Is Iran’s Cyber War Already Hitting Global Business?

**Tim Elliott** (0:00)
This is the Morning Drive at Mira Business FM. When we discuss regional geopolitical flashpoints, like the ongoing friction involving Iran and the vulnerabilities surrounding global logistics corridors, our minds immediately jump to physical assets, you know, oil tankers, shipping lanes, pump prices. But there is another completely different front line. Security experts are warning that rising tensions could increase the risk of cyber attacks on businesses, on critical infrastructure and on supply chains worldwide. Stephen Marriott, cybersecurity expert at Umbrella is back, this time to discuss the evolving threat landscape and what organizations should be doing to protect themselves. Stephen, good to have you back on the show.

**Stephen Marriott** (0:53)
Morning Tim, thanks for having me back.

**Tim Elliott** (0:55)
So welcome to the Morning Drive. Top cybersecurity agencies, Umbrella included, are issuing urgent advisories. The rising physical tensions are highly likely to trigger a severe wave of asymmetric cyber warfare. I've been reading your report.
Not just attacks on government servers, the threat landscape has shifted directly towards private commercial entities, critical infrastructure, global supply chains. So highly likely means it's happening, right?

**Stephen Marriott** (1:28)
Correct, yes. So if you look back to the start of the conflict, we definitely see an uptick in attacks. And even the UAE cyber security council was actually stating this as well. We've noticed this across the whole of the GCC.
Obviously, they are trying to focus on the likes of the government and the telcos, but it's affecting all businesses because they're looking at the contractors as well as other entry points. So sometimes this may be an easier way to access some forms of infrastructure, but it's affecting all industries across the GCC. So probably the ones they are focusing on mostly are likely in the UAE and Saudi Arabia.

**Tim Elliott** (2:15)
So we often treat cyber security as like an IT problem, Stephen. We've talked about this before, but right now, how closely linked is a military or a diplomatic escalation in the Middle East to a corporate or a cyber breach elsewhere, whether that's Europe or Asia or the Americas, wherever it might be.

**Stephen Marriott** (2:36)
Yeah. So if you look at what the threat actors are actually doing, they are actually linking themselves to military operations.
We see it recently with some of the attacks on some of the oil infrastructures in the UAE where there was actually drone attacks and also cyber attacks simultaneously. So they are aligning to this. They are also doing some of the physical, they're pulling back military details, they're pulling out other personnel details, which then been shared. And then this is having a global impact. So it's all to be a disruption operations, disruptions in consumer confidence. So it's not just that one focus on, say, like the governments, they are trying to disrupt other parts, even like the travel industry, oil and gas, obviously, people are noticing that, everything's getting more expensive. So these cyber attacks do affect everything else, not just that entity that they actually hit in.

**Tim Elliott** (3:40)
The thing about cyber operations, I guess, is that they are, they're low-cost, they're a deniable mechanism that you can use to exert pressure.
So you can really, you know, collateral damage is just inevitable for ordinary businesses. Potentially, it causes real pain. Just how significant is the cyber threat? If you could put this into some kind of context for us.

**Stephen Marriott** (4:09)
So if you know, we just come back from the Eid holidays. So that they use the Eid break as an opportunity as well. So you will see a lot of these threat actors posting on certain forums that they've done these data leakages or they've done some ransomware or that they managed to exfiltrate some data which they now want to sell off. But when we investigate some of these, you know, the confidence level is quite low.
The data set they have doesn't really reflect to what they've got. We see some issues with the language that's been used, whether it's in English or in Arabic as well. So, you know, it does require some follow up. Because they're trying to be very, use it as an opportunity either to do some reputational damage or to make some financial gain out of this by posting these types of compromises or data breaches, which may not actually be true.
It was a very good example recently with Hungry Station in Saudi Arabia. And they actually see this post being covered over social media. And they reacted very quickly. So, you know, that they explained, there hasn't been any breach, hasn't been any data leakage, that they have strong security controls in place. We are protecting customer data. So, you know, that they were being very transparent. But, you know, there are lots of these posts we're seeing, you know, covering across, like I said, the whole of the GCC, where they're trying to show that, or imply that there's some security leakages or weaknesses, which isn't always entirely true. You know, a lot of these, when we investigate, the confidence level is quite low. So it's not really a true reflection of what's actually happening. But the threat actors are trying to put that fear factor out there.