The breakthrough from the inside - by Rafi Horesh, CEO of InCyber.
The hacking incidents that have happened to large and medium-sized companies in recent weeks have made headlines the dangers of information theft and cyber hacking into sensitive databases. The fear index rose and many companies, large and small, quickly upgraded their cyber protection and tested protection and backup measures from external intrusions into the organization's network and the information in its possession, but most ignored the dangers inherent in cyber hacking from within the organization.
When we talk and think about cyber attacks most of us think of sophisticated hackers sitting in other countries (or disguising themselves as such) who break through the firewall that protects the organization's network, use spyware, Trojans and damage and download huge amounts of information and indeed a large part of day to day attacks About our information comes from outside, but what is less known is that almost seventy percent of hacking incidents are carried out by authorized users who have legal access to the information. These can be employees, subcontractors, consultants or anyone who has access to the organization's network and information. Such incidents can happen maliciously but also as a result of negligence on the part of the user.
Examples of such breakthroughs abound from Madwad Snowden, to Etty Alon with us and they happen in large and small organizations from IBM, Facebook, Target and large financial organizations to embezzlement of money in a grocery store and they are one of the biggest threats to the organization as they are hard to spot, and when already noticed Usually too late and the damage has already been done. Attacks from within the organization are also often more dangerous than attacks from outside as attackers have direct access to the network and permissions to operate within it, while an external attacker needs to find a way to penetrate the organization's information network. Attackers from within the organization also knew exactly where the information they needed was stored and would be able to better disguise their actions.
The organizational changes that have taken place recently as a result of the Corona virus also contribute to the danger and increase the risk of internal attacks as many employees experience instability in the workplace, layoffs and reduction in working hours and wages. Working from home also adds to the risk as the ability to monitor employees is diminished and many companies do not have the tools to monitor user actions when they are not at work.
The statistics of internal cyber attacks show that the cost of bridging such an event costs a medium organization about half a million dollars (without including customer loss, loss of reputation, decrease in stock value, class actions and more) and takes about two and a half months on average and quite a few cases. ) Were unable to cope with the attack and disappeared. That is why financial organizations today are required to show that they are taking strict measures to protect the information in their possession from attacks from within and without.
Cyber attacks do not happen on a day-to-day basis, so even in the case of attacks from within the organization, the attacker usually experiences changes in his environment, job stability, financial situation, changes behaviors and checks his boundaries. Identifying these changes at the beginning of the process makes it possible to give early notice to the appropriate factors in the organization, weeks and sometimes months before the attack occurred so that they can prevent the event even before it begins.
The solutions available today for detecting such attacks rely on UEBA (User & Event Behavior Analytics) systems, these are computerized systems that try to detect anomalies in user behavior or events that occur in the system such as attempts to change permissions, anomalous working hours, anomalous operations, etc. UEBA-based systems have appeared on the market About five years ago but so far they have shown little success due to a large number of false alarms and false identification of threats (False Positives) and because they are Rule Based and if the person who wrote the rules did not foresee the forbidden action then it is hacking To steal.
The accuracy of these systems according to external studies stands at 50-55%, an insufficient result that requires the organization to allocate a lot of resources to analyze the results to try and reach the real threats.
Next-generation systems (such as TPIT - True Prediction of Insider Threats developed by InCyber) designed to prevent such attacks are no longer based on rules, but on artificial intelligence. They focus on end users, learn the user behaviors themselves, create models using Machine Learning and adapt to "natural" changes in the organization and behaviors. More advanced systems also know how to integrate information from outside sources, compare behaviors of users with similar profiles to increase the accuracy of forecasting, rate the level of threat and prevent pre-emptive attacks on organizational resources. Using these tools, these systems reach 90-95% accuracy and enable proactive protection against threats.
The conclusion is that when an organization tries to protect its assets, it must think not only about outside threats but also what is happening inside the walls that surround it, try to prevent attacks in advance and not deal with them in retrospect and prepare for it without infringing on employee privacy.
Rafi Horesh, CEO of InCyber.
InCyber participates in the second cycle of a program IP² LaunchPad to accelerate business activity to Israeli companies in the ecosystem of Taiwan run by Innovation to Taiwanese Industry-i2i. The program works At the Startup Terrace Innovation Center, which supported by the Small Companies Administration and the mediocrity of the Taiwan Ministry of Economy. IP² LaunchPad is managed in Israel by Rani Shifron.