"We're in an exciting time, with the highest ever rate of technological change. In addition to the advantages resulting from the technological revolution affecting all of us, the cyber attack sector is also rapidly developing. It's striking almost everywhere: the business sector, organizations, companies, countries, and private individuals."
The speaker is Bank Hapoalim (TASE: POLI) deputy CEO Eti Ben-Zeev, who is responsible for the bank's technology and computer division. She was addressing a panel at the third meeting of the Inspiration for Innovation series of meetings conducted by "Globes" and Bank Hapoalim for beginning entrepreneurs in order to supply them with a variety of tools important for their success. The panel dealing with cyberspace was held at the Bank Hapoalim digital branch in Ramat Hahayal, with the participation of senior executives Bank Hapoalim executives and managers of cyber companies that cooperate with the bank.
Ben-Zeev described the key role played by cyber attacks in today's criminal world, noting, "Cyber attacks are already in second place in global economic crime, and are afflicting 35% of companies. A cyber attack can yield the attackers enormous profits. For example, ransomware attacks alone are projected to amount to $1 billion by the end of the year. The attackers are becoming more sophisticated, and are learning to organize and deal with the constantly developing defensive capabilities facing them. They are no longer isolated hackers; they are well-established organizations with substantial cooperation between the hacker networks and countries. The attack tools are becoming increasingly sophisticated"
Ben-Zeev also described how the bank was dealing with cyber threats, saying, "The current era features constant suspicion and improvements. In order to enable the bank to make technological progress, we are treating cyberspace as a strategic matter of supreme importance. In order to protect the bank and its customers, we invest in suspicion, the world's most advanced defensive systems, cooperation with the providers of the best solutions, and innovative and breakthrough startups.
"We have set up an innovation laboratory, in which we test the effectiveness of the advanced solutions against the new cyber threats. We carefully examine companies and people we believe have potential, and are creating a partnership that is generating a win-win environment - we supply the companies with expertise and organizational know-how, and get from them better and more advanced products. The goal of all this is to always stay several steps ahead of the attackers in order to protect the bank and its customers."
450 startups
Firmitas Cyber Solutions founder and president Rami Efrati, who previously headed the Prime Minister's Office civilian National Cyber Bureau, said, "A lot of technology is needed in the fintech sector, and one of the sectors that realized that it had to take care of itself was the banks. Bank Hapoalim has identified over 450 cyber startups looking for a place to test their system, and has opened its doors to them. Today, it serves as an incubator for a great many companies in the sector. For the companies, if a company shows that it is working with the bank, it means that it must be working well, and that is extremely important for that company in marketing its business throughout the world."
The panelists were asked to comment on the customer's share and the human mistakes he makes in cyber attacks. Bank Hapoalim chief information security officer Tzahi Strauss said, "The Achilles heel is the human factor, and the attacker will try many times to attack through innocent users. We are therefore taking measures to educate customers and giving them advice about awareness. In addition to increasing awareness among the customers, we're creating a user profile for each of them. Any deviation from this profile is a red flat, and we have the technology to know whether the transaction was conducted by the real user, or by somebody else."
Efrati added, "The bank knows that the customer is not always aware of the problems in using a telephone and a computer. Therefore, when the bank is able to spot non-genuine use of data, it is capable of protecting its customers."
ReSec Technologies cofounder and CEO Dotan Bar Noy said, "The customers are unaware of the current threats, and regard the bank as the responsible party. Therefore, even if the customer's password for entering his account was easy to figure out, for example the name of his dog appearing on Facebook, the bank is still responsible for information security. Anybody who understands this sector will not connect to his bank account from Times Square, but for the companies, we have to think of solutions that will guard the customers even if they don't understand this."
Cyber company owners and managers on the panel also spoke about how their cooperation with the bank contributed to their business.
Nyotron VP sales Amir Shemer said, "Success is people. The technology is important, but it's people that make the difference, and at our company, we have found a great deal of maturity and desire to succeed at the bank. As part of this, we also found a desire to let us succeed, and I can therefore say that the cooperation between us and the bank is terrific, and has led to great success."
Cymulate co-owner, cofounder, and CEO Eyal Wachsman added, "The bank examines you to the smallest detail, and your product has to prove itself and demonstrate value. Afterwards, when you go overseas and say that your system is working at the bank, it opens doors."
Bar Noy commented, "The test for companies operating in the sector is not the technology; it's making the technology into a growing business with sales. The bank is helping the companies cooperating with it on this point."
Efrati explained, "The great advantage is that if the company has passed the bank's selection system, and is working with the bank, it enables the company to improve its product. The cyber business is a very good business right now, and the bank is an expert at positioning the companies working with it in the right place."
Fow founder Itai Tevet added, "One of the important things in cooperation between entities is realizing what the customer needs at a very early stage of developing the company's product. Cooperation also helps in guidance, from technical things to a conceptually understanding of where the solution the company is offering can fit in."
A market of hundreds of billions of dollars
The panelists also addressed the state of the cyber industry in Israel and the future of the many companies that have joined the sector in recent years.
On this subject, Efrati said, "Cyber activity is not projected to end. The more connected we are to the computer, the greater the chance of a break-in. It's a huge market of hundreds of billions of dollars, and it's expected to continue growing. The cyber field is composed of a great many layers, so the figure of 450 companies operating in it here right now may sound like a bubble. The state, however, has realized that startups in this field have to be developed. It regards cyberspace as a key growth engine, and is willing to see 95% of them fail in the hope of creating companies like Check Point Software Technologies Ltd. (Nasdaq: CHKP) and CyberArk Software Inc.(Nasdaq:CYBR)."
The panelists also commented on how companies develop technologies. Bar Noy stated, "All the cyber companies think like the attacker, and that's how they solve existing problems. We're all thinking about problems and challenges that already exist, whether they are uncovered attack vectors or how the concern can continue functioning after a break-in has already occurred. That's actually how we solve problems."
Wachsman added, "As part of our work, we can conduct attacks in order to make sure that the systems designed to protect the organization do what they are supposed to do. In this way, the organization can toughen its systems, and get the most use out of them."
Efrati noted, "At my work, I first of all want to protect the concerns for which I'm working. The world's technologies are changing, and companies have to produce new technologies able to detect those changes quickly. The customer's astuteness in acquiring smart solutions for his organization consists of knowing to what extent the solution that he is acquiring makes other things unnecessary, and to what extent it is innovative from the lone hacker's perspective. Today's cyber threats don't come from a 13 year-old child; they are from much more serious organizations, whether they are a group of very smart people or countries."
Not all attacks are thefts
The panelists also spoke about the targets of cyber attacks, from stealing money to stealing information. Strauss explained, "Not all attacks are meant to steal money. In every case, however, the customer wants to feel that his bank is safe and is guarding his money, and he believes that the banks is doing everything it can to protect him. We therefore take every cyber event seriously, and our attitude is not affected by how much can be stolen from the customer, but by concern for safeguarding every account at the bank."
Efrati commented, "The Supervisor of Banks in Israel is both the regulator of the banks and the party responsible for cyberspace. Israel took note of the cyber threat many years ago, and the Bank of Israel is one of the safest entities in this respect. The financial sector is very important for Israel, and the banks share this feeling. If you look at the threats to the banks and the solutions for them, you can see that Israel is a global leader in several sectors. The level of professionalism with which Israel is addressing the cyber problem, beyond what every bank is doing by itself, is worthy of note."
Efrati continued, "It is by no means sure that Israel is taking a stricter attitude in coping with cyber threats than what they are doing in the US, but in any case, you can say that we're very strict in this matter here."
Bar Noy added, "We're surprised by the level of information security at relatively small banks in the US that we have met. The level there is no higher than at several small organizations operating in Israel."
The panelists also commented on the lack of personnel in the sector. Shemer said, "It is now more of a strategic problem to recruit people to work, with a battle for each employee. I don't think that we have reached a point at which we have to think about importing personnel, but it's a difficult problem for cyber companies. There are several difficult areas in the sector in which the problem is difficult and challenging, and it can halt the progress of some companies. Demands to develop products are coming in all the time, and companies have to respond to them quickly. The shortage of personnel is liable to have a negative impact on the pace of activity."
Tevet said, "In Israel, we're in a relatively good situation with respect to personnel, but we also have a very tough problem. You can see that Israel have a lot of personnel with training pertaining to cyber attacks, not cyber defense. Training and courses are now taking shape, and it's penetrating the high schools. We'll see a change in the coming years, but the process is just beginning."
Efrati also said, "There is a problem with this subject, because cyberspace is an elite profession that has to be studied. Ben Gurion University of the Negev, however, has had an MS cyber program for five years, Tel Aviv University has also made progress in this studies in the field, and the IDF Intelligence Corps has a project for seeking out young people in outlying areas to be taught cyber from age 16 by the best people. At the end of the process, they reach the army units, and are very successful."
Efrati continued, "The best things are happening in the IDF, which has become a center creating high-quality people, and the same is true for cyber. I hope that these people stay in the army as long as possible. What is interesting is that if the IDF finds the right way to give those people responsibility and projects, they will want to stay in the army and the government sector. That's great, because that way, they'll come to work in the business sector with the additional experience they have acquired. Other than the IDF, we also want those people to go to the universities, so that they will later become cyber teachers."
Published by Globes [online], Israel business news - www.globes-online.com - on November 9, 2016
© Copyright of Globes Publisher Itonut (1983) Ltd. 2016