Identity theft, espionage targeting state secrets, ransom demands, and companies paralyzed. These are not doomsday scenarios from a sci-fi series, but real examples of the consequences of the cyber threat that Denmark faces.
The Centre for Cyber Security's latest threat assessment states that the risk of cybercrime and espionage in Denmark is 'very high'. In 2021, this was evidenced by 31 reports from companies of hackers demanding ransom payments - also known as ransomware attacks. In the first six months of 2022, the number of attacks of this kind - both nationally and internationally - doubled.
The hackers are constantly getting better, their earning potential is far greater than that of criminals in the drug trade, and the risk of getting caught is generally minimal, according to Christian Damsgaard Jensen, who is an Associate Professor in IT Security at DTU. He is also a member of the Danish Cyber Security Council.
Among other things, he refers to the 48,000 financial cybercrime cases with the Danish National Police that were still unsolved at the end of 2021.
"The Danish authorities are simply not geared up for this kind of crime. They lack resources and are unable to keep up with developments. The main challenge is that cybercrime is, per definition, cross-border in nature, which means that hackers jump from country to country via networks, in the process erasing any trace of themselves that the police might find," he explains.
Inspired by humans
Most of Christian Damsgaard Jensen's working life has been spent making illegal intrusions of this kind difficult to begin with. Just like the hackers, he has been forced to get creative, think in the abstract, and adopt an unconventional approach.
Early on in the process, he acknowledged that the mechanisms underpinning the existing security systems are not good enough to keep criminals at bay.
Instead, he began to see human relationships as his most important source of inspiration: How do we assess who we can trust in situations where there is a high threat level? And what does it take to build trust?
Today, Christian Damsgaard Jensen develops security systems that interact with other stakeholders in exactly the same way that people do in the real world: The greater the trust, the greater the openess.
For instance, if a user is unknown to the system then it uses recommendations from others to form trust in the person. If no recommendations are available, the stranger must exhibit trustworthy behaviour over a long period of time - this may entail accepting cookies that make it possible to recognize the individual - if they are to gain access to the system in question.
The recognition of users across systems makes it possible to enforce restrictions, e.g. blocking someone if they are up to no good.