Gartner: Cybercriminals Will Kill by 2025
Ready for a dose of cyber anxiety? By 2025, Gartner predicts that cyber attackers will weaponize operational technology environments to harm or kill humans.
In coming after OT – that is, hardware and software that monitors and controls equipment – attackers gain the ability to impede upon cyber-physical systems (CPS), according to Gartner. This is the evolution from attacks like that on the Colonial Pipeline – disruption is one thing, but with enough access, bad actors can impact the health and welfare of private individuals.
“In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft,” said Wam Voster, senior research director at Gartner. “Inquiries with Gartner clients reveal that organizations in asset-intensive industries like manufacturing, resources and utilities struggle to define appropriate control frameworks.”
Of course, in a world where money talks, Gartner cites the financial impact on CPS as greater than $50 billion by 2023. Gartner also anticipates CEOs becoming personally liable for incidents where individuals are harmed.
And while hospitals are often considered key targets for these types of attacks, its also worthwhile to consider other possibilities – for example, the thwarted attack on a Florida water treatment plant earlier this year. In this attack, a hacker attempted to increase the amount of sodium hydroxide (lye) in the supply of drinking water. While the attack was quickly caught before any harm occurred, this is one example of ways cyber criminals can hack into operational technology.
The Data Connectors Cybersecurity Community is a discussion on life-threatening cyber threats (LTTs) at the New England Virtual Cybersecurity Summit on August 18. The Summit will be hosting guest keynote speaker Menny Barzilay, who will be giving a presentation titled: “Cyber Kills.”
One of the biggest challenges, which Barzilay will discuss in his keynote, is that current industry standards don’t protect against these types of threats – in fact, they’re barely even discussed. However, they need to be incorporated into every organization’s risk management strategy. After all, these attacks (currently) rarely happen – even though they’re very possible.
Recent news posts
Your Weekly DHS/CISA Threat Assessment (September 14)
Assistant to the Special Agent in Charge at USSS-DHS Leads Keynote Presentation in Philadelphia
CISA Insights: Risk Considerations for Managed Service Provider Customers
Your Weekly DHS/CISA Threat Assessment (September 3)
CISA Alert: Ransomware Awareness for Holidays and Weekends
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.