Rebecca Zisser / Axios

Endgame's chief social scientist Andrea Limbago breaks down the most critical cybersecurity issues threatening both the U.S. and the world today. From Russian meddling in the U.S. election, to the global WannaCry ransomeware attack, Limbago says we need to start getting serious — fast — about implementing stronger cyber policies and protections, before a catastrophic attack causes irreparable damage.

The broad view: Limbago is adamant that the size and scale of future cyber attacks will only intensify, but she's confident there are defenses that can be built, as long as society accepts the fact that more sophisticated and targeted attacks are coming. "We can't pretend it's not out there anymore," said Limbago. "We need our policies to step up to the modern reality."

Most security experts say you should "assume you will get hacked" — that it's inevitable. But what can companies do in place of that? Both from a user policy perspective and in regard to tech precautions?

Cyber security issues have been around longer than we give them credit for, and we really should have more policies in place by now. For the private sector, you can assume that you're going to be under attack, I think that's a safe assumption and we've seen that, but that does not mean you should throw your hands up in the air and just give up. They need to start taking the defensive aspect (such as education and installing protective software) much more seriously, and I don't think that's really happened yet.

As for the policy side, we haven't really gotten anywhere. For instance, the executive order that just came out. What we really need right now is an integrated policy. John McCain has been very vocal about this and I tend to agree with his point on cyber policy. We're kind of still running around without any guidance in that area, and that's why there has been zero sign of deterrence so far.

Do think Trump's cyber executive order has put a dent in the work that needs to be done in regard to cyber security?

The EO should've been more, it's kind of vanilla. There is nothing terribly provocative about it. On the one hand it's good because you have a proposal that finally starts to prioritize cyber security... but we're at the point where incremental assessments aren't what we need. We need more of a paradigm shift, and that's where policy can come in, as well as integration into larger, strategic outlooks.

What will it take for individuals, organizations, and the government to really get serious about cyber?

I wish I was more optimistic on this, but I do think it will take a pretty big attack. I almost feel that WannaCry was a testing ground... one theory is that that's actually what it was, a test to see how people would respond and how widespread it would be. Not that that's true, but if it were, it worked. You saw how organizations responded, how unprepared so many were. The US generally got off pretty light on that, so we were lucky, but just imagine if WannaCry had hit the US really hard, if it had hit our hospitals really hard.

At the end of the day, even though WannaCry made the 24-hour news cycle, it quickly peered off again. So, I think it would have to take something really large, something truly impacting the US. I hope it doesn't come to that, but honestly I don't see that happening right now.

Are consumers losing trust in some of the digital platforms they rely on so much?

I think that they're losing trust but I'm not sure it's changing their behavior. I think the public is less inclined to trust both the government to protect their data, but also increasingly now some of the big companies like Google and Facebook that actually own the data. I still think there's going to be a divide between the tech-savvy, the people who just really get it, and those who don't. I also think a lot of people think that even if they were to stop sharing so much, the data is out there already... so they just give up.

What's your biggest takeaway from the recent attacks we've seen? What should we learn from them?

On the one hand, there's been an appropriate focus on Russia, and that needs to continue. But with what Russia is doing, it's important to keep in mind that those kind of tactics and techniques are available to other actors as well. It's not just the Russians we need to watch any more. While our policies, some of which are 30 years old, were made to counter one threat, our response should not be to just solely focus on the Russia threat, but learn lessons on what they have done. Other actors — we saw it with WannaCry — are going to take their approaches to achieve whatever their own objectives are.

Go deeper

Caitlin Owens, author of Vitals
25 mins ago - Health

The coronavirus is starting to crush some hospitals

Illustration: Aïda Amer/Axios

Some states are seeing dangerous levels of coronavirus hospitalizations, with hospitals warning that they could soon become overwhelmed if no action is taken to slow the spread.

Why it matters: Patients can only receive good care if there's enough care to go around — which is one reason why the death rate was so much higher in the spring, some experts say.

Scoop: The Lincoln Project is becoming a media business

Illustration: Eniola Odetunde/Axios

The Lincoln Project is looking to beef up its media business after the election, sources tell Axios.

Driving the news: The group recently signed with the United Talent Agency (UTA) to help build out Lincoln Media and is weighing offers from different television studios, podcast networks and book publishers.

Trump, Biden strategies revealed in final ad push

Data: Bully Pulpit Interactive; Chart: Danielle Alberti/Axios

President Trump is pouring hundreds of thousands of dollars into Facebook ads on the Supreme Court and conservative judges in the final stretch of his campaign, while Joe Biden is spending over a million on voter mobilization, according to an analysis by Axios using data from Bully Pulpit Interactive.

The big picture: Trump's Facebook ad messaging has fluctuated dramatically in conjunction with the news cycle throughout his campaign, while Biden's messaging has been much more consistent, focusing primarily on health care and the economy.