CIOInsider India Magazine

The morning of 17th September 2024 began just like any other day in Lebanon. However, things took a drastic turn in the afternoon. At around 3.30 PM local time, chaos struck when the Pagers used by the operatives of Hezbollah, a Lebanese Shia Islamist political party and paramilitary group, started exploding without any visible external interventions many of these operatives were in Supermarkets, driving, having their lunch or even relaxing at home. The panic filled the air when the news spread that it was an Israeli attack nicknamed Operation Grim Beeper.

Traditionally, hacking is a term associated with cyber-attacks or, in general, software programs or digital data. No one really foresaw that a variant of it could be used to take over a device like a Pager and make it explode, especially since they use radio signals for communication. Then, more details about the attack came in, and the experts started to opine that the incident was a result of a carefully planned and interference. Israeli agencies probably installed small explosive elements inside the pagers before delivering them to Hezbollah,and then all remotely triggered simultaneously, possibly with a radio signal. Nevertheless, that day, the way electronic devices were perceived changed forever.

A Comprehensive Cyber-Physical Systems Ecosystem

The majority of the connected electronic devices we use today as part of our daily activities are, in fact, Cyber-Physical Systems (CPS). Lend your ears to Venkatesh Sai, Founder & Technical Director, Zuppa, one of India’s leading drone companies. He says, “Cyber-physical systems are engineered systems that combine physical components with computation, sensing, control, and networking. Hence, it is critical to understand the core elements of a CPS to understand and map the vulnerabilities of the electronics we use daily.” Venkatesh adds, “At the very core of every electronic device that is connected or otherwise lies its motherboard, around which its CPS is built. The Software/Code elements of the CPS are where its vulnerability lies.”

If pagers can be compromised, in the case of dual use technologies like Drones, the risk factor is on a whole different level unlike pagers, which are mobile vehicles capable of carrying significantly larger explosive payloads. Interestingly, Pagers and Drones have the same vulnerable code layers.

This is precisely where India enters high risk territory. Venkatesh explains, “The cybersecurity vulnerability caused by Chinese origin electronics was further compounded by the discovery of rampant use of Chinese components in the so-called “Made-In-India” drones supplied to the Army by leading Indian Drone OEMs.

This discovery led to the Army suspending deliveries against all orders and working on a frame work to ensure the Cybersecurity of all defense drones.”

The government's urgency in addressing the Cyber vulnerabilities of drones, both in the Civil and Defence domains, is a key requirement from the country's National Security perspective, given the current geopolitical landscape.

Woes of the Glassrooms

As cyber attackers widen their horizons, the government and commoners are not the only groups in panic waters. With the increasing demand for work-from-home work or hybrid work culture, the cyber security challenges of the business world have multiplied. According to a recent study, 12.7 percent of full-time office employees in India work from home, while 28.2 percent have adopted a hybrid working model.

While adjusting operations to the work-from home model itself produces significant challenges, the constant need to enhance the customer experience by leveraging the dynamically transforming technology landscape increases cyber threats. The rapid growth of the internet, cloud, and IT industry was a positive outcome of the pandemic, but cyber attackers exploited this opportunity, and the results were disastrous.

The Threat Landscape in 2025

The IDC predicts that global security spending will grow from $219 billion this year to almost $300 billion in 2026. It is obvious that, no matter how big or small your business is, you always face the threat of cyberattacks. Business leaders need proactive cybersecurity experts to create a more secure environment and ensure intact operations by hiring cybersecurity experts.

Evaa Saiwal, Head of Cyber Insurance, Policybazaar, echoes, “While preventing cyber attacks entirely may be unrealistic, companies can minimize their likelihood and impact through proactive measures. This includes investing in cutting-edge cybersecurity technologies, such as advanced threat detection and response systems. Regularly updating and patching software, conducting vulnerability assessments, and implementing stringent access controls are also critical.” Above all, fostering a culture of cyber security awareness among employees and continuously educating them about the latest threats can help reduce the risk of breaches that could lead to out ages.

Minimizing the Impact and Recovering Quickly

One of the most important aspects of a cyber defense strategy is minimizing the impact of outages and recovering quickly. Businesses must deploy an ideal combination of technical and non-technical controls. Technical controls majorly imply having redundant systems, automated fail-over mechanisms, and comprehensive data backup solutions. Non-technical controls are largely about developing and maintaining detailed incident response plans, conducting regular training and simulations, and establishing clear communication protocols. Ensuring that there is a dedicated team responsible for crisis management and that all employees know their roles during an outage is essential for a swift recovery.

Just like the old adage, “Hope for the best and be prepared for the worst”.