Security by design, effective prevention, and cyber intelligence are needed in a world where almost everything is hackable, says Menny Barzilay, Cyber Security Strategist and former CISO for the Israeli Defense Force.
”The problem of cyber security is real and significant. And things are getting worse,” warns Cyber Security Strategist Menny Barzilay.
Barzilay has many arguments for his rather alarming insight. First of all, it’s much easier to hack than to maintain security, “When you’re a hacker you need to succeed only once., but when you’re a security guy, you have to succeed all the time. When you’re an attacker, you can attack at one point, but when you’re a security guy, you have to secure everything.”
Reason number two is the change in technologies, “Every new technology creates new problems. We are innovating amazing new technologies like smart cities, smart cars, smart houses, wearable technology, biotech, and robots. Every single technology creates new problems.”
Convince the Decision Makers
Sometimes, it´s hard to convince decision makers of the clear and present danger, but Barzilay has his own method, “I show them how easy it is to hack a phone, and how easy it is to send a spoof e-mail. Only when people see how easy it is and that it only takes a short amount of time do they start to understand that the threat is real.”
What should companies do to prevent themselves from getting hacked? Step number one is security by design, “If you’re not thinking about security with every new project, you have to add security later. It costs more money, takes much more time, and it will be much less efficient.”
Work Together Like Hackers Do
The second important self-defense method is a multi-dimensional cyber security strategy, “First, move from prevention to detection. But it’s not enough. We need to invest in cyber intelligence, as well. We need systems that identify information about people who are trying to harm us.”
The level of security rises if companies work together, “Hackers are excellent in working together. They collaborate, they have projects, and they have marketplaces where they sell information. If we want to be good in information security, we have to be at least as good as they are in working together. It makes no sense that every company implements the same solutions, and is hacked in the same way.”
What should every CISO do next?
“Go to work, put all of those things together, and create an effective cyber security strategy. And remember that you live in a world where almost everything is hackable.”