Cyber criminals will take advantage of the dependency on mobile devices
Gil Shwed, CEO of Check Point Software Technologies, is the inventor of the modern firewall and is the author of several patents, such as Check Point’s stateful inspection technology (dynamic filtering that monitors active connections to decide which packets are passing through the Firewall). He has received numerous awards including the Israel Prize (the country’s highest cultural distinction), honorary doctorates from the Technion – Israel Institute of Technology and Tel Aviv University, and the Global Leader for Tomorrow Award from the World Economic Forum. In an interaction with THE WEEK, Shwed shares insights into the latest trends in cybersecurity. Excerpts:
Covid-19 led to a steady increase in the number of cyber attacks. What new types of attacks have you observed?
In 2021, one in 61 organizations worldwide was affected by ransomware every week. We believe threat actors will continue to target companies that can afford to pay ransom. In May 2021, a US insurance giant paid a $ 40 million ransom to hackers. This was a record, and we can expect the ransom demanded by attackers to increase in 2022. Ransomware attacks are becoming more sophisticated. Hackers will increasingly use penetration tools to customize attacks in real time and live and work on victim networks.
We have also observed that critical infrastructure has also become a major target for cyberattacks; this includes water, electricity and freight by sea, land and air. These attacks have a huge impact not only on businesses, but also on communities, cities, states, and entire countries. The consequences can be dire. In 2020, both a U.S. natural gas pipeline and the operation of an Australian steel company closed until the attack was contained. In 2021 we saw the attack on the Colonial Pipeline in the United States.
Additionally, we also observed that cloud adoption was a step ahead of security as companies’ digital transformation programs moved forward by more than five years due to the pandemic. While many organizations have moved to the cloud, public cloud security is still a major concern for 75 percent of organizations. In addition, over 80 percent of the companies found that their existing security tools in the cloud did not work at all or only to a limited extent, which shows that the challenges of cloud security remain in the foreground.
Going forward, cyber attackers will target mobile devices as mobile wallets and mobile payment platforms become more common. Cyber criminals will continue to develop and adapt their techniques to take advantage of growing reliance on mobile devices.
What new cybersecurity threats are emerging in today’s world and what mechanisms are evolving to counter these threats?
We live in an era of Gen V attacks, which are usually large-scale and can cause a lot of damage. Unfortunately, most companies use Gen III solutions to protect themselves from Gen V attacks. Organizations should ensure that they have the appropriate solutions in place to prevent attacks without disrupting the normal flow of business; Most of these attacks include the most advanced. To stay ahead of threats, organizations need to be proactive and not leave any part of their attack surface unprotected or unattended or they run the risk of becoming the next victim of sophisticated, targeted attacks.
Recently, we have also observed some key trends in 2022. We believe that cyber attacks on the supply chain will continue to increase and become more common, and governments will begin to enact regulations to combat these attacks, including protecting networks, and working with the private sector and other countries to identify and identify more threat groups around the world to address specifically. We have also seen that data breaches are more common and that organizations and governments are costing more to recover. In May 2021, a US insurance giant paid a $ 40 million ransom to hackers. This was a record, and we can expect the ransom demanded by attackers to increase in 2022.
In addition, cyber attackers will target mobile devices as mobile wallets and mobile payment platforms become more common. Cyber criminals will continue to develop and adapt their techniques to take advantage of growing reliance on mobile devices.
What Precautions Should Companies Take To Prevent New Age Cyber Attacks?
I think organizations should focus on issues like real-time prevention because vaccinations are better than treatments, even when it comes to cybersecurity. Real-time prevention of threats before they can infiltrate the network is key to preventing future attacks. In addition, in order to secure everything as the new normal, companies need to rethink and review the level of security and relevance of their network infrastructures, processes, conformity of connected mobile and PC devices, IoT (Internet of Things), etc. The increasing use of cloud computing means an increased level of security, especially for technologies that secure workloads, containers and serverless applications in multi and hybrid cloud environments. Many changes in the company’s infrastructure provide a unique opportunity to review security investments. The highest transparency achieved through consolidation guarantees the best effectiveness.
What role do ethical hackers play in dealing with cyber attacks?
Ethical hackers play an important role as you need to think like a hacker to develop the best threat prevention. Companies work with them to uncover potential security vulnerabilities that malicious hackers could exploit.
What innovations are there in the field of cybersecurity?
AI and machine learning are among the innovations in cybersecurity as most solutions are based on one or more detection engines based on man-made logic such as signatures or rule-based analysis. However, the speed of malware evolution, the increasing number of devices and technologies, and the vast amounts of data make it impossible to keep man-made models comprehensive and up-to-date. If you rely solely on traditional engines, businesses are exposed to the most damaging attacks.
How do you see cybersecurity evolving?
Today we are in the age of Gen V attacks – bigger and more complex. Many companies are still trying to protect themselves with legacy technology that can only protect them from Gen III attacks. This leaves a loophole that cyber criminals can easily exploit.
Cyber security is an ongoing battle between good and evil. Just as cybersecurity companies continue to focus on helping companies strengthen their defenses with the latest innovations, cybercriminals are improving their game and adopting new strategies and technologies.
What can governments do to protect their systems from hackers and other cyber security breaches?
All organizations, both public and private, are now exposed to the threat of Gen V attacks, which can wreak havoc. It is important to evaluate your environment and identify the security gaps in your company. The threat landscape will continue to refine, and companies should consider using consolidated security solutions rather than stand-alone solutions as this would be more difficult to manage. Additionally, traditional security tools are no longer sufficient to deal with the growing number of security breaches and the dynamic, virtual, and decentralized nature of the cloud. To meet these challenges, a unified, highly automated and cost-effective cloud security solution is required that can detect and deal with threats in cloud environments.
What research and development work does Check Point do in the area of cyber security, especially in the area of firewall security?
We strive to create the most innovative cybersecurity solutions. Our Check Point Research division provides cutting edge cyber threat intelligence to Check Point Software customers and the wider intelligence community. The research team collects and analyzes global cyberattack data stored on ThreatCloud to keep hackers at bay while ensuring that all Check Point products are updated with the latest protections. From the moment a security breach is initiated, ThreatCloud begins sharing data across the network, giving researchers the information they need to thoroughly analyze and report attacks. Check Point Research publications and intelligence sharing are fueling the discovery of new cyber threats and the development of the international threat intelligence community to protect them.
Why do Israeli companies dominate the cybersecurity space compared to other countries?
Israel is one of the world’s leading cybersecurity hubs due to its focus on developing cybersecurity expertise. There are various initiatives in both the private and public sectors when it comes to cybersecurity skills development. In fact, cybersecurity is being given so much priority that cybersecurity education begins in middle school in Israel.
Is there a major cybersecurity skills shortage in a country like India? What can be done to fill this skills gap?
India, like the rest of the world, faces a cybersecurity skills shortage. We have a major focus on cybersecurity skills training and certification. We also aim to make cybersecurity education accessible to all and are working with various academic and non-academic partners to accomplish this mission. We recently launched Check Point Mind, a knowledge training portal, in collaboration with over 200 of the world’s most recognized training partners. Users can register for the portal free of charge and choose from a wide range of courses and programs from over 200 partners. Payment can be made by credit card or Check Point Learning Credits.
In addition, Check Point’s Secure Academy program provides 100 universities and colleges worldwide with a comprehensive cybersecurity curriculum, and we’re building partnerships with leading institutions like New York University (NYU) to create online platforms to educate students in Include cybersecurity training. The Secure Academy program trains an average of about 100 students per year. In India we work with over 15 universities and colleges. Hundreds of students have gone through this program in India.