The members of the cyber security panel at the Journey conference conducted by the EY (Ernst & Young) consultant and accountants firm and "Globes" unanimously agreed: network security managers in enterprises are helpless in the face of the volume of threats that they must cope with, while at the same time having to operate and maintain too many security systems for all the different types of threats.
With the integration of technology in our lives, we are becoming more and more dependent on it, and our personal information is becoming exposed on various platforms. Many financial services, including telecom, insurance, shopping, and others, now constitute a perfect target for cyber attacks.
Like many other countries, Israel is taking substantial measures to defend its cyberspace, and cybersecurity continues to play a key role in the ecosystem of Israeli high tech, regarded as one of the world's leaders.
The impressive price tags for the recent mergers and acquisitions in this sector will continue to be justified in the coming years, while development of the technologies continues at a rapid pace in tandem with the need for protection against existing threats. Nadav Aleh, who leads EY (Ernst & Young) Israel's Tel Aviv Advanced Security Center, moderated the panel.
Check Point Software Technologies Ltd. (Nasdaq: CHKP) cofounder and chairman Marius Nacht said, "Everything is becoming digital, and cyber security needs to be addressed at the national level, because as we now see, if we don't protect our important assets, it means that North Korea and Iran will get into Harvard and steal very important assets. Then you'll see very quickly hostile countries competing with the US and Israel."
Nacht added, "Network security people are between the hammer and the sickle. Hackers and people conducting economic espionage have a lot of resources, and even if they get caught, no one will do anything to them. The security people are in the middle. Enterprises are installing a large number of technologies that greatly expose them to break-ins. The main threats are a broad range of technologies and operating systems and products that the enterprise uses.
"Enterprises are pushing technologies into the infrastructure, while at the same time expecting security people to handle it. Enterprises are using a great many defense technologies - too many. I talked to a security manager who told me about thousands of attempted penetrations an hour. At some point, the security man loses his enthusiasm for searching for each penetration. He lacks the ability to cope with all the products put into the system. I've seen security personnel unable to cope with thousands of security events a day. Even in real events, they lack the resources for dealing with this.
"I invest in startups, and I see how hard it is for those cyber security companies to assimilate solutions in the framework of pilots just in order to demonstrate to the enterprises that they have a problem, and they can solve it. My recommendation is to try to integrate your product with the platform. Even insurance companies are looking for a silver bullet. We're all searching for an architecture that will enable security personnel to control all the products in the security system, without making it even more complicated. Think about mobile devices, tablets, IoT, web services, DevOps, and all the other technologies that are so vulnerable – for the enterprise security officer, they need an architect to help them install all the solutions in good order."
Jennifer Archie, a partner in the Latham & Watkins law firm, emphasizes how important it is to involve lawyers and regulation specialists in the initial stages of developing a product in order to avoid future mistakes. She says that there is broad regulation that international institutions are trying to turn into a standard, and cyber security companies that do not meet the requirements will simply be unable to sell their products.
Brig. Gen. (res.) Daniel Baran, a cyber security specialist, said, "We're living in Catch 22. We want to put as many standards and technologies as possible into use. On the other hand, these technologies are exposed. It has always been that way. The main question is how to ensure that those hackers are unable to utilize the weaknesses of the new products. We're at a point at which cyber security is a very broad problem, and cyber security personnel are not the only ones who have to deal with it. Our leadership should realize this, including on the government level. Open code can create major damage for organizations. It's not just a matter of consolidation; it’s a broad concept on a national level. It will be impossible to fix all the weaknesses. Another thing is that more and more organizations are having trouble protecting themselves, due to the costs involved. Key intersections in a network are exposed, and those who are responsible for those intersections are not inspecting them."
Cynet founder and CEO Eyal Gruner said, "There are many new products entering the organization and the network, including television. Today, the main problem is the endpoint. Today, someone who wants to penetrate a network sends an e-mail or a link, and someone from the organization opens it, and it's all over. If they think about the future, there is the cloud, to which organizations are switching. In the future, all the attacks will go to the cloud. There are too many solutions in a network. They complicate work in an organization. So if I were a startup, I would do something very specific. But the real solution is to create one platform that the security people can manage easily. That's the solution, and so consolidation in the industry is a must."
"Organizations need means of monitoring and predicting the attacks from all angles. Installing and maintaining the comprehensive solutions will be very difficult, so there has to be consolidation. For the organization, it's very difficult to protect itself and install solutions; it's very complicated."
Triventures founding and managing partner Peter Fitzgerald has warned of threats to health organizations, such hospitals, and medical institutions. He emphasized that the sector was in need of an enhanced level of security. This is also related to the demands of insurance companies in the US, which are raising the threshold of their demands from hospitals.
In the discussion, Meitar, Liquornik, Geva, Leshem, Tal partner Itay Frishman said, "It is impossible to adapt all the solutions in an organization all of the time. There are cars, wearable products, and many more products and services, and it is impossible to make a firewall for each product. I think that this won't work, and there will be few examples of the contrary. The question is whether we will be in a situation in which we will have to find consolidations of technologies in order to provide a better security solution. Sometimes I have an excellent product, but no one to install it. Facebook and Google control their market, but we will also see this in the security sector."
Silverfort cofounder and president Matan Fattal commented on the types of threats, saying, that there was a different in crimes. "If I try to penetrate Citibank, I may succeed once. In cyber security, you can sit anywhere in the world and try to enter the bank. It makes the situation more difficult, with innumerable attempts at waiting until an employee makes a mistake, and then it is possible to penetrate," he said, adding that IT problems in organizations make it difficult for security products to work effectively.
Published by Globes [online], Israel Business News - www.globes-online.com - on October 29, 2017
© Copyright of Globes Publisher Itonut (1983) Ltd. 2017