“For the past few months, while the Covid-19 pandemic spread, we identified an increase by leaps and bounds in the scale and severity of cyberattacks all over the world,” Yigal Unna, Director General of the Israel National Cyber Directorate said in a panel on cybersecurity on Day three of Calcalist and Google’s Startup Week. “The primary reason is that many more people are working from home, which multiplied tenfold the attackers’ range of targets. But it is worth noting another point, which is that many teenagers and young people, who make up the core population hackers and attackers come from, had all at once stopped their daily activities and discovered this activity called hacking.”
According to Unna, students around the world, from primary school all the way to university, got bored with playing video games and started learning and practicing carrying out cyberattacks. The combination of an increase in exposed targets alongside more active hackers and the general global sensitivity to the pandemic created “an international cyber swamp, which we have to ensure we float above and not drown in.” Unna stressed that the upsurge in hackers was a worldwide, rather than local Israeli phenomenon, and that Israel was not a special target for them, but just one among many all over the world.
Gal Avidan, who heads Google Cloud Israel’s startups department, said that contrary to tech companies for whom the transition to work from home was relatively quick and seamless, traditional companies required longer to realize they needed cyber protection and needed to implement it in record speed. Some of the companies were not prepared to carry out the installation process, which in any case takes a long time, which gave hackers a large window of opportunity in which to attack.
“The company’s size or field of operations doesn’t interest the attackers— what they care about is how important the data is to the business owner and whether they are willing to pay to have it freed from ransom. Cyberattacks also include the element of damage to a company’s reputation and many company’s refuse to compromise on that,” Avidan added.
Dean Sysman, co-founder and CEO of cybersecurity company Axonius, Inc. noted that “We do not realize how quickly our society has become dependant on technology. Cyber solutions are like brakes on a car, but just like vehicle brakes have to be suited to the speed and power of the car, so do the cyber solutions we implement. You wouldn’t install the brakes of a Hyundai on a Ferrari because they couldn’t cope with the speeds a Ferrari drives at. Organizations’ cyber solutions depend on their ability to adopt the technology."
Sysman said that beyond the matters of life and death that can impact a healthcare company or the leakage of private and sensitive medical information that an attack can lead to, “these organizations are strictly regulated and obligated to the highest standards of data protection. Therefore they need to produce the maturity and understanding of how to operate, particularly with the transition to club-based services and working from home. They have to be reborn into this world, which is extremely dynamic, and not just be present within the four walls of a hospital or a clinic.”
Unna said that just as in the physical world, the primary responsibility to defend oneself is in their own hands, in Israel, the state offers its citizens overarching protection from cyberattacks. “There are many available cyber protection tools in Israel, but what the state offers is a larger envelope of protection against cyber pandemics— global scale attacks, the likes of which we have experienced in the past. The state also knows how to provide protection from hostile elements, in which case we don’t leave the citizens and private organizations to fend for themselves. Anyone who feels they are under a cyber threat can contact us and we will provide a solution ranging from basic assistance to sending teams to investigate the event, contain it and neutralize it.”
Unna noted that the National Cyber Directorate received over 7,000 alerts on attacks of varying degrees. “It’s a relatively low number since not everyone is sufficiently aware of the service. When it comes to cyber, the more alerts the better, the more people turn to us and report attacks, the better an overall picture we can form, making the puzzle clearer. More data means more protection,” he concluded.