Hackers are getting bolder, and cyber-attacks are getting more frequent – and more high-profile. That’s a business opportunity: There’s a clear need for more and better cyber-defenses, and that has led to a growth in the number of solutions available.
But which solution is best? That depends, according to Shay Zandani, CEO of cyber-security consultation firm Cytegic. “Companies have learned that they need to budget for cyber-security, but the question for many is how they should spend that money. That’s the question we try to answer, using business intelligence analysis of the threat levels to organizations.”
Cytegic had the answer to the cyber-security quandary at Scitum — an affiliate company of Telmex, the largest telecommunication company in Mexico and part of Grupo Carso, which is owned by Carlos Slim, who with a net worth of about $80 billion is the world’s richest man. Slim was likely impressed with Cytegic’s business intelligence (BI) based automated decision making – and the fact that Zandani’s partner and Cytegic Chairman, Carmi Gillon, is a former head of the Shin Bet, Israel’s top security outfit, and a veteran of the security industry.
In many organizations, the idea of a cyber-attack elicits panic, and corporations usually deal with panic by throwing money at the problem.
To solve a corporation’s cyber-security problem, said Zandani, money has to be spent intelligently. “The best way to decide what to spend money on is to figure out what the threats are, where they are likely to come from, and what form they are likely to take. If a company can crack that code, they will be able to wade through the forest of cyber-security solutions and make the right decision.”
For example, phishing attacks, in which hackers get individuals inside an organization to do their dirty work and install malware, have become all the rage among hackers recently; most of the recent high-profile attacks, like the ones on Sony and Target, used legitimate-looking email loaded with infected documents or links.
But how does an organization know if it is more likely to experience a phishing attack than, say, a scripting attack, or a DDoS (denial of service) attack? While the results will be the same for an organization – a significant hit to its ability to produce – the methods needed to defend against the various threats are significantly different.
Of course, it’s possible to install cyber-defenses against all three – but an efficient business doesn’t do business that way, said Zandani. “Today, business decisions are made using business intelligence (BI) methods which collect data from many sources, analyze them, and make accurate recommendations on the most profitable course of action. Why should cyber-security be any different?”
It shouldn’t, and that’s why, said Zandani, Cytegic offers a full suite of BI tools to analyze cyber-threats and recommend solutions. “Our technology presents executives with a first-of-its-kind, proactive and automated solution, which provides the status of cyber defenses, an intelligence-based forecast tool and an online control dashboard integrating the whole system,” said Zandani. “This enables executives to focus their attention to the cyber risks posing the greatest risks to the organization, and ensures resources and personnel are allocated efficiently.”
Cytegic’s systems parse the Internet, looking at trends – who is threatening whom, which kinds of attacks are in vogue, what’s in the news that would prompt an attack, and much more. “For example, we determine how much a term, like ‘nuclear Iran,’ is being used on the Internet and the ‘undernet,’ where hackers hang out, and if our client has something to do with nuclear power, criticism of Iran, or some other related matter, we would send them an alert that they need to be on guard against an attack. Our Dynamic Trend Analysis (DyTA) system collects data from over 1,000 sources and checks 20,000 terms and concepts, analyzing them and determining what the threat level is for relevant clients.”
Using that data, Cytegic also offers a risk analysis engine and simulation engine to conduct “what if” scenarios to determine the best way to allocate spending to prevent disaster. The systems run automatically and independently of other software. While Cytegic does not recommend specific products, it does recommend a range of solutions that will help companies significantly narrow down their choices, and boost the likelihood that the solutions they do choose will be the right ones.
It’s a war, according to Gillon – a phenomenon he knows all too well, and one that requires organization, intelligence, and fortitude to content with.
“Cyber threats — whether from cyber-crime or orchestrated attacks on critical infrastructure — are becoming a growing risk factor to organizations, but the troops on the frontlines are overwhelmed,” said Gillon. “It’s time for the generals — CEOs and board members — to join the fight. Cytegic’s solutions equip them with the tools to prepare their defenses and protect their assets.”