Cybersecurity, how a hacker attack works: the Business interview with Eylam Tamary, founder of a company specializing in IT security
Eylam Tamary works in the world of cybersecurity and intelligence for about 20 years: since the concept of public cybersecurity was born, becoming no longer just a purely military issue. In recent years, his work has focused on making grow-ups and start-ups of Israeli companies that have created, and create, cybersecurity standards and methodologies followed all over the world. In 2018 he founded the “TAG COMPANY”, Since realizing, having lived for several years in Italy, that there was a lack of a true culture, full awareness, and the right sensitivity in understanding how necessary it is to secure the network of one’s company and, consequently, of one’s personal sphere.
The ethical mission of TAG is to be “Always one Step Ahead” to be able and suitable to evangelize enterprise companies and PAs, as well as system integrators, on the world, which is now more of a universe without borders, of cybersecurity and intelligence, bringing to the attention of the most innovative technologies and services on the market. What has been happening in recent months (not to say years) is proof of how real and absolutely necessary the need for cyber security is NOW. Now. So much so that, precisely on the concept of not wasting any more time, as can also be seen from the interview, he strongly argues that: “The fact that we are already behind the majority of European and above all non-European countries must make us reflect, to take positions and act quickly”.
Who is the attacker (hacker) and why is he attacking?
Those attacking are companies, real Enterprise-sized corporations with unlimited funds, given the amount of redemptions they have received, which invest at double speed in the development of technologies. Some of them in recent years have even joined in real congregations where each of them has specialized in a particular activity. Lately, in addition to having large internal capacities, some of them even have government-type information and funds
How does it attack?
Many talk about Ransomware, about encryption. Only recently has there been talk of the concept of the double ransom, that is the request for payment to have the encryption keys but above all that important information of the attacked company is not disclosed. In reality, Ransomware is what we call “the just cause”. It is only the final effect of a large amount of actions that attackers take to enter the company, map information, people, relationships; after this phase begins a phase of exfiltration of information to the outside. Only at the end of this process, which can last over 200 days (the latest estimate speaks of 287 days from IBM data source), does the encryption phase and the ransom request take place.
What are the consequences of an attack?
Multiple. The first most evident is the production stop. This causes damage that is calculable but it is the remaining consequences that have the greatest weight for the company and that can hardly be calculated. Payment of the ransom does not guarantee that you will receive the encryption key, but most of all, almost certainly, the information is already on sale or has already been used to plan and implement other attacks on related companies. A confidential email to one of our suppliers can be manipulated through social engineering techniques to do a whaling activity, that is, hijacking of payments. This can also happen retrospectively, much later. There is therefore considerable damage to the image, relationship and trust with customers, partners and suppliers. This last part is incalculable as damage but it is the largest part that has caused in certain situations the closure of extremely positive productive activities commercially speaking.
Who is the target of the attacks?
Right now we are talking about RaaS (Ransomware as a service). They are real market places where people even with little experience can buy attacks in service mode. The targets of these attacks can be anyone, any company, as attacking companies have been using artificial intelligence for much longer than we have. They have an impressive volume of information that can be used to initiate an attack phase. For now, social engineering is a major attack vector. This means that anyone who is present with their information on the internet right now is an attractive target
Is the supply chain in crisis?
Yes it is in crisis. The attack on major companies offering IT solutions for Cybersecurity began a long time ago. There was explicit evidence following the Solarwind attack. In reality this was perhaps the most striking case and brought up by the press but there are cases much further back in time. Today in Italy many companies have cybersecurity aspects managed in service mode through other suppliers. These are nothing more than an extension of the attack surface for a possible attacker but they are certainly much more interesting. Hitting a Vendor or hitting an IT or cybersecurity service provider means having the ease of hitting many at once.
What advice would you give to protect yourself from these attacks?
Adopt new methodologies. We have been talking about the Zero Trust methodology for some time. It is not a product or a service. It is a cybersecurity approach methodology that has been defined by authoritarian entities such as NIST, NSA and others. It is also discussed in the latest security reports written by IDG Communication Ing., IBM and many other players (Google and Microsoft for example) as a necessity to be undertaken in a short time to be able to cope with threats
How will cybersecurity evolve in the coming years?
If we do not change strongly and quickly, it will certainly be difficult to remain competitive with other countries. At this moment, governments, even close to us, have undertaken policies aimed at creating culture, right from school, regarding the safety of citizens. They have also implemented national security concepts, established “ministries”, incentives to make it easier for companies to take a path. Professionally speaking, the Italian market is extremely backward and confused by messages totally out of time with respect to the scenario we are experiencing
What are the biggest cybersecurity threats right now?
The loss of personal data due to so many data breaches, both in the public and private sectors, has created a huge base of attack. Unfortunately, the threats are multiple and easily implemented
Why do i have to worry about data security?
Because any information at this time is useful for creating one or more attack vectors. The more information the attacker has at his disposal, the more effective attack vectors are created to achieve the attack goal.