From the forty-first floor of the Azrieli Towers, you can see far beyond Tel Aviv’s urban skyline. On a clear day, to the west there’s a view of the sea, while to the east you can see the Samarian hills.
For Yuval Wollman, President of CyberProof – a company whose management, service center, and R&D are all on the same floor of the Azrieli Towers – the horizon is not just a geographic-metaphoric term but rather a concrete destination for threat prediction.
As the cyber arm of UST Global – a leading international provider of digital transformation technologies and services – CyberProof is continually working to analyze and assess cyber threats and to provide the customers of its parent company with security solutions using managed security services.
Wollman’s biographical background is helpful to him in the assessment of threats. He served as an officer and commander in an elite defense intelligence unit and afterward he became the Director-General of the Israeli Ministry of Intelligence. The fact that CyberProof’s team includes graduates of technology units of the Israeli intelligence community also is helpful in threat prediction.
The need to map out future cyber threats prompted Wollman, who is also a senior manager in UST Global, to articulate his understanding of the top cybersecurity challenges for the coming year:
Assessing Risk – In recent years, the senior decision makers – including the Chairperson of the Board – in many organizations fully absorbed the risks inherent to the cyber era. Yet, it’s hard for them to measure this risk and estimate the potential damage. This is very important for general risk assessment – which is demanding the attention of senior managers, partly because of increased regulations and reporting requirements for public companies.
Over time, as cyber attacks continue to become more sophisticated as well as more lethal, there is a growing need to understand the depth of their impact and identify the degree of risk for each organization. “Experience teaches us that cyber attacks can have an impact across all parts of an organization – causing damage that ranges from complete shut-down and a hit to the value of stocks and the company’s reputation, to hurting the cash flow. There can also be long-term financial damage,” Wollman emphasizes.
Today, the directors of organizations are looking for clear answers from their managers. They want assessments of potential damage. But there’s no clear, well-formulated methodology that facilitates an intelligent assessment of the potential damage. There are a number of specific tools for internal-lateral monitoring, which grade particular aspects of the company (such as intelligence and vulnerability), but these are niche tools.
The race is on to develop tools that can provide managers with quantitative understandings and comprehensive, precise statements about an organization’s cyber resilience, based on collecting and filtering information from all of a company’s security products.
Moving to the Cloud – Many companies are moving their databases to the cloud, but this type of move is complex and requires advanced security solutions – both on-premises, and in the cloud. The challenge is complicated further by the fact that, in many cases, we’re talking about huge companies created by a series of mergers and acquisitions – i.e., the companies have many layers of data.
Aside from these issues, security must take into consideration multiple environments, some in the cloud and some not in the cloud. In addition, organizations are bound by a variety of different regulations that influence the quantity and type of information that they are legally entitled to move to the cloud.
Human Resources – Companies and organizations work in a technological environment that is increasingly complex, and increasingly digital. The interface with clients, likewise, has become increasingly digital. All this requires high-level professionals, at a time when there is a shortage of trained people in this sector.
Some of the largest companies do maintain subsidiary companies that handle security, but not all of them are ready or able to do this. There are some companies that are high worth and have over 20,000 employees, yet they have trouble setting up internal teams and instead, they opt to use external solutions.
Pricing – The amount of information flowing into an organization and requiring security has grown so quickly that companies are finding it hard to keep up. A great number of resources, both technological and human, are necessary to handle it. There’s concern that the huge amount of data – data collected daily, from every part of an organization – will generate false alarms about cyber attacks.
As a result, the ability to prioritize information has become critical. Furthermore, because significant investments are being made in information and security, astute management and quarterly reviews are necessary to ensure that the company is investing wisely in the right products and technologies.
Dealing with Crises – Preparing for unforeseen crises must become part of the “arsenal” of today’s companies. The working assumption is that companies are being attacked continually. Therefore, the key question is how companies can maintain business continuity, minimize damage, and recover quickly. Facilitating this type of response requires having an organized methodology, one that relates to the financial, public, and communications aspects of a crisis – and is developed for a variety of potential attack scenarios.
“In addition to providing security solutions, as a provider of advanced services that are based on an in depth understanding of the IT systems of our customers, I sometimes know more about them than they know about themselves…. Because of my work with multiple customers, I have a broader view. I’m working with companies from different sectors and I can share insights that are common to all organizations.
“When it comes to everything connected to estimating risk, we have the ability to evaluate where a client stands in relationship to a particular market – which is critical for the managers. With regard to the cloud, we strive to provide a hybrid solution that allows companies to effectively maneuver between a cloud-based environment and their various technologies, geographies, and regulations, and to synchronize these different worlds.
"The fact that our clients are outsourcing when they use our solution is significant. It means that we’re providing an effective answer to the issue of human resources – i.e., the shortage of trained professionals in this field – which allows clients to manage their internal resources more easily.
“In the area of cyber-related investment, we provide added value by allowing companies to prioritize their investment correctly, and create a model based on incentives which is helpful to the process of acquisition. In the crucial, forward-looking arena of preparedness, we help organizations by running attack simulations and we initiate monitored attacks, sometimes without the knowledge of the staff – but in coordination with the managers – and this helps identify breaches and close security gaps.”
Recently, the research company Forrester Research rated us as a Leader in the emerging MSSPs market. We’re currently moving full speed ahead in developing and expanding our center of operations in Israel. I believe that, in the coming years, we will continue to lead the area of managed security services while we broaden the scope and depth of our solutions and penetrate additional sectors in Israel and around the world.
Yuval Wollman is the President of CyberProof – the international cyber branch of the American corporation UST Global, a leading provider of digital technology solutions. Wollman has held senior positions in government, the security sector, and the business sector. He was the Director-General of the Intelligence Ministry and a Senior Economic Advisor to the Finance Minister.
Later, he held the position of VP Business Development for the IDB Group. Wollman served as an officer and commander of an elite intelligence unit of the Israel Defense Forces.
CyberProof specializes in providing comprehensive services and solutions for cybersecurity that are based on artificial intelligence and machine learning technologies. With its unique approach of risk-based cybersecurity, the company is truly a game-changer in the developing market of managed cybersecurity services. CyberProof was recently recognized by independent research firm Forrester Research as a Leader in the emerging MSSPs market.
CyberProof provides transparency and security for leading companies internationally – including Fortune 500 companies and some of the largest banking corporations in the world. CyberProof’s R&D and service center is located in Israel in the Azrieli Towers in Tel Aviv.