Leading cyber security speaker and senior researcher at the Tel Aviv University Interdisciplinary Cyber Research Center, Keren Elazari, sat down in this exciting interview to discuss her career. Discover Keren’s top tips for businesses wanting to protect themselves against cybercrimes and why she believes ransomware is on the rise.
What sparked your interest in cyber security?
“I was a very, very curious young little girl growing up in sunny Tel Aviv, and I would ask my parents so many questions. They taught me how to find the answers on my own. So, instead of a bedtime story, I got volumes of the encyclopaedia, and I had to navigate that encyclopaedia on my own.
“Then, when we first got access to the internet, they gave me my own computer. I had to teach myself how the internet worked if I was ever to find answers to my many, many questions. Teaching myself how the internet worked was actually by process of reverse engineering, by looking at how web pages were built and identifying flaws that allowed me to enter password–protected websites.
“Because I was really curious at the time, I didn’t even know this was part of the world of cybersecurity and hacking. It was through my discovery, through my exploration, through my curiosity that I learned about this incredible world of cybersecurity. And I’ve been passionate and curious about it ever since.”
How can businesses protect themselves against cybercrimes?
“So, my first lesson for organisations that want to protect themselves from cyber threats is to know yourself first – where are all your digital assets?
“In so many cases, I see security incidents that happen because the criminals know the network more intimately than the organisation. They understand where all the open holes and vulnerabilities are, they know how to trick your employees into clicking on a link or installing an application.
“So, understand your network. What’s your digital footprint? It starts with knowledge; it starts with really being insightful and knowledgeable about your environment because you don’t want the criminals to know more about your environment than you do.
“My second lesson is that it’s not just about the technology. So, it’s not just about buying the latest firewall or the best machine learning, AI driven network security technology. Trust me, I have designed and built those technologies, and they are great – but that’s not the cure all to cybersecurity threats.
“It’s a lot about the people. It’s about getting people to be part of your digital immune system, because the people that make everyday security decisions, they’re your first line of defence.
“You want to empower them. You want to make them knowledgeable about threats. You want to give them the information and the tools to make better security decisions.
“My third lesson is that you need to learn from hackers, because hackers are the early adopters of any new technology. They’re incredible innovators. Whether we like it or not,
they come up with really creative and clever ways to use technology, sometimes against us.
“So, there’s so much we can learn from identifying and studying the techniques that criminals use.”
With ransomware on the rise, what should businesses do if they are victims of a ransomware attack?
“Ransomware has been perhaps the most innovative and successful form of cyber-crime in the last few years, and I forecast that it’s only going to grow. It’s here to stay.
“Ransomware operators have innovated in the last 20 months. They’ve created ransomware as a service, they’ve created new business lines, new distribution models, new attack techniques.
“So, if you’re faced with a ransomware incident and you need to decide what to do, I’m not going to say pay or don’t pay. My advice is to negotiate, because in the negotiations themselves, you can learn a lot about how the attackers got in, what they’re after, and what their motivations are.
“And this can actually help a law enforcement investigation because the negotiators on behalf of the criminals might drop some information that’s valuable. Furthermore, in several cases, we know as a fact that the negotiations actually help to reduce the amount that was ultimately paid to the criminals.
“Now, I’m not necessarily advocating that you should pay ransom, but I would recommend being prepared and have that mindset of ‘what do we do if we’re hit with that incident?’.
“Who’s eligible on our behalf, in our business, in our organisation to even conduct this sort of negotiation or relationship? Is it a third-party adviser, a hostage negotiator? Is it your legal counsel or your CTO?
“This is vital, because it is happening to more and more businesses.”
This exclusive interview with Keren Elazari was conducted by Chris Tompkins.