Stay Updated Icon

Subscribe to Our Tech & Career Digest

Join thousands of readers getting the latest insights on tech trends, career tips, and exclusive updates delivered straight to their inbox.

Cybercrime Poses 'Orders of Magnitude' Greater Threat Than Nation-State Attacks, Warns Former White House Cyber Advisor

10:53 PM   |   24 May 2025

Cybercrime Poses 'Orders of Magnitude' Greater Threat Than Nation-State Attacks, Warns Former White House Cyber Advisor

Cybercrime's Shadow: Why Financial Motives Outweigh Geopolitical Threats for Most US Businesses

In the complex and ever-evolving landscape of digital threats, the focus often gravitates towards the sophisticated, state-sponsored cyber operations emanating from global powers. Headlines frequently highlight espionage campaigns, critical infrastructure targeting, and intellectual property theft orchestrated by nations like China, Russia, Iran, and North Korea. These threats are undeniably serious, representing significant strategic challenges to national security and economic competitiveness. However, for the vast majority of businesses and organizations across the United States, the most immediate and impactful digital danger comes not from the covert actions of foreign intelligence agencies, but from the relentless, financially motivated attacks perpetrated by cybercriminal enterprises.

This critical distinction and the need for a balanced approach to cybersecurity defense were recently underscored by Michael Daniel, a figure with deep experience at the highest levels of US cybersecurity policy. As the former Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council staff from 2012 to 2017, Daniel played a pivotal role in shaping the nation's cyber defense strategies during a period of escalating digital threats. Today, he leads the Cyber Threat Alliance, a non-profit organization dedicated to improving threat intelligence sharing among cybersecurity industry participants. His perspective, informed by years at the nexus of government and private sector security, offers a vital recalibration of priorities in the ongoing fight against digital adversaries.

The Disproportionate Impact of Cybercrime

While acknowledging that nation-state actors, particularly China, pose significant strategic threats, Daniel argues forcefully that the sheer scale and economic damage inflicted by cybercrime are vastly underestimated in public discourse and, perhaps, in resource allocation. "For a manufacturing or retail company somewhere in the United States, by far, your greatest threat is cybercrime, probably in the form of ransomware, but also in the form of business email compromise," Daniel stated in an interview. This assessment highlights a fundamental truth often obscured by the drama of geopolitical cyber skirmishes: cybercriminals are opportunistic, widespread, and primarily driven by profit, making them a pervasive and constant threat to organizations of all sizes and across all sectors.

The financial motivations behind cybercrime translate into a high volume of attacks targeting a broad swathe of potential victims. Ransomware, which encrypts data and demands payment for its release, has become a multi-billion dollar industry, crippling businesses, hospitals, schools, and local governments. Business Email Compromise (BEC) schemes, which trick employees into transferring funds or sensitive information by impersonating executives or trusted partners, cause billions more in losses annually. These attacks don't require the advanced persistent threat (APT) capabilities of a nation-state; they rely on social engineering, readily available tools, and exploiting common vulnerabilities and human error. The cumulative effect of these widespread, financially driven attacks is, according to Daniel, "orders of magnitude larger than anything that the nation states are doing" in terms of direct impact on most US organizations.

Balancing the Threat Landscape

Daniel emphasizes that the United States, with its vast national and economic interests, cannot afford to focus on only one type of adversary. The nation's cybersecurity strategy must be capable of addressing multiple threats simultaneously – the strategic, long-term challenges posed by nation-states like China, Russia, Iran, and North Korea, alongside the immediate, pervasive, and financially devastating impact of cybercriminal organizations. "We've got to be able to do the equivalent of walk and chew gum at the same time," he remarked. This requires a nuanced approach that allocates resources and attention based on the specific risks faced by different sectors and entities within the country.

For large corporations in sensitive industries like technology or defense, the threat of intellectual property theft or espionage by nation-states might indeed be paramount. However, for the vast majority of small and medium-sized businesses (SMBs), non-profits, and critical infrastructure operators outside of the most sensitive sectors, the daily barrage of ransomware attempts, phishing campaigns leading to BEC, and data theft for financial gain constitutes the primary and most likely threat vector. Ignoring or under-resourcing the fight against cybercrime leaves these vulnerable entities exposed, with potentially cascading effects on supply chains, local economies, and public services.

The Erosion of Capacity: Government Budget Cuts

Against this backdrop of a complex and expanding threat landscape, Daniel voiced significant concern over proposed government spending cuts, particularly those impacting federal agencies responsible for cybersecurity. He specifically highlighted the potential negative effects of reductions across the board in the federal government, arguing that they will harm cybersecurity capabilities both within the government itself and for the nation as a whole.

The Cybersecurity and Infrastructure Security Agency (CISA), established within the Department of Homeland Security (DHS) in 2018, is the lead federal agency for protecting the nation's critical infrastructure from physical and cyber threats. CISA works with federal, state, local, tribal, and territorial governments, as well as private sector partners, to understand and manage cyber and physical risks. It provides tools, resources, and expertise to help organizations improve their security posture and respond to incidents. Daniel noted that reductions at CISA would have negative impacts, as would cuts at the sector-risk management agencies responsible for coordinating cybersecurity efforts within specific critical infrastructure sectors (such as energy, healthcare, transportation, etc.). These agencies were already, in his view, "stretched pretty thin in terms of their cyber capabilities to begin with."

Reports indicated that the proposed spending plan under the Trump administration could slash CISA's budget by a significant amount, potentially hundreds of millions of dollars. While the exact number of employees affected by layoffs or buyouts remained unclear due to a lack of transparency from DHS, Daniel stated that he had anecdotally heard from numerous individuals seeking career transition advice, suggesting a tangible impact on the federal cybersecurity workforce. This reduction in personnel and funding comes at a time when digital threats are increasing in volume, sophistication, and impact.

Challenges in Federal Cybersecurity Workforce

Daniel pointed out a persistent challenge for the federal government: recruiting and retaining cybersecurity talent. The demand for skilled cybersecurity professionals in the private sector is high, and private companies can often offer significantly higher salaries than government agencies. This makes it difficult for the government to compete for top talent. Reducing budgets and potentially cutting staff only exacerbates this problem, making federal careers less attractive and depleting the existing pool of experienced personnel. Daniel believes that, if anything, the federal government should be increasing infosec budgets and staffing levels to meet the growing demand and counter the rising tide of digital threats.

The lack of transparency regarding the extent of the workforce reductions was also a point of concern for Daniel. He argued that the executive branch owes the legislative branch, as part of its oversight function, clear information on how many people have been let go. Knowing these numbers is essential for effective management and understanding the true impact of budget decisions on agency capabilities.

Shifting Priorities and Their Consequences

Daniel also expressed worry that a potential realignment of priorities within the Department of Justice (DOJ) and DHS, shifting focus towards areas like border security, could divert resources and attention away from combating cybercrime. This shift could mean less assistance available to companies and organizations struggling to recover from ransomware attacks and other financially motivated breaches. The ability of federal agencies like the FBI and CISA to provide support, intelligence, and incident response coordination is crucial for victims, particularly those without extensive internal cybersecurity expertise or the resources to hire expensive private recovery firms.

The financial toll of cybercrime is staggering. Recent data from the FBI indicated that ransomware and other financially motivated crimes bilked victims out of billions of dollars in a single year. This underscores the immense scale of the problem and the need for robust government action to disrupt these criminal operations.

Strategies for Fighting Cybercrime

Daniel outlined several key areas where the federal government needs to focus its efforts to help organizations protect themselves and to counter the cybercriminal threat effectively:

  • Disrupting the Cybercriminal Ecosystem: This involves actively working to dismantle criminal infrastructure, seize illicit funds, and pursue legal action against perpetrators. Efforts like the Biden-era international counter ransomware initiative are crucial in coordinating global action to increase pressure on cybercriminals and the countries that provide them safe harbor.

  • Pressuring Harboring Nations: Some countries, notably Russia, are known to harbor cybercriminals and allow them to operate with relative impunity, as long as they do not target domestic victims. Daniel pointed out that Russia harbors far more cybercriminals than China. Increasing diplomatic and economic pressure on these nations is vital to reducing the global cybercrime threat.

  • Increased Assistance to Vulnerable Sectors: State and local governments, as well as critical sectors like healthcare, are frequent targets of ransomware and often lack the resources and expertise to defend themselves or recover from attacks. Daniel highlighted the plight of entities like rural hospital chains, which cannot afford expensive private cybersecurity firms like Mandiant or CrowdStrike. The federal government has a vested interest in ensuring the resilience of these critical services and should have the capacity to provide direct assistance for incident response and security improvements.

  • Improving Threat Intelligence Sharing: Organizations like the Cyber Threat Alliance, which Daniel leads, play a vital role in facilitating the sharing of timely and actionable threat intelligence between the private sector and government agencies. Robust information sharing helps defenders understand the tactics, techniques, and procedures (TTPs) used by attackers and proactively strengthen their defenses. Government agencies, particularly CISA, are key partners in this ecosystem, and cuts to their threat intelligence capabilities can hinder this crucial function.

  • Promoting Cybersecurity Best Practices: While government action is essential, improving the nation's cybersecurity posture also requires widespread adoption of basic security hygiene by businesses and individuals. Federal agencies can play a role in developing and promoting cybersecurity frameworks, providing educational resources, and incentivizing better security practices.

The Path Forward

Michael Daniel's insights serve as a crucial reminder that while nation-state cyber threats demand attention, the pervasive and financially devastating impact of cybercrime cannot be overlooked. For the vast majority of organizations, the threat of ransomware, BEC, and other criminal activities is the most pressing concern. Effectively combating this threat requires dedicated resources, a skilled workforce, and a government apparatus capable of providing assistance to victims and disrupting criminal operations.

Proposed budget cuts that weaken agencies like CISA and reduce the federal government's capacity to respond to incidents and share threat intelligence are, in Daniel's view, counterproductive. At a time when cyber threats are escalating, the nation needs to invest more, not less, in its cyber defenses. Ensuring that state and local governments, healthcare providers, and other critical infrastructure operators have access to federal expertise and assistance is not just a matter of helping individual victims; it is essential for maintaining the resilience and security of the nation as a whole.

The fight against cyber threats is a complex, multi-faceted challenge that requires sustained effort on multiple fronts. While geopolitical tensions necessitate vigilance against nation-state actors, the daily reality for countless businesses and organizations is the threat posed by financially motivated cybercriminals. A comprehensive national cybersecurity strategy must acknowledge the scale of the cybercrime problem and ensure that the government has the resources and focus necessary to help defend against it, disrupt the perpetrators, and support victims in their recovery.

The former White House advisor's call to action is clear: the US must walk and chew gum, addressing both nation-state threats and the 'orders of magnitude' larger problem of cybercrime. This requires prioritizing cybersecurity funding, bolstering the federal workforce, and ensuring that agencies like CISA are equipped to provide the necessary support to vulnerable sectors. The economic and societal costs of failing to do so are simply too high.

The Economic Reality of Cybercrime

The financial impact of cybercrime extends far beyond the direct costs of ransomware payments or funds lost to BEC. It includes the costs of business interruption, data recovery, system remediation, legal fees, reputational damage, and potential regulatory fines. For small businesses, a significant cyberattack can be an existential threat, leading to closure. For larger entities, it can result in substantial financial losses and erosion of customer trust.

Estimates of the global cost of cybercrime vary widely but consistently run into the trillions of dollars annually. This makes cybercrime a significant drag on the global economy and a major threat to economic stability. The interconnected nature of modern business means that an attack on one company can have ripple effects throughout supply chains and across industries. This further underscores why combating cybercrime is not just a matter of individual business security but a critical economic imperative.

The Role of Public-Private Partnerships

Effectively combating cybercrime requires close collaboration between the government and the private sector. Companies hold valuable data on the threats they face, while the government possesses unique capabilities for intelligence gathering, law enforcement, and international diplomacy. Information sharing is a two-way street, and trust is essential. Initiatives that facilitate the secure and timely exchange of threat intelligence, such as Information Sharing and Analysis Centers (ISACs) and organizations like the Cyber Threat Alliance, are vital components of a robust national defense strategy.

However, challenges remain in fostering effective public-private partnerships. Companies may be reluctant to share information about breaches due to concerns about reputational damage or legal liability. Government agencies may face bureaucratic hurdles or classification restrictions that limit their ability to share information quickly. Overcoming these obstacles requires continuous effort, clear communication channels, and a shared understanding of the common threat.

International Cooperation is Key

Cybercrime is inherently a transnational problem. Attackers often operate from jurisdictions outside the reach of US law enforcement, and their victims are global. Therefore, international cooperation is essential for disrupting cybercriminal networks, apprehending perpetrators, and recovering stolen assets. This involves working with foreign governments on extradition treaties, mutual legal assistance requests, and joint law enforcement operations. It also includes diplomatic efforts to pressure countries that harbor cybercriminals or fail to cooperate with international investigations.

The international counter ransomware initiative mentioned by Daniel is an example of the type of collaborative effort needed. By bringing together countries to share information, coordinate actions, and develop common strategies, such initiatives can increase the risks and costs for cybercriminals operating across borders.

Investing in Resilience

Beyond disruption and response, a key aspect of combating cybercrime is building resilience. This means helping organizations and individuals adopt strong cybersecurity practices to prevent attacks in the first place and minimize the impact when they do occur. Resilience involves technical measures like multi-factor authentication, regular software updates, and robust backup strategies, as well as human factors like cybersecurity awareness training for employees.

For critical infrastructure sectors and vulnerable entities like rural hospitals, building resilience may require external support. Federal programs that provide funding, technical assistance, and training can play a crucial role in helping these organizations improve their security posture and reduce their vulnerability to attack. This is an investment in national security and economic stability.

Michael Daniel's perspective serves as a timely reminder that the fight against cyber threats is not a zero-sum game between nation-state espionage and criminal activity. Both are significant, but their impact and prevalence differ depending on the target. For the vast majority of American businesses and critical service providers, cybercrime represents the most frequent and financially damaging threat. Addressing this requires a strategic allocation of resources, a commitment to supporting vulnerable sectors, and sustained international cooperation. Cuts to federal cybersecurity agencies like CISA risk undermining these essential efforts at a time when they are needed most.

CISA headquarters building
The Cybersecurity and Infrastructure Security Agency (CISA) plays a key role in protecting US critical infrastructure. (Image: TechCrunch)

The narrative of cybersecurity must expand beyond the high-stakes game of nation-state conflict to fully encompass the pervasive and economically devastating reality of cybercrime. Only by acknowledging the scale of this problem and dedicating appropriate resources can the US effectively defend its businesses, critical infrastructure, and citizens in the digital age.

The challenge is not merely technical; it is one of policy, resource allocation, and public-private collaboration. Daniel's call for the government to maintain capacity for multiple adversaries and increase support for organizations battling cybercrime highlights the urgent need for a comprehensive and adequately funded national cybersecurity strategy that addresses the full spectrum of threats, from sophisticated state actors to ubiquitous criminal enterprises.

Graphic illustrating ransomware attack
Ransomware attacks continue to pose a significant threat to organizations worldwide. (Image: Wired)

Ultimately, the security of the nation's digital infrastructure depends on a collective defense effort involving government agencies, private companies, and individual users. By focusing on the most impactful threats, investing in resilience, and fostering strong partnerships, the US can enhance its ability to deter, detect, and respond to the ever-growing challenge of cybercrime.

The insights from a former White House cyber advisor like Michael Daniel serve as a crucial guidepost, urging policymakers to look beyond the most publicized threats and address the daily reality of cyber risk faced by millions of Americans and the organizations they rely upon. The fight against cybercrime is not just a law enforcement issue or a technical challenge; it is a fundamental aspect of national security and economic well-being in the 21st century.

The need for increased federal support for entities hit by ransomware, particularly those in critical sectors like healthcare and local government, is a recurring theme. These organizations often lack the specialized expertise and financial resources required to effectively respond to and recover from sophisticated cyberattacks. Providing federal assistance, whether through direct technical support, access to threat intelligence, or financial aid for recovery efforts, can make a critical difference in minimizing downtime, restoring services, and preventing future incidents.

Moreover, such support can help level the playing field between well-resourced corporations and smaller, more vulnerable entities. A ransomware attack on a major hospital system or a city government can have devastating consequences for public health and safety, far outweighing the direct financial cost to the organization itself. Therefore, federal investment in the resilience of these critical entities is an investment in the broader societal good.

The discussion around government workforce reductions in cybersecurity agencies is particularly concerning given the increasing demand for skilled professionals. The federal government plays a unique role in national cybersecurity, including developing policy, conducting intelligence operations, enforcing laws, and providing assistance to critical infrastructure. A depleted workforce hinders the government's ability to fulfill these essential functions effectively. Attracting and retaining talent requires competitive compensation, opportunities for professional development, and a clear sense of mission – factors that can be undermined by budget cuts and hiring freezes.

In conclusion, Michael Daniel's perspective offers a vital corrective to a narrative often dominated by nation-state threats. While those threats are real and require attention, the daily reality of cyber risk for most US organizations is dominated by financially motivated cybercrime. Effectively addressing this requires a comprehensive strategy that includes disrupting criminal operations, pressuring complicit nations, supporting vulnerable victims, and investing in the federal cybersecurity workforce and the agencies responsible for protecting critical infrastructure. The proposed budget cuts discussed in the interview represent a step in the wrong direction, potentially leaving the nation more vulnerable to the very threats that are already causing orders of magnitude more damage than state-backed operations for the average American business.

The path forward involves a clear-eyed assessment of the threat landscape, a commitment to robust funding for cybersecurity initiatives, and a recognition that defending against cybercrime is a shared responsibility requiring close collaboration between government and the private sector. Only then can the US hope to build a truly resilient digital future.