Cyber threats are growing and the good guys are losing the battle as they are still vastly unprepared. That is the message cyber security experts, both Israeli and international, laid out at a cyber technology conference in Tel Aviv, as they defined 2017 as the worst year yet for cyber-attacks globally, with 2018 shaping up to be perhaps even worse.
Cybersecurity experts sounded a dire note at a Tel Aviv conference Tuesday, saying 2017 was the worst year yet for cyber-attacks globally and the good guys are still woefully unprepared.
Most institutions and companies are using outdated protections, and are struggling to get even the basics in place against attacks that are becoming more daring an aggressive, both Israeli and international experts said
“Winter is coming,” warned Yigal Unna, the newly appointed director general at the Israel National Cyber Directorate, said at Israel’s 2018 Cybertech Conference. The cyber-attack surface is “getting wider” and the risk is “getting darker” with hackers motivated by both financial and political purposes. As more devices get connected, “malicious actors” get an advantage.
The World Economic Forum ranks large-scale breach of cybersecurity as one of the five most serious risks posed to the world today, and the scale of the threat is expanding: the global cost of cybersecurity breaches will reach $6 trillion by 2021, double the total for 2015, according to reports by market research firm Cybersecurity Ventures and international consultants EY. Cyber-threats were the fourth greatest worry for CEOs worldwide, a report by consultants PwC showed.
Yigal Unna, the newly appointed director general at the Israel National Cyber Directorate speaking at Cybertech 2018; Jan. 30, 2018 (Gilad Kavalerchij)Countries must cooperate, Unna said, in order to put these malicious elements back into their “dark holes.” Better technology, especially involving the use of artificial intelligence, should be developed to detect and foil threats; more sensors should be deployed to cover the cyber-sphere, and people should be trained. In addition, the regulatory framework should be clarified and streamlined.
Unna added that passenger planes are at greater risk too. “There are more and more attempts to attack civil aviation, and these have risen with the launch of the new Boeing Dreamliner” aircraft and other high-tech planes, he said.
The former director of the CIA, Gen David Petraeus, said at the conference that US-Israeli collaboration on cybersecurity has reached new heights.
“According to various foreign publications, our cooperation has harmed significantly Iran’s nuclear program,” he said at the conference, hinting at the reported collaboration between the two nations in planting the malicious computer worm Stuxnet that damaged Iran’s nuclear program and was uncovered in 2010. He said he could not confirm or deny those reports.
Calling Israel a “cyber superpower,” Petraeus said the partnership between the US and Israel has allowed the two countries to foil threats together. “The collaboration reaches new heights time and time again, far beyond what is being published in the media,” he said.
He added that legislation was not managing to keep up with the ever-changing technological landscape.
“The bad guys continue to evolve, demonstrating diabolical creativity,” he said. “Technological developments are outstripping our strategic imagination. Simple legislation cannot keep up with technology to react to the rapid changes” that are happening.
Gil Shwed, the CEO of Check Point Software Technologies, said companies and institutions globally are lacking even the most basic protections against cyber-attacks and that the protections in place today are 10-15 years behind the capabilities of the attackers. “We are at the fifth generation of attacks,” he said. The protections that are widely in place “are still at generation two and three.”
Cybersecurity today requires technology that covers PCs, networks, cellphones and the cloud — the last two being the “weakest links” in cybersecurity, he said. Hospital and medical information are among the “most vulnerable,” he said.
He said that in the future, “nano-security software” will be installed on every device, controlling the device’s connections to the rest of the world. “It will be small software, open source, that can be put on any IoT device or cloud and connected together with one intelligence control system that can predict and detect attacks.”
Marc Van Zadelhof, the general manager of IBM Security, said artificial intelligence would be playing a far greater role in the future in both detecting cyber-attacks and helping security experts make sense of them. “AI will make a massive difference,” taking security to a new level, he said. But AI is a double-edged sword, he said. “There is a war coming, of good AI vs bad AI.”
IBM launched Watson Cyber last year in a bid to use artificial intelligence to help analysts identify threats more accurately and resolve them faster.