At any point of the digital transition,…
“The handling of cyberattacks cannot remain voluntary from a national standpoint,” says Meital Arik, head of the economic advice department at Israel’s national cyber system: “She would not have snatched if she had defended.”
Meital Arik, the director of the national cyber system’s economic guidance department. What exactly is your role?
“I’m the head of the division in charge of guiding the civilian economy to make it more resistant to cyber attacks: we handle warnings, advice, and actual technical assistance. When there are warnings, they are forwarded to the appropriate government ministries’ cyber security units. We are regarded as a security organization and behave accordingly.”
During the Corona era, how effective is the area of cyber hacking?
“The Corona Year has seen a rise in the frequency and severity of attacks, as well as an improvement in the efficiency of attacks. Although attackers are already prepared for long-distance work and find plenty of hacking opportunities, moving to the cloud for work from home is not always followed by self-defense, while attackers are already prepared for long-distance work and find plenty of hacking opportunities that have become attackers’ paradise “..
What recent incidents have you been involved in? “I directly handled the hacking incident at Ben-Gurion University and the ransomware incident at Shirbit Insurance.” We approached them with information that some of their servers had been compromised – information we collected using country-specific methods, as well as information from our other pipelines – and when we discovered the incident, we urged them to issue a statement to handle it transparently. He was brought to a halt thanks to good management.
“Small organizations don’t deal with the problem until it affects them, and those who make drastic changes are typically those who have been kidnapped, lost money, or crashed.”
Investing may have a negative impact on profitability in small and medium-sized enterprises.
“You don’t have to be the most secure in the world; all you have to do is provide the simple safeguards that the cyber array needs, and the intruder will flee to a safer place.”
We go to businesses and tell them they need to protect themselves. When Microsoft released a security update warning on its email exchange server, for example, we discovered 1,400 organizations that had not closed it and were notified.
“Only the assailant won’t push the red button.”
Will this wand happen again?
“Shirbit reported that it wiped out profits in the last quarter because of the attacking incident. Since then she has made dramatic investments in defense, which an organization of her size does not do, meaning she has moved to the other extreme of being super-protected. The regulation – in all probability it would not have caught this attack. “
And yet the lack of legislation stands by the refusers.
“In front of the refuseniks we encounter a wall. They understand that we do not have the law behind us, and say: ‘You have no authority to continue, we will stop the conversation between us here’. It is very frustrating. What matters is not the individual events of the refusers, but when an attack rolls through a refuser to other places. “This refers to a situation in which a few months later we found a variant of the same assault group that had spread to another body. This is unbearable for us.”
What will the temporary order provide you with?
“What we formulate in the temporary order will eventually allow us ability in discourse, in an administrative way or by order of a judge. That when a body comes to me and says, ‘I heard what you tell me to do, but I will take care of my way and the schedules I see fit,’ then we can limit it. “We want to make sure that the method chosen really provides a solution to the problem, and it is more important to set deadlines for treatment. From a national point of view, it is impossible for everything to remain voluntary.”
“Cyber service is like an accountant”
For small entities a cyber protection service just doesn’t always pay off.
“Just like you take an accounting or legal advice service, take a cyber service as well. Isn’t that your main business? No problem. Take a professional who will do it for you properly (protect the site, emails, corporate network). In Corona we have published a list Of suppliers and service providers in the field, because after the Shirbit affair, we received a lot of inquiries from CEOs who told us that they do not sleep at night. “
What does this list include?
“It is based on a call we issued to cyber companies to get a platform to offer their wares to the economy through our site, especially in Corona when it is financially difficult, and if it comes with an economic benefit, it is welcome. We did a test and filter Products and companies, with different categories of protections that can be equipped. “
What about small and medium-sized businesses that, in terms of profitability, have no incentive to invest?
“We do not expect anyone to take a cyber defense manager and information security manager. If this is not your main business, no problem. You can hire outside consulting. There are many companies that provide the full range of services and give you peace of mind in this area. We see examples of outsourcing in the field that works That’s the decent thing to do, and it should end there. “
Can an attacker lock up a computer infidelity in the Prime Minister’s Office today?
“In Israel, we have a combination of several factors that make us an attractive target, the technological developments that are created in Startup Nation in conjunction with the neighborhood we live in – it raises Israel’s rating as attractive for attack. By and large, we always say there is never 100% protection. “There are considerable investments and efforts and very significant defense systems on the part of the government ICT authority to prevent such things from happening, and the fact that we have not actually seen this happen.”
On a personal note. When you were the head of the IT Facilitation Center for Critical Infrastructures in the Cyber System, you contracted breast cancer.
“I was diagnosed in March 2017 with a lump in the breast, I was 37 years old, young for such a diagnosis, and it turned out I was actually in a metastatic state. It was a very large market, a kind of anxiety attack. Serious dizziness. 18 I became interested in the subject of body-mind connection, and developed a nice library at home, courses, workshops. I said, ‘It’s time to use these tools and test them on myself.’ When I saw that it helped me, and after seeing enough women off in this situation, I decided to move on. What has worked for me for others in the workshops. On both levels – personal and professional – it is dealing with a crisis. The way to get through it is to learn to retreat a bit, to recharge batteries in between. In the storm itself everything is terribly difficult. “My partner and the family and friend envelope I received in this process. When it’s over, you feel as if you have risen, or grown a little.”
“As of 2020, there were 2,000 organizations that issued an alert from us and did not close security gaps, out of 6,000 entities we contacted.” “We’re interfering when there’s a risk of a public-interest or national-security breach.” She broke into the business and sold data she gathered there, such as credit cards, driver’s licenses, passport images, and identification cards – Dvan) or Shirbit, for that matter, which had accumulated a large number of customer records over the years.”
How do you deal with organisations that are apprehensive?
“If faced with refusalists, we would use the legitimate means at our disposal to persuade them to do the right thing. In certain cases, companies are aware of the magnitude of the event and work together to make it a success. ‘Take my credit card and do it,’ said Ben-university Gurion’s president at one point. All that is needed to prevent the intruder from pressing the red button and wiping out a section of the university.’ And if an intruder tries to erase or encrypt data, you’ve reached the end of the road. And there isn’t always a backup to data and a way to recover from it. Reputation is excellent.”
Doesn’t the fact that Israel has no cyber law make you a mute body?
“If large corporations chose not to comply, they are well aware that they can. In any case, we do not contact the organization’s keyboard; they are responsible for anything. Today, we are in the midst of a persuasion campaign, and where there is a disagreement with a specific agency, such as in the financial sector, there is good legislation that can assist in getting the body to do what it wants to do. However, the fact is that the condition is entirely voluntary.
Certainly when it comes to a body without a regulator, when there is a threat to property or the public good, which we are attempting to encourage – come to address. There are businesses you’ve never heard of that are connected to a slew of others in the event of an attack (as happened in the shipping company Amital – RK). Philomena. At first glance, it appears to be tiny.