that a cyber-attack, technically, does not need a lot of material and/or manpower to initiate a substantially sized attack. (However, it is important to say that the myth of an individual in their bedroom taking down the whole internet of a country is also a great overstatement.)
The Lazarus Group, which is most famous for the Sony Pictures Hack, spurred by the production of the satire movie The Interview, and the WannaCry ransomware attack targeting global institutions, such as the British NHS and Chinese universities, is a North Korean hacker syndicate consisting of approximately 3.300 members in total. Both of these attacks had great aftermaths and brought the dangers of cybercrime to the forefront. This guesstimate of members includes more than just the hackers in this organization, but also people working as technological support, money launderers, and managers. And while organizations such as the Lazarus Group can issue complex cyber-attacks against highly technologized countries such as the United States or South Korea, which are greatly connected to the internet through millions of business and personal devices, North Korea itself is relatively well protected from cyber-attacks through its lack of internet connections and personal devices. It is estimated that only a thousand computers exist in North Korea, which is reserved for high-ranking individuals in the government and military.
To complicate the issue even further, cyber-attacks are not only limited to the internet, but they can also target power grids, water supplies, and even fighter jets, such as the F-35 and military drones can be targeted by hackers and can be greatly impacted in their usefulness. It was estimated in 2007 that almost 70 percent of the US’s electrical grid could be useless for up to 6 months if they were targets of a cyber-attack.
All of this aims to say that in contrast to what some may say (Giuliani and other “experts”) that cyber-attacks ARE a great threat to society and can greatly impact the lives of millions of people and they should not be neglected, just because enough attention has been given to it for a certain period. Cyber security is a highly flexible, fast-paced area of national security and it should not be forgotten, just because another security threat has its “15 minutes of fame”.
About the author
Student East Asian Studies and History Today (RUG)