Cybercriminals will exploit reliance on mobile devices

Gil Shwed, CEO of Check Point Software Technologies, is considered the inventor of the modern firewall and has authored several patents such as Check Point’s stateful inspection technology (dynamic filtering that monitors active connections to decide which packets to allow through the firewall). He has received numerous accolades, including the Israel Prize (the country’s highest cultural honour), honorary doctorates from Technion - Israel Institute of Technology and Tel Aviv University, and the Global Leader for Tomorrow award by the World Economic Forum. In an interaction with THE WEEK, Shwed shares insights about the latest trends in cybersecurity. Excerpts:

Q/ Covid-19 resulted in a steady increase in the number of cyberattacks. What new kinds of attacks did you observe?

A/ Globally, in 2021, one out of 61 organisations was being impacted by ransomware every week. We feel that threat actors will continue to target companies that can afford paying ransom. In May 2021, a US insurance giant paid $40 million in ransom to hackers. This was a record, and we can expect ransom demanded by attackers to increase in 2022. Ransomware attacks will become more sophisticated. Hackers will increasingly use penetration tools to customise attacks in real time and to live and work within victim networks.

We also observed that critical infrastructure has also become a prime target for cyberattacks; this includes water, electricity and cargo by sea, land and air. These attacks have huge implications not only on businesses, but also on communities, cities, states and entire countries. The consequences can be dire. In 2020, both a US natural gas pipeline and an Australian steel company operations were shut down until the attack was contained. In 2021, we saw the attack on the Colonial Pipeline in the US.

Additionally, we also observed that cloud adoption raced ahead of security as the pandemic saw organisations’ digital transformation programmes advance by over five years. While many organisations moved to the cloud, public cloud security is still a major concern for 75 per cent of enterprises. Also, over 80 per cent of enterprises found their existing security tools did not work at all or have only limited functions in the cloud, showing that cloud security challenges continue to be top of mind.

Going forward, cyberattackers will target mobile devices as mobile wallets and mobile payment platforms are used more frequently. Cybercriminals will evolve and adapt their techniques to exploit the growing reliance on mobile devices.

Q/ What kind of role do ethical hackers play in dealing with cyberattacks?

A/ Ethical hackers play an important role as you need to think like a hacker in order to develop the best threat prevention. Organisations work with them to uncover potential security gaps that malicious hackers could exploit.

Q/ What kind of innovations are happening in the cybersecurity space?

A/ AI and machine learning are among the innovations in the cybersecurity space as most solutions are based on one or several detection engines which are built on human-made logic such as signatures or rule-based analysis. However, the velocity of malware evolution, the increasing number of devices and technologies and the huge amount of data make it impossible to keep the human-made models comprehensive and up to date. Relying solely on the traditional engines will leave the organisations exposed to the most damaging attacks.

Q/ How do you see cybersecurity shaping up?

A/ Today we are in the era of Gen V attacks—larger in scale and more complex. Many organisations are still trying to protect themselves with older technology that can only protect them from Gen III attacks. This leaves a gap that cybercriminals can easily exploit.

Cybersecurity is a continuous battle between good and evil. Just as cybersecurity companies continue to focus on helping organisations beef up their defences with the latest innovation, cybercriminals are upping their game, leveraging new strategies and technologies.

Q/ What can governments do to make their systems secure from hacking and other cybersecurity breaches?

A/ All organisations today, both in the public and private sector, face the threat of Gen V attacks, which have the capability to inflict huge damage. It is important to assess your environment and identify where the security gaps are in your organisation. The threat landscape will continue to become more sophisticated, and organisations should consider using consolidated security solutions rather than point solutions since this would be harder to manage. Also, traditional security tools are no longer adequate for handling the growing number of breaches and the dynamic, virtual, and decentralised nature of the cloud. Overcoming these challenges requires a unified, highly automated, and cost effective cloud security solution capable of detecting and handling threats across cloud environments.

For full interview, visit www.theweek.in