"2020 was a chaotic and crazy year in many aspects, and this didn't bypass the cyber world. We saw a spike in cyberattacks during the year, and that is another thing you can blame on the Coronavirus," says Meital Arik, Head of the Cyber Guidance and Regulation Division of the Israel National Cyber Directorate (INCD), in an interview with Israel Defense.
An official report of the INCD shows that its operations center received 14,300 reports, calls and warnings on suspected cyber incidents from citizens and those employed in the field. About 9,100 events, an increase of 50% compared to 2019, were confirmed to be real. The most reported case was the takeover of WhatsApp accounts as a result of providing passwords to attackers disguised as legitimate businesses, and additional complaints were related to breaches of social networks, phishing attempts, stealing information, computing system vulnerabilities, malware, damage of operational continuity and bypassing of identification mechanisms.
"In March and April we encountered a new reality that included an immediate and sudden shift to remote work, something that required rapid adaptation and changes," Arik says. "The attackers understood that the systems of organizations and companies, which were once hidden behind firewalls and protected by company systems and various security measures, were now left exposed through unprotected laptop computers, and could be reached easily via the home router. The employee working from home does not have the IT staff that is accustomed to work on-prem, who is skilled in identifying and neutralizing threats. The attackers identified that gap, and entered through it."
And once they were inside, they developed an appetite. "We started seeing bolder moves by the attackers. Previously, they would mostly steal data, but now they really exploited the situation for wide-ranging attacks that developed quickly this year," says Arik. "In April we saw an attack on the water supply system, and after that we had an attack on Israel's supply chain. We also saw attacks on universities and even on hospitals and medical institutions, and more. We saw that the hackers were directing most of their efforts against small organizations, which have less defense resources, and from there managed to breach larger organizations."
"These attacks are frustrating. It's like watching an accident waiting to happen"
The Cybertech Global conference, which will be held in Dubai between April 5-7, will emphasize the impact of cyber threats on the economy, and different ways that the market and various organizations can overcome them - first and foremost through using the right kind of defense. On this, Arik speaks from the heart. "As far as we are concerned, many of these attacks that we saw over the past year are frustrating. It's like watching an accident waiting to happen," she says.
"There were countless attacks. We dealt with hundreds of organizations and we saw the speed with which attackers were able to exploit organizations' vulnerabilities, which were not sufficiently aware of the cyber dangers, and as a result suffered harsh blows. It was like inviting a burglar into your home. If organizations would implement basic security practices, and also not procrastinate as far as their responses are concerned, many attacks could be prevented. "
Q: How does the INCD, and your division, come into the picture?
"Our department is actually responsible for directing the civilian market on topics of instruction and development of defense capabilities, to prevent attacks and limit damage that is unavoidable," Arik explains. "In 2017, we began setting up cyber systems in all of the government ministries, so each ministry can provide an optimal response for its own sector. We work together, with the Cyber Guidance and Regulation Division serving as the face of the entire INCD for them. We instruct and accompany the organizations from the technological aspect, and also create a lot of activities to boost awareness. And it works. Managers have an increasing understanding of the cyberworld dangers, but of course, there's still a long way to go.
"The role of our department is to teach them how to fish, not simply give them the actual fish. We see the companies themselves as responsible for their own security, but because of this intensive year and the vacuum created between the lack of knowledge and the awareness of the attacks themselves - we switched to operational mode, actively contacted companies, and initiated all kinds of plans.
"For example, we set up a marketplace, an initiative that about 150 Israeli companies that provide cyber solutions participate in. We are a unique society: at any given moment here in Israel, there is someone who identifies a problem and then immediately develops a solution. So we set the stage for those companies, but we don't get involved. The only thing is that we requested a legal commitment that each participant supplies what it offers. We are now working with more platforms that will boost awareness, and the actual work.
"We are contacted by many company managers who say something like 'We see what is happening in the market and we can't sleep at night. Tell us what to do. Who should we turn to?' And it's our role to assist and guide them. But as I said, the actual responsibility is borne by the companies themselves. The management and the board of directors need to manage cyber risks, to allocate the appropriate resources. The damages law and the privacy protection law are required in this context."
"We made an effort for a temporary order that will provide a solution for the most painful topic for us now – the organizations that refuse"
The activity of the INCD has yet to be anchored in law in Israel, even though the draft bill was already legislated about three years ago. Last month, it was reported that an updated version of a temporary order (the draft Cyber Security and National Cyber Directorate Bill) was supposed to be taken up by the ministerial committee for legislative affairs, but to date, that has not happened. The temporary order sparked widespread public criticism and concern over significant invasion of privacy, as the order calls for providing the government with wide-ranging powers over civilian entities.
Q: You are of course aware of the widespread criticism against the cyber defense law and against the temporary order. Opponents call it "the death of privacy."
"That's simply not true, and it's a pity that all of these critics are not aware of the work that we are doing and aren't reading the proposed law," Arik says passionately. "It's very important to emphasize that the objective is to protect the privacy of the general population, the privacy of customers, not to violate it or damage it at all. We operate in accordance with the privacy protection law, using methods in which there is no damage to privacy. The access will only be to meta-data and not to details. Our operations are carried out in full cooperation with the Privacy Protection Authority of the Justice Ministry. We have a series of supervision mechanisms aimed at preventing this kind of violation, including supervisions aimed at preventing human error.
"The cyber protection law focuses on a limited point from which we have already been burnt: preventing serious cyberattacks and threats to national security. But at this current point in time, we identified a problem in the lack of an organizing entity, and due to its urgency we made a special effort to devise a temporary order, that will provide a solution on the issue that is most painful for us at the moment: the organizations that refuse to comply. We see organizations that are hit hard due to inadequate defense, and we want to prevent this harm. If we had the appropriate authority, we would be able to save a great deal of distress, heartache and economic damage."
Arik acknowledges that many small businesses don't place cyber security at the center of their business, "and therefore we encourage them to use the appropriate services, even for a fee, from other companies that supply them. In other words, either do it alone or have it done for you. It needs to be understood that unlike large companies that have the long-term resources to fix damage caused by cyberattacks, small businesses aren't always capable of recovering, and might be pemanently crushed under the attack."
Q: Cyberattacks are only getting worse. How do you see your activities in the future?
"If I had to sum up this year and what we learned, it's that advanced technical knowledge and a thorough implementation of guidelines serves as a protective suit for the business - not only for the specific incident happening at a given moment, but also with regards to future threats, more advanced attacks. The objective is to gain peace and quiet in the long run, not only put out immediate fires.
"In addition, it is also economically worthwhile in terms of the chain of supply. For example, a large company that receives services from a smaller one, which maybe does not invest so much in cyber defense, might say to that company that it must improve its defense in order for their business connections to continue to exist - thus creating an additional interest to invest in defense.
"In the INCD we established the 'Yuval' system, which enables every organization to check its level of cyber defense. There are three levels in the system, with the highest one including both supervision by the INCD and the Standards Institution of Israel. An organization that chooses this option and undergoes our cyber examination can declare that it is in line with the INCD's standard. This is a very high level of security, of credibility. The customer here is a full partner, and has the full capability to influence its sphere."
This article is part of the “Post 2020: the new digital age after COVID-19” series. The Cybertech Global conference will take place in Dubai between April 5-7. Please join us, in person or remotely. For more information, please visit: https://www.cybertechconference.com