I believe that the cyber
risks are always grossly underestimated or trivialized. Over the last few years
due to the rapid digitization of businesses, there has been a growing spate of
cyber-attacks the world over. New start-ups offer a panacea
of digitized solutions through cloud platforms. With limited budgets and a
focus on perfecting their business model, companies need to navigate the tradeoff
between the portions of their financial capital that goes into product security
as against growing the business.
The next phase of
digital evolution is themed “connected” – connected cars, connected homes, and
connected humans (with intelligent body parts like wireless enabled pacemakers).
As businesses race to bring new connected products or to make intelligent
existing products using internet enabled sensors, wireless, cloud management
and mobile apps, they still seem to not realize the criticality of fool
proofing these systems against cyber threats.
The risks have now
extended beyond purely financial and reputation losses to threats which affect
human lives. As the world digitizes,
cyber threats that damage property, cause physical harm and even kill will materialize
at a scale that is virtually impossible to contain.
An early indication is
the recent recall of 1.4m vehicles by Fiat Chrysler Automobiles, the world's
seventh largest automaker, to fix a vulnerability that allowed hackers to use
the cellular network to electronically control vital functions.
Functions, which when manipulated could shut the engine down while it
was being driven down the highway, take control of the steering wheel and disable
the brakes. Similar threats would materialize if hackers were able to find
flaws in a wireless pacemakers or other such devices.
The core issue is twofold. Firstly as the connected world
becomes individualized, malicious hackers would find and exploit flaws in products used
by individuals or organizations they target. Remotely engineered assassinations may
just become a reality.
The second and more dangerous consequence, is of terrorist organizations
utilizing vulnerabilities that affect products used by many, cars for example,
to launch mass attacks which would instantly cause more damage and widespread chaos,
than detonating explosives. Such remote attacks from the Internet will bypass
all conventional border security measures.
In a digitized world, cybersecurity and safety become
intrinsically linked and as new standards slowly evolve, an immediate concerted attempt must be
made by companies to build secure products to protect naïve cyber citizens against
all sort of risks.
For a cybercitizen, security should be under the hood, so
as to speak. Cybercitizens are unable to determine the extent to which
these products are safe to use. Besides building safe products, systems to
securely and instantly plug vulnerabilities will need to be perfected.