INTERVIEW
WHY PROACTIVE PREVENTION IS THE BEST STRATEGY MAYA HOROWITZ, VP RESEARCH AT CHECK POINT SOFTWARE, TALKS ABOUT KEY CYBERSECURITY TRENDS TO WATCH OUT FOR THIS YEAR.
W
hat did you showcase at GISEC Global 2022? At GISEC, we showcased all of our product lines. Today, you see fifth-generation attacks across networks, cloud, and endpoints. Our main focus at the show was our Infinity architecture, which offers protection against these threat vectors and simplifies security management. Infinity architecture is based on two primary principles. The first one is that we do prevention. Infinity platform is powered by our cyber threat intelligence database, which correlates data from our customers. Our top priority is to ensure that we don’t block real traffic and create false positives. We want our customers to use this platform to stop the attacks, not just see something has happened. The second one is to be a holistic solution. We don’t believe in point solutions but an integrated threat prevention platform that can protect the entire IT infrastructure of our customers and help them stay ahead of threat actors. What has been the impact of this pandemic on the threat landscape? It has gotten worse. Our 2022 security report revealed that organisations experienced a 50 percent increase in weekly cyber-attacks last year. It is because these attacks are more successful and lucrative. We have also seen evolving attacks on mobile devices, major cloud services vulnerabilities, and supply chain attacks. The move to remote and hybrid work has expanded the attack surface because employees now connect from everywhere. Because this transition was done so fast, no one had time to think about security. As a result, threat actors are growing in confidence and sophistication. 40
CXO INSIGHT ME
APRIL 2022
of these types of attacks, and they could come from anywhere. It is true nationstates are using ransomware more than ever before, and sometimes they do it to extort money. However, the good news is that governments and law enforcement agencies worldwide are cracking down on these ransomware groups.
What kind of key attack vectors and techniques do you see now? One of the most prevalent vulnerabilities is remote code execution. We also see many DDoS attacks. But, the most interesting thing is the rise in the number of ransomware attacks, which cost its victims millions of dollars and stolen data. Especially in the past year, we have seen the emergence of a large number of ransomware and wipers, which are ransomware without a key, targeted at critical infrastructure, leading to massive disruption of day-to-day lives and posing grievous harm to physical security. Have there been any nation-state attacks against critical infrastructure in the Middle East? There have been some of them, but we don’t really know whether these are nationstates or cybercriminals. Some of these attacks were attributed to cyber-criminal gangs like in the case of the Colonial Pipeline attack in the US. But there are others like the attacks on railways and gas stations in Iran, for which no one has claimed to be responsible. So it could be external or internal. We see more and more
Should companies pay after ransomware attacks? That is a million-dollar question. The more you pay, the more will be the number of attacks. So FBI and other law enforcement agencies recommend not paying the ransom. But on the other hand, if it is a hospital where human lives are dependent on systems, it is harder to say don’t pay. So the best thing is to be prepared with a plan and block these attacks. It is important to note that the nature of ransomware attacks is changing. The ones who attacked Nvidia and Samsung didn’t even encrypt the files; they just stole them. So, it is no longer about protecting your backup servers. Yes, backup is important. But you need to prevent data from getting exfiltrated out of the network. Do you see more supply chain attacks now? When we released our cybersecurity trends report in mid-2021, we said this was the hottest thing because there were high-profile supply chain attacks against SolardWinds, Kaseya, etc. In addition, we saw the emergence of ransomware gangs like REvil. But it’s stopped now. Although we saw vulnerabilities like Log4j, which would have been perfect to be exploited for supply chain attacks, it is not something we see too much of now. Maybe, these attacks have become more sophisticated, something only top-tier threat actors can carry out.
