"Protection must be thought about from the very first line of code"
Yifat Oron, Senior Managing Director of Blackstone Israel, added that "the machines that create the attacks are becoming automatic, and the machines that create the defense must also become automatic and much more agile and smart"
In recent years, and even more so since the outbreak of the Coronavirus pandemic, we have witnessed an increase in cyber attacks and in particular ransomware attacks that seek to steal data from organizations, steal money, or encrypt files in exchange for a ransom. In the panel "Automation in the Cyber Operation as a Key to Dealing with Threats" held yesterday at the 2022 Calcalist Cyber Conference, moderated by Calcalist journalist Omer Kabir, the four panelists - Yigal Unna, outgoing Director General of the of the National Cyber Directorate; Amitai Ratzon, CEO of Pentera; Yifat Oron, Senior Managing Director of Blackstone Israel; and Yevgeny Dibrov, CEO and co-founder at Armis Security – discussed the changes and challenges facing cybersecurity companies.
"Protection must be thought about from the very first line of code," Oron said. According to her, today there is a change in mindset when it comes to security of applications, according to which when developing a new application, one does not think about its protection at the end of development, but creates deep protection within the code. According to Oron, the world has changed from a world of periodic testing to a world of continuous testing: "We cannot assume that we can rest on our laurels."
Another challenge cited by Oron is the change in the technological means available to attackers: "The machines that create the attacks are becoming automatic and the machines that create the defense also need to become automatic and much more agile and smart." The result is a growing use of automation and artificial intelligence among cyber defense companies.
According to Unna, the increasing use of automation and artificial intelligence is due to the huge shortage of manpower in this field, with various studies talking about a shortage of about half a million workers in the field worldwide.
"There is more demand because the world is becoming more digital," he said. "We are much more dependent on this. We will never be able to meet the demand. Israel has extraordinary power in this field, but it is not utilized enough. The main difficulty in the field is training and manpower for teaching. The cyber teachers at schools completed their training 30 years before the term 'cyber' ever came into use."
Ratzon believes that there is a leakage of tools from the worlds of defenders to the worlds of attackers: "We know that groups that attack use automated tools that are reminiscent of the tools that defenders use."
According to Unna, "threats of the magnitude of countries add more weapons and especially more methods of action that are not always known, which are adopted very quickly in criminal organizations and by the less experienced attackers. Whenever there are conflicts and frictions in the world one sees more and more cyber in these conflicts. It's just a matter of time before we see the explosion in the more civil or classical criminal areas and that is where we absorb the most damage."
According to Dibrov, the main problem is that there are more and more assets that the organization needs to protect. Additionally, there are more areas within the organization, such as the cloud environment. IT and OT are interrelated so that an attack on one can actually disrupt everything else. This means that protecting only one asset is no longer effective and the solutions need to be more systemic.
"We currently protect 2 billion properties worldwide," Dibrov said. "An asset, whether it's MRIs, cloud or laptop - you need to know how to handle it and remove it from the boundaries of impact. We see a desire from our organizations to get a solution that knows how to cover a large amount of environments, a large amount of problems and not just tactical solutions. One simply cannot fight a battle with 20 different solutions for problems in every region and in every field."
The many changes in challenges force the various companies to change patterns of behavior as well. One of them, according to Unna, is proactivity: "The intention is not to wait for the attack to meet the harm points you have in the products in the organization. You need to be proactive to identify where you can be harmed in time before the attack occurs and produce it in the supply chain even before it hits the walls of the organization. "
Another change that was cited is the seriousness of the companies regarding cyber threats. According to Ratzon, "if 3-5 years ago we would see customers at the level of small and medium-sized organizations who thought that cyber attacks and information theft were mainly a problem of banks and large insurance companies, today we see a lot of small and medium-sized organizations experiencing this. There is no longer a need to explain why it is important to map out your assets or check non-stop. Awareness has risen. Companies today are less involved in market education and there is already the understanding that did not exist three years ago."