Podcast Summary: Smart Women, Smart Power
Episode Title: The Weaponization of Data
Host: Dr. Kathleen McInnis, CSIS
Guest: Pavlina Pavlova, ShareThemikEnCyber Fellow, New America Foundation, and Cybercrime Expert, United Nations Office of Drugs and Crime
Release Date: January 31, 2025
Episode Overview
In this insightful episode, Dr. Kathleen McInnis speaks with Pavlina Pavlova about the growing weaponization of data—particularly how cyber threats and data breaches disproportionately impact women. Drawing on Pavlova’s recent research and professional experiences in cybersecurity and international policy, the discussion dives deep into gendered data harms, illustrative real-world incidents, and policy responses needed to protect vulnerable populations.
Key Discussion Points and Insights
Pavlina Pavlova’s Background and Path to Cybersecurity
- Pavlina describes being shaped by political transformation in Slovakia during her youth, which inspired her interest in international relations and the rule of law.
"Growing up I was very much influenced by political shifts in my home country, Slovakia...I just saw how much depends on the rule of law, on strong democratic institutions." (01:21)
- Her professional journey led her from studying geopolitics in Prague and Leuven to opportunities at the European Parliament, where she engaged with legislation on network and information security.
- Entry was via internships, then progressed into more substantial roles. (02:53)
The Weaponization of Data: Gendered Harm Online
- Pavlova’s research, “Gender Impacts Data Weaponization,” exposed alarming trends, including the rise of sexualized deepfakes and online gendered attacks.
"These threats are very much connected. They are connected to data breaches. They are connected to a set of online but also offline contextual threats." (03:36)
- She underscores the problem’s scale: attacks on women aren’t incidental but structurally embedded in both targeted data breaches and disinformation campaigns.
Four Factors of Gendered Data Harm
- Pavlova outlines a framework for understanding gendered online harm, highlighting attacks that exploit:
- Gender-specific data
- Healthcare sector data
- Contextual vulnerabilities stemming from online/offline intersection
- The compounding effects of marginalization
(05:06–05:38)
- The healthcare sector is especially vulnerable, with women’s medical data (such as reproductive health records) often exploited for targeted shaming or blackmail.
Case Study: Medibank Data Breach (Australia, 2022)
- Pavlova details the "emblematic" Medibank breach by the REvil ransomware group, which leaked customer data, including abortion-related medical information, after ransom demands were unmet.
“A spreadsheet listing patients personal information alongside billing codes related to pregnancy terminations... calling it the naughty list.” (07:07)
- She highlights how these gendered breaches have devastating consequences for privacy, wellbeing, and access to services—especially in politically sensitive contexts. (08:00)
Gendered Disinformation & Deepfakes as Foreign Interference Tools
- Gendered attacks are systematically used to undermine women’s participation in public life, politics, and journalism.
“Gender disinformation is a tool in the toolkit of foreign actors who try to disrupt elections and democratic institutions at large.” (08:17)
- Examples include sexualized deepfakes and orchestrated misogynist campaigns, which create psychological harm and drive women out of public spaces, worsening gender inequality both online and offline.
Policy Recommendations & Gaps
- Pavlova identifies a lack of data and recognition as the starting point for effective policy.
"It starts from the evidence. It starts in believing that this issue is important." (10:34)
- She urges governments to:
- Explicitly acknowledge gendered cyber harm
- Invest in research and data collection
- Empower impacted populations through testimony and lived experience
- Develop methodologies to quantify harm and inform prevention strategies
(10:34–12:16)
- Without this, cyber threats remain minimized as “annoyances” rather than tangible harm to individuals and national security.
What Individuals Can Do
- Practical cybersecurity tips for individuals:
- Data minimization—be judicious in sharing personal information online
- Adjust platform settings, especially location data
- Enable multi-factor authentication
- Stay vigilant about phishing and always patch devices/software (12:24)
- But, Pavlova emphasizes the limits of individual action given systemic vulnerabilities—e.g., mandatory data disclosure to hospitals, which can then be breached through no fault of the individual.
“So much of this harm is outside of our realm of protection… so it's not just about our accounts and our digital security; it's about more systematic security in the systems and how they process data." (13:45)
Gender and Motivation in Research
- Being a woman in the field heightened Pavlova’s resolve and sensitivity to these issues. She notes broadening support from men and women in cybersecurity to address gendered digital threats.
"It may start with women as the drivers for these issues, but it luckily does not stay with them." (14:54–15:52)
Defining Power
- On the meaning of “power”:
"Power must be the ultimate catalyst. It means absolutely nothing without the action we use it for... Smart Power is so important. It's a call to use our power to our best ability and for wise impact." (16:08)
Notable Quotes & Memorable Moments
- On systemic impacts:
“When it comes specifically to exploiting medical records, it can be sensitive for women because of gender specific information.” (06:18)
- On weaponized gender disinformation:
“We are creating not only unsafe online spaces, but also unsafe offline spaces where women and their family members are threatened this way.” (09:48)
- On accountability:
"There is still very little accountability if such, for example, data breaches happen. And also where to seek help, while it's improving the capacity for e.g. law enforcement to investigate and prosecute such crimes remains limited." (14:10)
Key Timestamps
- Pavlova’s origin story (01:21)
- Discussion of data weaponization and marginalized groups (03:36)
- Gendered harm: four factors explained (05:06–05:38)
- Medibank case study (07:07–08:00)
- Gendered disinformation and democracy (08:17–10:07)
- Policy recommendations (10:34–12:16)
- Cybersecurity tips for individuals (12:24–13:45)
- Gender’s role in research motivation (14:54–15:52)
- Definition of power (16:08)
Tone and Language
The conversation is direct, analytical, and empathetic, with both speakers emphasizing the urgency and real-world stakes of digital gender-based harms. The language is accessible, occasionally sobering—particularly when recounting case studies—but ultimately optimistic about the power of evidence, advocacy, and collective change.
Summary Takeaway
This episode underscores the urgent need to recognize and address the weaponization of data as a gendered security threat. Pavlina Pavlova’s research highlights that cyber incidents are not merely technical issues, but are increasingly leveraged to intimidate, silence, and harm women specifically—both in online and offline spheres. Addressing these challenges requires collective acknowledgment, more robust evidence, and action at both systemic and individual levels.