"As soon as there is an introduction of new technologies, there are also new cyber threats"
"As soon as there is an introduction of new technologies, there are also new cyber threats"
Demi Ben-Ari, co-founder and CTO of Panorays, was speaking in a panel he moderated at Calcalist's developer conference. According to data presented by Talya Gazit, CEO at PwC Digital Technology Services, a cyber attack costs organizations an average of $4.5 million
Cybersecurity panel
"As soon as there is an introduction of new technologies, there are also new cyber threats," said Demi Ben-Ari, co-founder and CTO at Panorays, in a panel he moderated as part of Calcalist's developer conference in collaboration with the Mamram and Ofek alumni associations.
"There are thousands of cyber products in the world and each company can purchase the amount it needs, but I send most of my emails from my iPhone, which has no edge protection or anything," said Matan Liberman, GM of Semperis in Israel. "The organization doesn't know it, the only thing it recognizes is my user and my identity within the organization. Today my identity within the organization has expanded, there are cloud apps, and there are mobile devices. The organization has become much more productive but also much more exposed." Therefore, according to him, it is necessary to map the risks before the attack, identify attacks and intercept them in order to minimize the damage as well as enable a recovery solution.
"If we once started from a world that was very simple, because there was a data center, agents and that's it, today people ask what a device is," said Shiri Ladelsky, Senior Director of Engineering at Armis Security. "This is a difficult question in itself, because it can be anything connected to the network or not connected to the network. Moreover, when we talk about an asset, it can be both the user who uses it and the application that ran on it. So the idea is to create the map of the assets in the organization, how they communicate with each other and also at what level."
"In the past if you asked the information security officer how many assets he has and then asked his people exactly the same question, everyone would give a different number - which is simply amazing," said Ben-Ari to illustrate the problem. "What's even more amazing is that after connecting Armis, you saw that neither answer was true," Ladelsky said.
One of the things that the insurance companies encourage in the cyber field is for the software companies to take responsibility for what they produce, explained Ayelet Kutner, CTO at At-Bay. "We all have cars. If we now had to follow a blog post from whoever made the brakes to know if a recall is happening we are unlikely to do so. So why is it legitimate that software is not automatically updated for two years and the customer is expected to deal with it themselves. So we as a cyber insurance company create incentives for companies to behave more correctly by offering a better premium. The better premium comes by using products that are up to date. It may not prevent all attacks, but it will at least make it more difficult for the attackers."
Talia Gazit, CEO at PwC Digital Technology Services and former head of Mamram, the Israeli Defense Forces’ (IDF) Center of Computing and Information Systems, said that according to PwC's research, a cyber attack costs organizations an average of $4.5 million. "We recently formulated a new methodology of how an organization deals with cyber threats," she said. "In our opinion, the method by which organizations currently carry out risk assessments is outdated. They usually look at some kind of checklist in relation to a certain standard, and from our point of view these lists deal with threats from the past.
"In order to deal with tomorrow's threats, we have developed a method that is partly carried out automatically by technological tools and partly carried out using solutions that we developed at PwC. We do a technological scan that is both external and internal, but it is from the eyes of the attacker. We tell the organization how the attacker sees the organization and the attack paths it has to enter and penetrate the significant assets within the organization. Then, we actually make the connection between the threats and the attack paths, the vectors by which the organization can be attacked, and make the organization focus its investments on them."
