Future cyber attacks 'could be deadlier than wars'

Shutting down utilities or taking over connected cars can cause more chaos than bombs and missiles, says chief of world's biggest private cyber security company

Hackers can potentially take over self-driving cars, causing them to crash into each other, other objects and people, an expert has said. EPA
Powered by automated translation

Future cyber attacks could be deadlier than actual wars if rogue elements in the digital underworld take aim at critical infrastructure and connected devices, the chief executive of the world's biggest private cyber security company, Forcepoint, has said.

Shutting down important entities such as utilities or taking over connected cars are among the possible scenarios cyber criminals can exploit, should they decide to engage in digital warfare in the future, Manny Rivelo told The National in an interview.

“As the world becomes much more connected, the vulnerabilities grow. A war in the future doesn’t have to be bombs or missiles; it could be shutting down [the] electrical power grid of a country in the middle of winter or shutting down the capabilities of having clean water,” he said.

“These are as severe, potentially, even more severe, you could argue, because they can completely shut down environments.”

The dangers of turning technology into a weapon have been flagged in the past, and these can potentially cause harm to humans or kill them by 2025, research firm Gartner said earlier this year.

“Cars are now more computer or chip-driven, and they are all connected to a network. Attackers could be misdirecting cars or autonomous vehicles to crash into each other,” Mr Rivelo said.

Organisations are investing up to a fifth of their budgets in cyber security, and most of them are those with highly sensitive data, including government agencies, he said.

Mr Rivelo suggested that these entities adopt a zero-trust approach, wherein it is always assumed that there is a threat and any access request needs to be verified.

“There are certain industries more susceptible to cyber attacks than others. A larger, high-risk firm will on the higher end of that because they are just a bigger target,” he said.

In a report released last week, Moody's Investors Service said about $22 trillion in collective rated debt associated with more than 70 global rating sectors had high or very high exposure to cyber risks in 2022, with critical infrastructure experiencing the highest risk.

Metaverse could be a playground for social engineering attacks

The growing sophistication of cyber attacks is undoubtedly expected in the metaverse, the emerging technology in which users interact using digital representations of themselves in a fully simulated environment.

One element that could exploit user vulnerabilities involves social engineering attacks, or the method of coercing users to divulge their private information.

Mr Rivelo, who has described his experience in the metaverse as “much more immersive” compared with other virtual environments, sees these attacks as “interesting” in that realm.

“We shouldn’t be afraid of the metaverse; it will unleash new ways of doing of commerce and interacting. But we should be cautious of how to protect ourselves,” he said.

It may be difficult to predict what threats will be prevalent in the metaverse. However, Mr Rivelo is confident that the cyber security industry will keep in step or even anticipate these to protect users, and the entire ecosystem as well.

“As we go down that path, those threats will begin to emerge, which will not be only social engineering but potentially technology threats. You will see solutions for that.”

Middle East in 'tier 2' for cyber security innovation

In terms of adopting cyber security innovation and adoption, Mr Rivelo ranks the Middle East as being in “tier 2", which is behind advanced economies in Europe and Asia, that have a big adoption rate.

A war in the future doesn’t have to be bombs or missiles; it could be shutting down [the] electrical power grid of a country in the middle of winter or shutting down the capabilities of having clean water
Manny Rivelo, chief executive of Forcepoint

The UAE and Saudi Arabia are in tier-2, while nations in Africa and Latin America are in tier 3, he said.

However, he acknowledged that there is a “long way to go” for Middle East countries to catch up, but the “desire” and need are there, given the growing use of data in the region, resulting in the need for more robust cyber security services.

“Dubai and the UAE are ahead of other parts of the Middle East but definitely not as far along, compared to North America,” Mr Rivelo said.

A silver lining for the Middle East and Africa is that these regions had the lowest number of ransomware attacks in 2021, according to a recent report by cyber security company Group-IB.

“It comes with time and experience. There is opportunity to move much quicker in the Middle East, because they can start on a clean state with best practices that are known,” Mr Rivelo said.

Updated: October 06, 2022, 4:56 AM