If one were to compare the world’s cybersecurity defenses to a house, Gil Shwed, CEO of Check Point Software, said Monday, it would be a house with a “very leaky roof, with rain coming through every day,” because the security systems installed at businesses and in critical infrastructures are not comprehensive enough and not focused on prevention.
“Every cyber-criminal today has access to the most sophisticated tools… and that is scary,” Shwed said Monday at the Cyber Week conference in Tel Aviv. Single attackers today can access superpower tools once generally only in possession by nations, and as the world becomes increasingly connected, so the risks of cyber-attacks grow.
Computer networks, cellphones and cloud computing centers will all be major targets for future attacks, he said, and businesses worldwide are painfully unprepared.
A recent survey by Check Point among businesses revealed that only 4-7 percent of companies use software to prevent advanced persistent threats (APT), and just 1-2% use cloud security technologies. The companies cited a number of reasons for this, he said: the systems were too complicated, there were too many products available, the companies were unaware of the threat and lacked trained employees.
Companies today use patch solutions, created by a number of different vendors, to deal with the various threats, he said. But these create defense gaps. “The rain is coming through and our enterprise will be flooded,” he warned.
“We should not live in a leaky environment,” he said, and better solutions are needed that will effectively keep the attackers outside the firms. The new approach to threats is to build a “multilayer and unified architecture,” he said, as opposed to single solutions for each vulnerable system.
Check Point’s survey showed that companies that used multi-vendor products to protect their businesses took on average 40 days to identify attacks and the cost of each attack was on average $700,000. Customers who used unified software to cover all of its various systems reported much better results: it took them two days to identify attacks and the cost dropped to an average $7,000. “There was an effectiveness ratio of 1 to 100,” he said.
“We can build solutions for the future,” Shwed said. “We need to think forward and adopt new architecture with no gaps.” The focus must be on prevention and businesses must understand that all of their systems need to be protected: their networks, the cloud, mobile phones.
Shwed was presented with the first annual Award for Outstanding Achievement in Cyber by the organizers of the event, including the Blavatnik Interdisciplinary Cyber Research Center at the Tel Aviv University, the National Cyber Directorate at the Prime Minister’s Office and the Ministry of Foreign Affairs.
Israel’s Cyber Week brings together international cybersecurity experts from government, the private sector, academia, the military, and the intelligence community to provide insight into the latest global developments in cybersecurity.
Keith Alexander, a former director of the National Security Agency in the US and the CEO of the company IronNet Cybersecurity, said that to combat the growing cyber-treat, more automation is needed along with a greater cooperation between governments and private industries and businesses.
Gabriel Lim, Singapore’s Permanent Secretary for Communications and Information CEO at the Media Development Authority, said that small countries like Singapore that are undergoing an advanced process of digitization, run the risk of being “trampled” by cyber wars between larger nations.
A Singapore saying says that “when elephants fight, the ants get trampled,” he said. “And when elephants make love, the ants get trampled too. Ants get trampled no matter what, and we must do what we can to protect ourselves,” he said to the laughter of the audience.
“Security is the freedom to define our destiny and to be free from foreign interference,” he added, on a more somber note. “If we are not careful we will become a puppet where a master is pulling our strings.”
Singapore has also set up a new cyber command to “groom young talent” and prepare them for the cyber-security challenges ahead, he said, and is looking to strengthen its international partnerships.