Insight
Digital Security

​As societies and businesses are increasingly becoming digitalised, sufficient levels of cyber security become necessary to sustain economic growth, says US security expert Melissa Hathaway. Yet victims of cyber-attacks are reluctant to share knowledge that could prevent further attacks, and to invest sufficiently in cyber security.

​In a digital world, not taking national cyber security seriously comes at a price. In the future, as the internet becomes increasingly insecure and threats more persistent and harder to predict, even more will be at stake. Yet no nation state could be said to be fully prepared for potential threats, according to US security expert Melissa Hathaway, former cyber security advisor to Barack Obama and George W. Bush, who spoke to a Danish audience recently on the dangers that lie ahead for those unprepared.

 

Cyber security a tax on growth

Hathaway quit her job in the Obama administration very suddenly in 2009. At the time, it was predicted that she would be appointed the first so-called Cyber Tsar to Obama, a position that would have raised the cyber security discipline to the top level in US politics. Instead, she decided to dedicate her time to her own advisory business which among other things develops and consults on Hathaway's own Cyber Readiness Index. The index evaluates countries' level of preparedness in terms of the ever more advanced digital attacks on countries, businesses and individuals.

 

The index measures on five parameters: national cyber strategy, incident response, e-crime and legal capacity, information sharing, and cyber research and development. Investing plenty of energy and resources in the five parameters makes a lot of sense, according to Hathaway. She believes that high levels of digitalisation and cyber security are closely related to economic growth, even if they are expenses with no obvious return on investment:

 

"Cyber insecurity is a tax on growth. In some countries, some 20 % of GDP is related to connectivity. But the internet was never created to be the backbone it has become today, and now we are paying the price for not making it secure," Hathaway says, pointing out that a third of all breaches take place through a known vulnerability.

 

Hathaway, who is a former senior adviser and current Senior Fellow at the Potomac Institute for Policy Studies, names a handful of incidents that have occurred and which she believes represent the type of threats countries will be facing even more in the future. These include the cyber-attacks that hit Ukraine's power supply, the WannaCry ransomware attack, in which malicious ransomware brought countless companies and organisations to their knees, and the Notpetya malware which caused major problems for Danish companies last summer.

 

The worst is yet to come

According to Hathaway, there is no reason to believe that the future will be any less problematic.  On the contrary, cyber-attacks are becoming increasingly creative and persistent. With rising levels of digitalisation, these attacks will cause proportionally more damage, potentially disrupting vital services.

 

Meanwhile, hackers are becoming smarter by the hour. A few years ago, former NSA employee Edward Snowden revealed how the US intelligence service NSA had developed an extensive surveillance network and was maintaining a catalogue of security holes in software and operating systems that could be used to penetrate computers. 

 

Since then, many details were leaked - and very soon, hackers began to make use of their discoveries. According to Hathaway, at least three security flaws named in NSA's leaked catalogue have been used in digital attacks against companies.

 

The sharing of knowledge by companies having suffered cyber-attacks and subsequent leaks, however, is not a given, even though access to a broad, updated overview of current cyber-attacks would be in everyone's interest. On the contrary, it is a well-known phenomenon that organisations prefer to keep hacks and leaks, or malware or ransomware attacks, a secret to protect their brand and the company from the wrath of disgruntled customers, shareholders or users whose data has been leaked.

 

No one can afford cyber insecurity

But the threat against our networks and infrastructure is real, and no country can afford cyber insecurity and the losses it incurs, says Hathaway.

 

Yet, according to her Cyber Readiness Index, no country today could be considered cyber ready, although many countries have extensive ambitions for digitalising society and money, the latter increasingly becoming a value that is handled digitally rather than banknotes or coins changing hands. Some countries are getting there, but for the vast majority, it is a long way home, Hathaway concludes.

 

​"Cyber insecurity is a tax on growth. In some countries, some 20 % of GDP is related to connectivity. But the internet was never created to be the backbone it has become today, and now we are paying the price for not making it secure," Hathaway says, pointing out that a third of all breaches take place through a known vulnerability.

US security expert Melissa Hathaway spoke to an audience at Finans Danmarks' premises in Copenhagen in November. Finans Danmark is a professional body for banks, mortgage institutions and asset management in Denmark.