Opinion
The new frontline of Israel: How can we protect the economy from cyberattacks?
"To combat these threats, a comprehensive, multi-layered security strategy is required, utilizing sophisticated tools adapted to dynamic attacks and complex threats, alongside minimizing exposure to public services," writes Itzik Tzalaf, National Security Director of Microsoft Israel.
In the past year, cyber incidents have increased both locally and globally, characterized primarily as Denial-of-Service (DDoS) attacks. Recently, Israel's credit clearing system suffered a cyber attack that, according to reports, disrupted a third of its processing capacity for several hours, believed to have originated from an Iranian attack group. This attack joins a long list of digital security incidents rooted in DDoS attacks, with a motivation to target private and public sectors with broad economic or perceptual impacts. DDoS events underscore the need for robust cyber resilience for systems with broad cross-sector influence, even those within the private sector, as they form critical pillars of the local economy. These attacks pose significant challenges that demand innovative solutions to maintain public trust and cyber resilience, be it through comprehensive, multi-layered security strategies or reducing exposure to public services.
In the past, DDoS attacks were seen as limited technical threats. However, with the advancement of the digital world, they have become a major strategic threat to the economy as a whole. These attacks not only disrupt services temporarily but also cause extensive damage to companies' reputations, especially when the public loses trust in services that have become integral to daily life. These attacks compel companies to make massive investments in infrastructure recovery and security enhancements to restore public trust, posing a long-term economic stability challenge. In an era where the public relies on the reliability of digital systems, trust has become a critical asset, and the damage from these attacks extends beyond technical domains to public confidence. Any failure to protect payment systems undermines the public's sense of security.
Research by Microsoft, published in the recent Digital Defense Report, indicates a dramatic increase in DDoS attacks worldwide since mid-March 2024. In June, for example, the average daily attacks reached approximately 4,500, with many attacks focusing on medium-sized applications—a convenient target for attackers. These attacks, aimed at the application layer of an organization, are considered a particularly complex and dangerous threat. They don’t seek to disrupt the entire infrastructure but operate with a highly focused approach designed to bypass existing defenses and hit critical online services like payment processing. These attacks create immense load rates, reaching up to a million accesses per second, requiring far more sophisticated protection than traditional solutions, which are insufficient to handle such focused threats. Standard information security defenses aim to protect the entire infrastructure but lack the capability to counter direct application-layer attacks.
Related articles:
DDoS attacks are just one part of the cyber threat landscape facing the digital economy today. Over the past year, with the rise of more complex threats, new types of attacks have emerged, such as Loop Attacks. These attacks exploit vulnerabilities in application-layer protocols and target the foundational structure of internet communication itself.
The German Center for Cyber Security, CISPA, has reported that Loop Attacks can simultaneously impact hundreds of thousands of servers worldwide, necessitating extraordinary measures to maintain system stability.
To combat these threats, a comprehensive, multi-layered security strategy is required, utilizing sophisticated tools adapted to dynamic attacks and complex threats, alongside minimizing exposure to public services. Integrated traffic management models, multi-layered application-layer protection, and regular simulations to detect vulnerabilities are essential to allow companies to respond better in real-time. The recent attacks on Israel's clearing systems highlight the necessity of proactive measures at every defense level to protect the digital economy and public trust.
The article is written by Itzik Tzalaf, National Security Director of Microsoft Israel.