Trending Now
We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
Why privacy is priceless
If someone were to get a few pictures off your phone without your permission, what's the big deal, right? Don't be so blasé, says human rights attorney David Haigh, who was prominently targeted with the powerful Pegasus spyware in 2021.
"If someone breaches your private life, that is a gateway to very, very serious breaches of other human rights, like your right to life and right to all sorts of other things," he said. "That's why I think a lot of governments and public sector don't take things as seriously as they should."
Right now, he says, dictators can buy your privacy, "and with it, your life."
Haigh spoke with Eurasia Group Senior Analyst Ali Wyne as part of “Caught in the Digital Crosshairs,” a panel discussion on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute.
Watch the full Global Stage conversation: The devastating impact of cyberattacks and how to protect against them
- Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media ›
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals - GZERO Media ›
- Podcast: How cyber diplomacy is protecting the world from online threats - GZERO Media ›
- Podcast: Foreign Influence, Cyberspace, and Geopolitics - GZERO Media ›
- Podcast: Cyber mercenaries and the global surveillance-for-hire market - GZERO Media ›
How cyberattacks hurt people in war zones
They may not be bombs or tanks, but hacks and cyberattacks can still make life miserable for people caught in the crosshairs of conflicts. By targeting key infrastructure and humanitarian organizations, warring governments can deny crucial services to civilians on the other side of no-man's-land.
And just like with conventional weapons, there can be collateral damage, said Stéphane Duguin, CEO of the Cyber Peace Institute. "We have 53 countries in the world targeted by these attacks across 23 sectors of critical infrastructure or essential services," he said. "At the end of the day, you end up having civilians who cannot benefit from essential services because of what has been escalated into another part of the world."
The perpetrators are often not centrally directed either, and may be located all over the world, complicating enforcement efforts. Hear more about what he said about the problem to Eurasia Group Senior Analyst Ali Wyne in a panel discussion which capped “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute.
Watch the full panel discussion: The devastating impact of cyberattacks and how to protect against them
Why snooping in your private life is big business
Kaja Ciglic, senior director of digital diplomacy at Microsoft, said, "cybersecurity is the defining challenge of our time" amid a spike in misinformation campaigns thanks to wars in Ukraine and Gaza, growing interest from governments in building cyberweapons, and plain old profit-motivated thieves.
"We are seeing private sector enterprises that, effectively, are selling services, products that allow their customers to break into, whether it's a personal account, whether it's into an organization's account," she said. "The cyber mercenary market that is also emerging is also a very strong concern for Microsoft."
Learn more about what they are doing to solve the problem in Kaja's chat with Eurasia Group Senior Analyst Ali Wyne as part of “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute.
Watch the full conversation: The devastating impact of cyberattacks and how to protect against them
How rogue states use cyberattacks to undermine stability
Cyberattacks are about a lot more than just money these days. Both unscrupulous governments and extremist groups are increasingly using hacking to advance political aims, says Kaja Ciglic, senior director of digital diplomacy at Microsoft.
When the International Committee for the Red Cross or International Court of Justice experiences cyberattacks, she said, "These are all organizations that are trying to defend peace and stability, they're trying to advocate for all of our human rights." The fact that unscrupulous governments are spending taxpayer money to purchase tools that interrupt their work, she noted, is worth taking a stand against.
Ciglic spoke with Eurasia Group Senior Analyst Ali Wyne in a panel discussion for “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute.
Watch the full Global Stage conversation: The devastating impact of cyberattacks and how to protect against them
The devastating impact of cyberattacks and how to protect against them
Imagine one day you found out someone had hacked your phone. What would that mean for your life? With the right software, the bad guys might be able to get into your bank account, surveil your messages, or even steal your fingerprints and facial scans.
That's what happened to human rights attorney David Haigh, who became the first-known British victim of the powerful Pegasus spyware in 2021 while trying to help women of Emirati and Jordanian royalty escape alleged abuse. He learned that his phone was under surveillance – so his communications and the information stored on the device were compromised.
Two years on, he still lives in fear for the privacy of his loved ones and clients. "The police have done nothing,” he says. “There's no support from the government. There's no real information.”
Emerging technologies threaten to make the already-bleak cybersecurity environment all the more treacherous, opening new avenues of attack that could cost countries, companies, and individuals dearly without proactive measures.
Eurasia Group Senior Analyst Ali Wyne moderated a discussion on cybersecurity as part of “Caught in the Digital Crosshairs,” a video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute. The discussion focused on the blurring lines between attacks on governments and the private sector.
Wyne spoke with Kaja Ciglic, senior director of digital diplomacy at Microsoft, who referred to cybersecurity as “the defining challenge of our times.” The wars in Ukraine and Gaza have coincided with spikes in both cyberattacks and misinformation campaigns, which Ciglic called “harrowing examples of what can happen and how people can use technology to manipulate others into actions.”
Even in peacetime, states are investing in capabilities that can target critical infrastructure, schools, and hospitals, preparing for a new dimension of conflict. And in the private sector, hackers are exploiting lagging private-sector preparedness to grow and evolve.
Hacking is big business, with companies specializing in helping clients break into accounts. While these are usually about making financial gains, says Stéphane Duguin, CEO of the Cyber Peace Institute, his organization has seen a marked shift over the past two years. Since the Russian invasion of Ukraine, the institute has tracked a marked increase in attacks on humanitarian organizations, even those that have little to do with the conflict.
“At the end of the day, you end up having civilians who cannot benefit from essential services because of what has been escalated into another part of the world,” he said.
The attacks impact organizations more profoundly than one might think. Bonnie Leff, senior vice president of corporate security at MasterCard, said that when one suffers a cyber attack, “the impact to an NGO can really almost shut it down.” It leaves organizations unable to pay staff or run programs and can damage their reputation with donors, leaving them worse off in the long term.
- Hackers, innovation, malice & cybercrime ›
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals ›
- The threat of CEO fraud and one NGO's resilient response ›
- Hacked by Pegasus spyware: The human rights lawyer trying to free a princess ›
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- How cyberattacks hurt people in war zones - GZERO Media ›
- How rogue states use cyberattacks to undermine stability - GZERO Media ›
- Why snooping in your private life is big business - GZERO Media ›
Attacked by ransomware: The hospital network brought to a standstill by cybercriminals
In October 2022, the second-largest nonprofit healthcare system in the US, CommonSpirit Health, was hit with a crippling ransomware attack. Kelsay Irby works as an ER nurse at a CommonSpirit hospital in Washington. She arrived at work after the malware had spread through the hospital network to chaos: systems were down, computers were running slowly or not at all, labs weren’t returning results, and nurses were charting vitals on pen and paper. Even basic things like knowing what medications patients were on or why they came into the emergency room were a challenge, putting lives at risk. The hospital’s nurses and doctors scrambled to manage this crisis for over two weeks until CommonSpirit Health was able to restore access to the IT network
“It was just kind of this perfect storm of very sick patients, not enough help, everybody was super frustrated,” Irby says, “My biggest fear during the whole cyberattack was that a patient was going to suffer because we couldn’t access the technology.”
GZERO spoke with Irby about her experience during the ransomware attack, as well as cybersecurity expert Mora Durante Astrada from Zurich Insurance Group for the final episode of “Caught in the Digital Crosshairs: The Human Impact of Cyberattacks,” a new video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute. Astrada volunteers for the Institute and its CyberPeace Builders Program, which provides free cybersecurity assistance, threat detection, and analysis to NGOs and other critical sectors while advocating for safety and security in cyberspace.
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- The threat of CEO fraud and one NGO's resilient response ›
- Hacked by Pegasus spyware: The human rights lawyer trying to free a princess ›
- Podcast: How cyber diplomacy is protecting the world from online threats - GZERO Media ›
- Podcast: Foreign Influence, Cyberspace, and Geopolitics - GZERO Media ›
- Podcast: Cyber mercenaries and the global surveillance-for-hire market - GZERO Media ›
- The devastating impact of cyberattacks and how to protect against them - GZERO Media ›
- How cyberattacks hurt people in war zones - GZERO Media ›
- How rogue states use cyberattacks to undermine stability - GZERO Media ›
- Why privacy is priceless - GZERO Media ›
- Would the proposed UN Cybercrime Treaty hurt more than it helps? - GZERO Media ›
- Why snooping in your private life is big business - GZERO Media ›
The threat of CEO fraud and one NGO's resilient response
In January 2020, Heidi Kühn, founder and CEO of Roots of Peace, returned from an overseas trip to devastating news: her finance department had unwittingly transferred over $1 million to an unfamiliar bank account. Kühn and her team quickly realized they’d become victims of a CEO fraud cyber attack—cybercriminals had infiltrated the company’s email accounts via spear phishing and impersonated Kühn to trick the finance team into sending funds abroad.
The theft had an enormous impact on Roots of Peace, a nonprofit dedicated to converting minefields into arable farmland in former war zones. Following the attack, Roots of Peace reached out to the CyberPeace Insitute, an organization that provides free cybersecurity assistance, threat detection and analysis to NGOs and other critical sectors. Roots of Peace was able to recover some of the funds, but to date, only $175,000 of the $1.34 million total stolen has been returned.
Roots of Peace is an international humanitarian organization, but their story isn’t unusual: In 2021, CEO fraud caused $2.4 billion in losses to US businesses alone, according to the FBI Internet Crime Report. Kühn’s story is featured in the second episode of “Caught in the Digital Crosshairs: The Human Impact of Cyberattacks,” a new video series on cyber security produced by GZERO in partnership with Microsoft and the CyberPeace Institute. GZERO spoke with Kühn and Derek Pillar, a cyber security expert from Mastercard, to learn more about the threat of CEO fraud, the real-life impact of cyberattacks against the humanitarian sector, and how you can prevent similar attacks from happening to you and your organization.
- Tech innovation can outpace cyber threats, says Microsoft's Brad Smith ›
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- Podcast: Lessons of the SolarWinds attack ›
- Hacked by Pegasus spyware: The human rights lawyer trying to free a princess ›
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals - GZERO Media ›
- Podcast: How cyber diplomacy is protecting the world from online threats - GZERO Media ›
- Podcast: Foreign Influence, Cyberspace, and Geopolitics - GZERO Media ›
- Podcast: Cyber mercenaries and the global surveillance-for-hire market - GZERO Media ›
- The devastating impact of cyberattacks and how to protect against them - GZERO Media ›
Hacked by Pegasus spyware: The human rights lawyer trying to free a princess
In April 2021, David Haigh, a human rights lawyer who'd been fighting to free Dubai’s detained Princess Latifa, received a shocking notification from investigators at The Guardian and Amnesty International: his phone was likely infected with Pegasus spyware. Forensic analysis confirmed that Haigh was the first confirmed British citizen to be hacked by Pegasus, a military-grade spyware created by Israel’s NSO Group that’s licensed to governments all over the world and used for covert surveillance.
Haigh was targeted by a foreign government, likely the ruler of Dubai, but his story isn’t unusual: Over 80% of all internet users are infected with some form of spyware, according to the US National Cyber Security Alliance. GZERO spoke with Haigh, as well as cybersecurity expert Kimberly Ortiz from Microsoft for the first episode of “Caught in the Digital Crosshairs: The Human Impact of Cyberattacks,” a new video series on cybersecurity produced by GZERO in partnership with with Microsoft and the CyberPeace Institute.. Ortiz volunteers for the Insitute and its CyberPeace Builders Program, an organization that provides free cybersecurity assistance, threat detection, and analysis to NGOs and other critical sectors while advocating for safety and security in cyberspace.
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- Hard Numbers: Thais come clean on Pegasus, Salvadoran emergency extended, Tunisian pol questioned, Chinese boycott mortgages ›
- What We're Watching: Dry China, UK inflation forecast, Pegasus spyware shakeup ›
- Digital peace: Trust and security in cyberspace ›
- Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media ›
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals - GZERO Media ›
- Podcast: How cyber diplomacy is protecting the world from online threats - GZERO Media ›
- Podcast: Foreign Influence, Cyberspace, and Geopolitics - GZERO Media ›
- Podcast: Cyber mercenaries and the global surveillance-for-hire market - GZERO Media ›
- The devastating impact of cyberattacks and how to protect against them - GZERO Media ›
- Would the proposed UN Cybercrime Treaty hurt more than it helps? - GZERO Media ›