Cyber risks have become more common for everyone, but government bodies can be especially vulnerable. The National Cyber Directorate, the official Israeli regulating authority in this field, has taken responsibility to guide and enforce digital security to protect these institutions. However, when concerning smaller and private institutions in non-critical fields, there are a lot of reasons to be worried.
Retailers, small businesses, and service providers don’t get the same government support for implementing cyber security. Despite millions of customers entering sensitive information to these institutions every day, the precautions of cyber security are not substantial enough. From the time information is uploaded into the online network, whether through medical services or an online store, the consumer’s control of information reduces to zero. Users fall under the grace of the institution and depend on a certain degree of protection.
As cyber-attacks increase in frequency, they become part of our daily lives. In Israel alone, the most infamous ones include attacks on the Hillel Yaffe Medical Center, Shirbit insurance company, and the Atraf dating app. In 2021, 36% of Israeli companies reported cyber-attack attempts on their systems at least once a week, according to the Acronis cyber report. In addition, 27% reported attack attempts at least once a day. Moreover, about 7% reported attack attempts at least once an hour and only 8% reported no attempted hacks.
Security based on information sensitivity
As a tech powerhouse, Israel cannot ignore the importance of information security, especially as the founder of the National Cyber Directorate, which is considered a breakthrough institution globally. Israel must expand regulations and cover organizations that are not defined as critical. There are several ways to do this, including classifying businesses according to information sensitivity.
In Israel, to get a business license today, you need to get permission from multiple institutions including the police, the Health Ministry, the Fire & Rescue Authority, the Local Authority, and more. Though the list is daunting, there is a need to add clear cyber security regulations based on information classifications. To start, the regulator should provide clear security instructions for businesses: how to reduce attack attempts, how to act in cases of information leaking, etc. In the second stage, we must maintain enforcement and ensure regulations are not ignored. For these, we must add a committed demand to implement holistic defence systems according to an orderly standard.
In the past, quality cyber security systems were a privilege afforded to large businesses. Today, this service is a necessity for small businesses as well. As attacks grow in sophistication, security must grow alongside them. The variety of technical options and the importance of regulation emphasize the acute need to implement cyber security across different markets, from government institutions to small businesses alike.
Written by Gili Moller, Director of Product Management at Acronis