The breach that doesn’t have to happen - and what real cyber warfare looks like

"The incident surrounding Bennett, regardless of the final conclusions of the security authorities, is an important reminder: cyber in 2025 is not about a single breach, but about an entire system of connections, decisions, and habits," writes Eran Barak, CEO and Co-Founder of MIND.

Eran Barak

13:53, 18.12.25

The public discussion around the claim that Naftali Bennett’s phone was breached focuses on a single question: was the device itself hacked or not. This is a legitimate question, but it also misses the bigger picture. From the perspective of someone who has spent more than two decades in the cyber world - from the days when information security was about servers and firewalls and mobile phones were not yet “smart,” to an era in which every individual is an infrastructure in their own right - this is almost beside the point.
The real story is not one phone or another, but a deep change in how cyberattacks are carried out and what they are trying to achieve.
1 View gallery 
Eran Barak. 
(Photo: Ohad Kab)
In the previous decade, cyberattacks were primarily about intrusion: gaining access, staying under the radar, and extracting information. Today, and certainly in our regional context, the objective is much broader. Not just to steal data, but to shape perception, create doubt, undermine trust, and exert public and political pressure. In that sense, even the very claim of a breach is part of the attack.
Groups like Handala do not operate in a vacuum. They are part of a state-regional ecosystem in which cyber is a strategic tool in every sense, much like intelligence, influence operations, or psychological warfare. Public exposure, timing, and the narrative that accompanies the publication are no less important than the technical question of whether there was a full breach or only partial access.
But there is also a deeper lesson here, one that is technological in nature.
The world has moved from a phase of “systems security” to a phase of “information security.” In the past, we could say where information resided: on an endpoint computer, a server, a data center, a closed system. Today, information is scattered across dozens of services, applications (some cloud-based), backups, devices, and accounts. It flows between private clouds, public clouds, personal phones, work computers, and third-party services. The boundaries have blurred, and traditional defenses have been left behind.
In such a reality, a breach can look like a perfectly legitimate connection. It is enough to find a single point of failure - a service that was not updated, an old device that was never decommissioned, or a permission granted years ago and forgotten. Today’s attackers do not “break down doors” - they enter through windows that are already open.
And this is true not only for public figures. In fact, most significant attacks are not necessarily aimed at a specific individual, but at an opportunity. Anyone who holds valuable information, whose data is connected to other systems, and who does not have a complete picture of where their information resides becomes a potential target.
Related articles:
Inside the alleged hack of Naftali Bennett: Telegram breach or phone compromise?
"We are able to understand what drives cancer. This changes the entire course of the disease"
From Nvidia’s vision to Google’s nuclear reactors: The elephant in the room of Israeli AI
From this follows a necessary shift in mindset: information security must be proactive, while reducing the possible attack surface. Even the most secure organizations in the world, and private users as well, need to assume that sensitive information is constantly exposed and at risk of leakage. The questions that must be asked are: do we know where sensitive information is at any given moment? Do we know how to identify information that is moving to a place it should not reach? And can we minimize damage before it turns into a public incident?
This is why, in recent years, the cyber world has been moving toward monitoring sensitive data itself - its context and its movement between different systems - rather than focusing solely on permissions and perimeters. Anyone who continues to think in terms of a “secure device” or a “closed system” is dealing with yesterday.
The incident surrounding Bennett, regardless of the final conclusions of the security authorities, is an important reminder: cyber in 2025 is not about a single breach, but about an entire system of connections, decisions, and habits. Those who understand this will be one step ahead of the attackers. Those who do not will continue to ask whether the phone was hacked, while the information has long since been in other hands.
Eran Barak is the CEO and Co-Founder of MIND.