“Cyber Security is a Continuous Race”

Yosi Aviram, the Director of International Cooperation Strategy and International Cooperation in Israel, speaks to Arabian Reseller about the IT security threat landscape in the region

How has the security threat landscape evolved over the past few months?
As the National Cyber Directorate, we operate a national call center in our cyber capital Beer-Sheva. The center operates 24\7 and not only provides a service to the market but also acts as a sensor to better understand what is going on in the Israeli cybersphere. The past twelve months have been very challenging, as the entire economy switched, in an instant, to life online.

Day-to-day activities suddenly moved online, such as; studying, working, and socialising, and that trend obviously increased the attack surface tremendously. As our Director-General, Yigal Unna, says: “This is heaven for hackers”. And indeed, our national Computer Emergency Response Team (CERT) which handles cyber incidents in the civilian cybersphere dealt with an increase of 50 percent more attacks.

The growing interest in everything related to COVID-19 has made it easier for cybercriminals to penetrate using phishing attacks. People were more likely to click on unknown links, for example. We have noticed a global increase in cyber-attacks, however, interestingly, there was no leap in sophistication. Hackers were mostly using existing methods only on a larger scale, using new vectors.

A very troubling trend that we have recently seen is the Supply Chain Attacks, meaning adversaries trying to penetrate a vast number of organizations via common suppliers. Another point of concern is the attacks on utility systems, using cyber means to physically damage systems. We have seen attempts to attack civilian systems, like water, and that is an alarm signal to societies at large.

What sort of security challenges are people facing when working from home and how is your company equipped to handle those challenges?
Well, the pandemic has forced people to work from home, and actually do everything from home, like shop more, study, and engage with new government services, for example, claiming social security allowances online. Many workplaces have adapted to the need and allowed for remote working, but this came with a challenge, as home routers are usually not secure enough, especially when left with default passwords.

This leaves data vulnerable and could serve as a potential attack vector, plus IT systems are not always configured to secure remote access to the sensitive systems and data at work. Some employees were using their own private devices for work and those devices were not necessarily secured properly. The Israel National Cyber Directorate (INCD) came out with domestic and international webinars, explaining the risks and providing guidance on how to secure systems on both ends, at home, and at work. We see that the internet service providers are responding as well, providing cybersecurity services to their customers and that is a good sign that all players are responding to the change.

How has ransomware evolved during the pandemic period and what are you doing to tackle the problem?
We did see a change in ransomware attacks, becoming more challenging and more sophisticated. Vaccination laboratories, health organizations, and hospitals around the world were targeted during the pandemic. Attack groups are using different methods to press victims to pay, using social media and pressing indirectly on boards of directors to pay. Attackers were using double extortion, meaning not only asking victims to pay ransom for their encrypted data, but also threatening that if the victims don’t pay,
they would publish their data online, thus risking their reputation.

The INCD has established a national task force to fight ransomware because we believe that if we put our minds to it, we can make life harder for attackers. If we bring together government agencies, private intelligence companies, law enforcement, and cyber agencies we can provide mitigation and even prevent attacks. The INCD is issuing recommendations on how to avoid and be better prepared for attacks.

Currently, we are working on a playbook for businesses to execute while being attacked. Today, many of the victims don’t share with the government the fact that they were attacked. Private companies which provide services of negotiation to victims might not share knowledge with other companies nor with cyber agencies. We think that there is room for efficient information sharing for the benefit of all users.

How can companies overcome digital security and privacy challenges?
Cybersecurity is a continuous race. If you don’t swim fast enough, you are left behind. So firstly, I’d suggest top leaders be more aware of the risks and manage them. Secondly, there is a need to invest more in cybersecurity. We as a government agency recommend allocating 8 percent of your business’s IT budget to security, as a start. Obviously, this is a general number.

We have seen many big companies which have invested enough in cybersecurity have been damaged much less severe than those that haven’t. Cybersecurity measures should be put in place during the implementation process of new systems, not just as add-ons. So, if companies are looking for new IT systems, they should consider the most secure and adaptive architecture with embedded cybersecurity, what is called “secure by design”.

Another important element is to know your suppliers. You may be a well-secured company but you are as strong as your weakest link, so if you rely on and engage suppliers which are not protected themselves, they could serve as an attack vector, as we have recently witnessed with the Solar Wind attack and other cases. The INCD has developed a model for suppliers -increased -cyber -hygiene. It involves a simple and user-friendly app, where suppliers and customers meet to settle their cybersecurity demands.

It is a novel approach as cyber standards are hard to read and harder to implement. This app provides explanations, allows you to attach evidence, not just declarations, so customers can choose safer suppliers. If this model would go global, we would all be in a much better place, facilitating international commerce and building trust. The INCD is collaborating with the WEF and the Dubai Electronic Security Agency which is leading this issue. Another point to consider while managing risks is insurance. We have seen that often enough, customers are not aware of this option to mitigate the residual risk, or are not aware of the limits of their coverage.

Do you believe companies today have accelerated their digital transformation initiatives?
Of course, we do see companies investing in digital transformation, however, not all are allocating enough budget to cybersecurity. We also see governments investing a lot in digital transformation, trying to meet the demand for online services because of the pandemic. Some of these applications were done in haste. There is no doubt that the COVID-19 pandemic has accelerated life online in many ways, it was like a leap forward in terms of volume, but we now need to be more agile and ready for change. As economies are implementing 5G communication systems, consideration should be given to cybersecurity, as these systems may hold uncharted vulnerabilities.

What are the cybersecurity trends for 2021?
Well, we are already in mid-2021, and we are seeing more cybersecurity trends emerging. Ransomware, supply chain and sophisticated phishing, smishing (phishing by text), and Vishing (voice phishing) are all on the increase. If we look forward, though it may be too soon to say, we could expect more people and more businesses to go back to their “new normal”, once vaccination plans are successful.

Those changes are challenging as well. As people go back to working from the office, IT managers and CISOs need to get ready for that, and reconfigure systems, updating privileges, updating workers’ lists, etc. Situational awareness and agility are the keys. Many companies have suspended employees, including their IT personnel to reduce costs. Some systems were left unattended and it is time to double-check, re-map assets, and reassess the risks.

In the coming years, we will probably see more usage of AI technology, both to secure and to make things more efficient but also to attack and do harm. Another future challenge is privacy. The pandemic has caused many to place their biometric data online, participating in VCs, Sharing their documents, photos, and voices. It would be advisable to delete unnecessary information

What are the key factors to consider to make sure the digital economies of today are secured?
Well, there is a lot to do in many aspects. I think we should look at it as a 360-degree solution, starting from awareness and education from top-level c-suite executives to the citizen at home, going through investing in state-of-the-art solutions, and constantly updating. INCD believes in the multi-stakeholder approach, meaning everybody has a 100 percent responsibility, and there should be a close collaboration between the private sector, the Government, and the academy.

We should all look at cyber not just as a challenge or threat but also as an opportunity. The Israeli Cyber industry is very developed and demonstrates innovative high-end solutions for critical infrastructures, ICS systems, and IT systems. I can say with pride the cyber investment in Israel is rapidly increasing and constitutes more than one-third of the global investments in cyber, so the numbers speak for themselves.

Another factor is collaboration and efficient information sharing. This challenge cannot be met working alone. Like-minded countries need to work together and share relevant information effectively and I am happy to point out that our collaboration with the UAE on cybersecurity is flourishing. The Israeli CERT is sharing information with more than 90 CERTs and organizations, both national, international, and private.

I like to mention a saying from a cult movie we had here, called “Operation Grandma”. The swim team coach shares a tip on how to win a 100-meter swim race: “You jump and start swimming as fast as you can, and slowly you increase your speed…”. If you haven’t started, this is a good time to take the plunge and increase your speed.

Show More

Chris Fernando

Chris N. Fernando is an experienced media professional with over two decades of journalistic experience. He is the Editor of Arabian Reseller magazine, the authoritative guide to the regional IT industry. Follow him on Twitter (@chris508) and Instagram (@chris2508).

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button