Escalating cyber threats could involve sabotage and threaten civil safety
I’m going to briefly yank you back in time for a fast history. The new millennium was fast approaching, the big 2000, and at the time there was a big stink about total technological oblivion. It was called the Y2K bug. I only heard about it because, at the time, my elementary teachers mentioned it in passing.
The Y2K “bug” was the concept that once all clocks on all computers in the world simultaneously switched over to the new date, this would cause some insane, faulty bug which would end modern civilization as we know it. Apparently, computational technology was no match for a calendar date. Well good news, we made it.
I mention it because this “bug,” according to some, would have devastating results, like causing computers to explode. Scary stuff. Good thing that wasn’t real, it’d be awful if the cyber world could directly harm people.
“Garter estimates that in 2025, cyber attackers will have the means to directly harm people.”
Cyberattacks used for causing direct personal harm
Cybersecurity breaches absolutely impact people and businesses in a variety of ways. You might say “this ransomware attack cost my enterprise thousands, that was a weapon!” Well, apparently, threat actors have decided putting you in actual physical danger is the way to go.
Before I get ahead of myself, no, this isn’t to suggest hackers have found the magic switch to make your PC explode (or servers/other relevant devices). But hackers are finding ways to hack and tamper with mechanical devices and symptoms potentially leading to health hazards. The Colonial Pipeline attack put this concept in the spotlight, but it’s not the exception. Infrastructure attacks like Colonial have existed before.
How dangerous could it be?
Attackers, as Garter reports, are looking to target and weaponize Operational Technology environments. For instance, targeting the monitoring software/hardware which keeps water clean and safe for consumption. Though, as Garter says, the primary goal is to “disrupt industrial environments and operations” which eventually leads to direct physical harm. They also estimate the goal is to disrupt services and cause indirect sabotage to the production scale.
Because we’re running headfirst into a modernized work environment with a reliance on smart machines, AI, and RPA, threat actors will have a lot of targets to choose from.
It’s a costly affair, too!
It’s bad enough that cybersecurity costs are rocketing, due in no small part to growing breaches and the need for improved security infrastructure. But said costs are expected to take a sharp hike, as you have to take into account potential health-related costs.
Another problem is that infrastructure-based attacks are normalizing on the cybersecurity front. Doubly so, they’re not conducted by entire teams of experts. Rather, even the simplest breaching methods like spear phishing can be used to penetrate networks and deliver dangerous ransomware payloads.
It’s another angle that we have to keep in our periphery. During the new millennium, the idea of a malfunction causing direct harm to a person was laughable. Today though, it’s nearing a dangerous new reality.