The pandemic has presented an opportunity for cybercriminals with Interpol and others warning that further increases in these crimes are expected. Americans lag behind in securing their increasingly digital lives and businesses. We must catch up if the United States is going to thrive both during and after the pandemic, and keep Americans safe.
These pandemic-induced cyber crimes have ranged from lone hackers capitalizing on increased online activity, to alleged state-backed cyber ops compromising vaccine trials. While there is no proof as to who is behind the latter, corporate espionage is also a possibility.
High stakes data breaches like these remind us that there are gaping holes in many countries' cybersecurity, including the United States. At the individual, corporate, and governmental level, America is vulnerable.
Whereas individuals are perhaps uninformed about the risks, or trust businesses to protect their data, corporate America has no excuse. Most executives who are victims of ransomware attacks, for example, admit to paying the ransom (and often not informing those whose data has been breached).
This exposes a lack of seriousness when it comes to data security: It is often not seen as a real crime or a real violation of individuals' (or indeed, the country's) security and integrity. This is despite the fact that identity theft can cripple an individual's finances for years, and costs Americans $50 billion per year.
It will often be misperceived to be in a company's interest to ignore or cover up a breach. It is only through educating decision-makers and creating a sense of obligation and transparency that these issues can be admitted and addressed.
The root of the problem is that America as a whole is behind the curve when it comes to digital transformation, and is similarly behind when it comes to awareness of cybersecurity and identity protection.
At one end of the scale are countries like China, which have become cashless thanks to apps like Alipay and WeChat, or Estonia which delivers all government services digitally. Then there are countries like most of the European Union and emerging markets like Turkey and Bangladesh who have embraced digital identities and governance whilst still relying on analogue services in many areas.
Then there are Britain and the United States who, almost uniquely in the developed world, have not even started to introduce digital identities.
This results in a population that is widely unaware of the identity protection needs when using digital services. Services that they are using more than ever during the pandemic, whether that is working from home (opening up sensitive business and financial information to often insecure networks) or increasing dependence on online shopping, especially in this particular digital Holiday Season.
Many of these shifts will become part of the new normal post-pandemic, and cyber threats will become even more existential to Americans if there is a digital ID as part of the vaccine rollout. The U.S. should follow the lead of allies such as Israel (a long-time leader in cybersecurity) and the UK (which recently announced a cyber warfare unit).
While realizing that there can be no national security without data security, individuals must simultaneously be empowered to protect their own identities online. Just as the U.S. is committed to individuals' right to personal safety in everyday life, it should be just as committed to individuals’ right to protect themselves online.
As well as the steps above, the Biden administration should re-establish American leadership and work with countries that are more advanced in digitization and cybersecurity, and see them as part of the solution, not as part of the problem. This is in the national interest and should be established beyond any one administration or presidential term.