“If there’s been a crazy year for cyber defense, 2020 was that year. But in the midst of this tragic pandemic, there is a silver lining: our digital infrastructure proved to be more resilient than many thought it could be.” This is what Former Commander of the IDF elite Unit 8200 and current Managing Partner of Team8, Nadav Zafrir, said during a panel titled “Cyber in a World of Change”, held as part of the Cybertech Global conference in Dubai.
“In many ways, our dependence on digital infrastructure during the pandemic has kept the lights up and allowed us to continue communicating and working,” said Zafrir, quickly adding that “However, we were also reminded of the fragility this hyperconnectivity introduced us to. Our supply chains, data, privacy etc. That attack on SolarWinds, for example, reminded us that none of us is immune.”
Zafrir held a one-on-one via video chat with Former NSA Director, Adm. Michael S. Rogers, who added: “One of the things that struck me about 2020, the two main attackers – criminals and nation-states, both showed a willingness to be more aggressive and take higher levels of risks. I don’t think this is going to change, we’re likely going to have to be prepared for this.
“This argues for things like thinking differently about supply chains – they are not just physical components, but also have to do with who has access to my data, my infrastructure. We need to think about ‘where is my software coming from? What kind of validation am I doing with it?’ We also need to realize we might not be the intended target, or a priority for the attacker.
“The perimeter had just been blown up. Part of our workforces will stay at home in this hybrid future. We will need to think about accounting for this, without a well-established perimeter. So we need to think about cybersecurity as defense, but also as resiliency – there’s a probability an intruder may gain access, so what can I do to make sure I can continue to operate?”
“Lastly, we need to think about cyber through the prism of risk, prioritize, address the mismatch between threat and resources. There will never be enough money to do everything you have to do – so assessing the risk will help you prioritize.”
Zafrir: “A paradigm shift in cybersecurity is that we can’t think about it as a standalone mechanical threat to the organization – it has to be put into the bigger framework of business risk and treated as such. You can think of whether you want to take the risk in the first place, or avoid it. And then, to be able to quantify the risks in terms of probability and dollar amounts, so business people can understand and make decisions.
Michael: for all the challenges, this is also a time for great opportunity, to ask ourselves how we can change, adapt. Because the actors our there are changing and adapting, adversaries aren’t just doing the same thing over and over again.
Zafrir: “In many ways, this pandemic has taken us as close as I’ve ever seen to chaos, and in many ways our digital infrastructure and the fact we were able to continue working remotely has held it before the chaos, at the edge. And at the edge of chaos, beautiful things happen in terms of innovation and disruption.
“So we’ve been able to accelerate our ability to build new products, introduce them and put them into regimes, in healthcare specifically, faster than we imagined possible – and this opened our eyes to moving faster, creating the balance between security, productivity, privacy and digital transformation. So I’m optimistic.”
The Cybertech Global UAE-Dubai conference is taking place now, April 5th-7th, 2021.
Conference website: https://www.cybertechconference.com/