Team8, a leader in Israeli cyber security, gathered top security professionals from the US and Israel to share emerging trends, including Dropbox and Cisco
Cyber security is likely the startup sector Israel is strongest in globally. This prowess was on full display at an elite gathering of cyber security professionals at Nasdaq on Thursday that was co-organized by Israel’s fastest rising star: Team8.
Team8 — a unique Israeli cyber security company co-founded by the former commander of the prestigious Israeli army intelligence unit 8200 Nadav Zafrir that incubates and funds startups, as well as serves as a think tank — along with Nasdaq and Eric Schmidt’s venture capital fund Innovation Endeavors held their second annual “Rethink Cyber” event at the NASDAQ Marketsite in New York City overlooking Times Square. The exclusive gathering brought together top security, startup, and investment professionals from the US and Israel to hear from leaders in cyber who could challenge the savvy crowd’s commonly held assumptions about cyber security.
Rethink Cyber‘s speakers, who spoke for eight minutes each, included Patrick Heim, Dropbox’s Head of Trust and Security; Bob Blakley, Citigroup’s Global Head of Information Security Innovation; Bret Hartman, Cisco System’s VP and CTO in their Security Business Group; and Shlomo Touboul, CEO of illusive networks, Team8’s first startup to have hit the market.
Here are some of the biggest lessons we learned from the second Rethink Cyber NYC.
1. You shouldn’t be that worried about your smartphone. This is what you should worry about instead
Patrick Heim, Head of Security at Dropbox, made a provocative point: Almost no big [cyber security] incidents come from mobile phone vulnerability.” Despite this little known fact, many cyber startups advertise that they protect people’s mobile phones from being hacked. This can become confusing for chief information security officers of large corporations since there are over 1,600 security vendors to choose from, creating what Heim terms as “risk noise.”
Instead, Heim suggested that CISOs and others focus on what does often create security breaches: “Passwords. That’s a real risk area to focus on.” (Heim would know about this, beyond other reasons, because Dropbox was hacked from stolen password and email data in 2012 that is now potentially being sold on the dark web.)
He cautioned that large tech companies would have to weigh whether to contract security vendors to help with specific in-house security issues or develop tools in house. In Dropbox’s case, he didn’t see any startup that had a tool that could track fraudulent abuse at the scale of Dropbox, which has over 500 million users. However, for many other companies, it could likely make more sense to use a cyber startup’s solutions.
2. Passwords will only be half the battle
David Baker, Okta’s Chief Security Officer, reminded the audience that even though security professionals want to create password-less authentication, such as fingerprint or biometric logins, that is only half the battle in protecting a network from being hacked. He cautioned, “The longer that session stays open, the less confident I am of that identity. It can be open to session stealing.” To guard against this, he suggests creating ways to “validate this continued access” in order to “constantly validate this password-less authentication.”
3. Encryption creates a false sense of security
Bret Hartman, Cisco Systems’ VP and CTO in their Security Business Group, said that while encryption is on the rise and may help protect your information while you’re surfing on the WiFi network at your local café, most hacks come from the backend of a network. For this reason, he thinks that encryption gives most people a false sense of security and creates challenges for law enforcement, particularly for cases that involve encrypted iPhones.
However, he detailed how Cisco is starting to develop ways to analyze encrypted traffic. “We analyzed encrypted traffic” in large part from meta data “and could determine malicious traffic with a high degree of accuracy because the world has subtle protocols, such as timing: [from this] we can get a lot and detect malware in encrypted traffic,” he asserted. While their work is still in the research phase, he said they will be launching products soon.
He also pointed out that they could leverage server APIs to check encrypted traffic. “To leverage server APIs, which is particularly true with cloud services, this is ideal if we use cloud service providers, and they give APIs, we can look from a server perspective without getting between the client server. Dropbox does this. Amazon and Salesforce do this too. If more of those cloud providers create these APIs, we can provide this solution based on APIs,” he posited.
4. 50% of the time, we have no idea how hacks of large manufacturing operations took place
In a speech from a presenter who preferred to remain anonymous, he lamented that in 50% of hacks against large manufacturers — and in particular attacks utilizing the Internet of Things — security professionals could not pinpoint how the interception occurred. He also warned that in 2009, there was only one cyber breach on “operational technology” (OT), otherwise known as manufacturing (this is in contrast to information technology, or IT, which inhabits networks and servers). So far this year, there have already been 295 attacks on OT.
His proposed solutions involved integrating IT discipline into OT security, having a good network segmentation model so that if one part of operations is affected, it will not bring down the entire company, and multi-protocol monitoring, which is a technical manner of saying ways to oversee telecommunications traffic. He noted that Team8 is already working in this last area with the launch of their latest startup, Claroty.
5. Quantum computing could bring on the next “apocalypse”
Bob Blakley, Citigroup’s Global Head of Information Security Innovation, ended the night with this message: “Quantum computing is going to be the next big enemy.”
“We have all sorts of secrets on the internet: identity, medical. If all of those secrets were to be released into the wild, it would not be the end of the world, but it would be a pretty bad day,” he said. Interestingly, he explained that the word “apocalypse actually doesn’t mean the end of the world, but a day in which there is ‘revelation,’ or all secrets are revealed.”
According to Blakley, folks like the NSA agree with him that this day could happen within the next 30 years if security professionals don’t start preparing for it. Thankfully, some are already doing so. But how? Well, that remains secret.