Just imagine, one morning in 2026 you get up, wash your face, eat breakfast, and get into the smart car that will take you to your place of work while you read your email on the front screen of the car.
During the trip, you suddenly realize that the car has taken an unfamiliar path. You try to change course, but the car does not respond to your actions and continues traveling toward an unfamiliar destination.
While trying to make an emergency call, you receive notification that your mobile phone has been encoded. At this moment you are also unable to inform anyone you are traveling in a locked car with an encoded phone to an unknown destination.
Does this sound scary, like something taken from a science fiction story? Actually this is a totally realistic and feasible cyber scenario, constituting a threat on both the national threat level as well as from criminal organizations. At present, the world of organizational cyber security is in a constant state of closing gaps, and does not correspond to the way attackers view the web, including goals and ways of achieving them on the national, criminal organization, and individual attacker levels.
At present, the way in which Zero Day exploits are carried out (attacks that are unknown and generally victim-specific) is effective and highly sophisticated. It combines taking advantage of end users’ lack of awareness together with broad gaps in organizations’ cyber security as well as slow response capability.
Furthermore, from the aspect of organizational cyber budgets as opposed to the cyber resources of hostile countries and the world of organized crime, the balance is clearly in favor of the hostile side of the equation.
The cyber solutions market is currently saturated with hundreds if not thousands of different solutions. The vast majority are focused on bridging information security gaps in certain areas of the organization, such as: end users, the data center, web connectivity, the database, and recently also protection of the world of wireless access, mobile, industrial controllers (ICT) and the Internet of Things.
This proliferation of solutions poses a serious challenge to the organization’s board of directors and IT management: prioritization and decision-making with regard to the purchase of products corresponding to problems that exist in the field, as opposed to leaving certain areas exposed to attack by hackers.
At present, the process of building an organization's defense is divided into two main stages, carried out by different types of companies. The first process is checking the organization’s penetrability at a certain point in time. This involves an in-depth report on the existing state, and determines what should be done, according to the findings and the organization’s external and internal condition.
This process is usually performed by consulting companies (not the ones providing the subsequent actual solutions. Upon completing the consulting stage, the organization’s management proceeds to the second process – building the budget according to the findings, embarking on massive procurement of products and assimilation of various integration companies, to implement findings and fall into line with audit results. At best, this process takes several months; however, when carried out less efficiently it can take up to a year and a half.
As part of my job as Business Development Manager in EMC Dell’s Cyber Solutions Group (CSG), I often visit the company’s global clients, and represent the company at various cyber conferences. In ongoing discussions initiated on the global CISO, CXO and CIO levels, as well as senior RISK managers, it appears that the vast majority understand the gap that currently exists, between the organizational security doctrine and the attack doctrine of malicious elements – which gives the attackers a definite advantage.
“To create a more effective solution for the future world of cyber attacks, we need to change both discourse and doctrine – on the part of the producers' industry and consulting companies on the one hand, and the clients on the other hand. We need to adopt a holistic, proactive approach which examines the organization from end to end on an ongoing basis – from the organization’s consulting, methodologies and proactive security aspects.”
In today’s fluid cyber world, and certainly that of the future, we must act at least as quickly as the malicious world trying to infiltrate organizations in order to steal information, hold information for ransom, harm their reputations, and other malicious purposes.
For this purpose, we must work in cooperation and share information on security and response methods—both within particular industries and on various levels in the country–between the various producers and the various consulting companies. What our ‘counterparts’ in the malicious world do on the Dark Web, we can do on the regular web.
EMC Dell’s Cyber Solutions Group is located in Israel’s cyber capital, Beersheba, a city gaining renown in world political circles as one of the world’s leading cyber capitals.
The Group was established five years ago, simultaneously with the national CERT, and has been a leading partner in establishing and developing the management platform and the assigning of analysts in the national CERT, the energy CERT, and another two sectorial CERTs soon to be established.
From this position, EMC Dell’s Cyber Solutions Group has developed a unique, innovative operational concept motivated by a concept of cooperation between the state, the various government ministries, critical national institutions, and financial and private organizations which, if jeopardized, could lead to national catastrophe.
This concept entails a global capability of building a proactive security methodology with unique adaptability on the national level, to government ministries, industries of different types , and the unique needs of a specific enterprise.
What makes EMC Dell’s Cyber Solutions Group unique is its ability to combine consulting capabilities with hands-on capabilities. Thus, enterprise customers may benefit from integration of the two hitherto separate processes – consulting and procurement and integration.
In other words, the Group enters large organizations in order to carry out an end-to-end process of methodological and practical improvement in the cyber area. Thus, together with the customer, both a long-term and short-term holistic plan is determined. It is then implemented through a resilience process, building of a deep methodology and multi-process implementation employing Agile methodology, suited to the fluid cyber world of the future.
Over the last year alone, we have seen how the same attack, Lockergoga, is repeated again and again in the same industry in different companies at intervals of several months. The clear conclusion from this is that a deep global network of cooperation between global companies, critical infrastructures and countries (with emphasis on real-time updates on attacks and ways of dealing with them in real time) will create the ability to prevent recurrent attacks by the same attacker, and enable handling them in a more effective way in real time.
In this area, we may note Norsk Hydro as a company which has responded in such an effective and cooperative manner over the last year. From the moment of attack until now, it has shared a great deal of information on a daily basis on an open website. This response has also created a high level of trust among the company’s investors, and has thus prevented its shares from falling. In other words, such sharing of information and the way the organization’s top management handles a cyber event, transparently to investors, has a positive economic impact.
In addition, there seems to be a recurring trickle of attacks created on the national level to the Dark Web, and then used by hackers belonging to criminal organizations, to extort money in a ransomware configuration. For example, NotPetya; the vast majority of business organizations are unable to cope with attacks of this kind, which require security capabilities on the national level, significantly higher than theirs.
Another important matter worthy of attention is the urgent need for organizations to understand the need for a more in-depth examination of applicative content, software and hardware updates and web connectivity – before connecting them to the organization’s production environment. Now and in the foreseeable future, these will be part of our cars, our smart homes, the planes we fly in and the ships of our pleasure cruises; essentially, an integral part of our environment.
For example, we have recently been witness to a number of ‘unexplained’ occurrences, involving an alarming leak of customer data from Alexa, Amazon’s smart home representative. Now imagine it had been invaded by a hacker, intentionally changing your everyday life for a malicious economic purpose, or even worse. In addition, only recently, aircraft giant Airbus has given notification of unauthorized access to its multimedia system, a matter still being investigated, although defined by the company as “not of great concern…”
For this purpose, enterprise organizations holding important personal information about us or making products that go online, including third party organizations who ‘just’ collect the data for marketing analysis purposes, should establish designated cyber labs and examine on a current basis each solution, application, change of code, updates, etc. in a separate lab atmosphere that simulates the organization’s production environment.
This, in order to gain an in-depth understanding of the risks involved in changes planned for the production environment, and examine on an ongoing basis the organization’s resistance to cyber threats.
One of the most troublesome points in organizations in the lack of ability to effectively handle recovery from cyberattacks. When speaking of small to medium organization, this issue could lead to bankruptcy. With regard to huge organizations such as Under Armour, Facebook and Norsk, this could lead to hundreds of millions of dollars in losses.
When dealing with this matter, companies’ boards of directors need to thoroughly understand the difference between ability to recover from disasters such as natural disasters and fires, and ability to recover from cyberattacks. These are two totally different kinds of recovery, and the way of preparing for them is absolutely different too.
To recover from cyberattack, the organization must build a totally protected third copy, an offline air gap backup, continuously examined for absence of cyber malware. Thus, the IT manager can assure the company’s management and board of directors that a ‘golden copy’ exists, if the need should arise for disaster recovery.
It should be noted that this should be a continuous test with a long-term solution, not a test at a given point in time (as part of a risk assessment, the current practice in most organizations) which is practically meaningless with regard to the above need.
To conclude, in order not to wake up one day to a world in which thousands of cars are traveling independently in directions other than planned, and their owners’ cellular devices are encoded and locked; or a world in which hackers have shut down the power supply and contaminated the water sources of the world’s five largest cities, we must create cooperation within the cyber security industry, together with various other industries and on the national level. This will grow and become a real power multiplier, creating much faster, more effective and precise response capabilities, for dealing with the cyber threats faced in the future.
Paul Mee and Til Schuermann have said (Harvard Business Review, September 2018): "We rank cyber attacks as the greatest threat facing today’s business world, even greater than terrorism, economic bubbles and other risks."
One way of addressing the future needs of states, armies and enterprise customers in the cyber world is unique development tailor-made for the customer, corresponding to his business objectives, combined with a high degree of congruence to the changes occurring on a daily basis in the offensive cyber world.
To deal with this need, EMC Dell’s Cyber Solutions Group carries out designated key projects for development of end-to-end solutions, in response to unique customer requirements for non-standard solutions corresponding to customers’ current and future business needs.
To carry out these projects, the Group relies on cyber security professionals on the highest level, with a great deal of operational experience in multi-technology projects.
One of the most prominent and interesting examples of a solution created from a unique customer project is the Playground solution – designed for orchestration, automation and optimization of the organizational cyber world in the Proactive Malware Defense area.
One of the gaps identified in conversations with major enterprise customers is the ability to make a decision on quick, effective and high-quality detection of malware in real time, as well as the ability to perform quick, automatic forensics.
For this purpose, the Group has developed a designated solution: Proactive Malware Orchestration, Automation & Optimization, which may be customized according to type of customer, environment and customer’s unique requirements.
Another prominent example of a unique solution created in the Group as part of a designated customer project is the container world solution, currently and in the foreseeable future constituting the leading development environment for Dev-Ops developers.
A significant problem in this kind of development is that of information security, due to easy access of developers to a multitude of tools, most of which are open source based. This creates a major ‘headache’ for the organization’s cyber security team.
To deal with this issue, the Group has developed the Pheonix solution, a solution for continued protection of the container world employing Moving Target Defense (MTD) technology.