A Worldwide Cyber Warfare

Those who know – rarely speak. Those who speak – rarely know. But those who know and speak – are rare. I had the honor and pleasure of being in the company of such a rare person last Thursday,listening to him speak about the threats and dilemmas of cyber warfare on a global scale with applicability to the single corporate CISO.
His name is Haim Tomer, and he’s a Mossad veteran carrying the weight of 30 years of secrets in service of the Mossad. During his career, he served as the Chief of Counter-Terrorism, Chief of Intelligence and Chief of International Operations. For obvious reasons, it is difficult to find a picture of him online.

Mr. Tomer was the keynote speaker at the Pcysys Security Seminar, for CISOs, in Tel Aviv discussing the ways CISOs should manage their budgets and resources to stay afloat with the growing threat landscape and attack surface, yet not get fumbled with the many options of building their cybersecurity technology stack.

Haim has somewhat of a miracle-memory; his knowledge of the details of every attack or hack in the past decade (as much of the truth that has surfaced) was outstanding. He reviewed cyber attacks on each sector of the globe covering political elections, banks & financial markets, law firms, retailers, and critical power plant infrastructure.

At the same time, I was captivated by a great deal of detail and stories regarding who was behind what attack and the different kinds of attacks, players and motivations, but I was struggling to put together the full picture. Mr. Tomer read the crowd and set it off right then and there saying “many people ask themselves, what is really going on? Where is all of this going? Is it man or machine? State-level or simple cyber-crime? What is the story behind what seems to be an intensely increasing “all you can hack” global frenzy?

pen-testing

His modest answer was that no one really knows- even in the inner circles of the intelligence community, there are differences in opinion of where the attack vectors are going to hit next. However, there is a thesis that this is all training day; different parties are training and flexing their “cyber muscles” towards a type of conflict we have never seen. A “World War cyber” conflict on a scale we have not experienced in the history of mankind. We all know that electronic warfare and cyber-warfare are part of any modern warfare campaign, but it never crossed my mind of it being “the campaign”. Would it get bloody? How would the upper hand be determined? Who would be the winners and losers? Can we even imagine the reality of all the hacks from this decade happening in one day? What would happen if within 24 hours we got a combination of the equivalent of Stuxnet 2010’, Saudi Aramco 2012’, JPMC 2014’, Anthem medical data 2015’, WannaCry 2017’, Equifax 2017, Facebook 2018’ and the recent Marriott-Starwood breach 2018’? Would we all go back to the stone age as a result?

One thing is certain, the cyber arms race continues. Enterprises and corporates need to automate every aspect of the cybersecurity defense mechanisms of prevention, detection, and response – and without any less importance – the ability to measure their cybersecurity posture daily, automatically and continually pen-testing all their defenses to reveal and heal the real business vulnerabilities.

How Can Automated Penetration Testing Make Your Company Safer? Watch the Webinar.
Written by: Aviv Cohen
Show all articles by Aviv Cohen
Learn more about automated security validation
Resource center
Get blog updates via email
Trending
Four steps the financial industry can take to cope with their growing attack surface
Four steps the financial industry can take to cope with their growing attack surface

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobile banking apps, chat-based customer service, and other digital tools. Adobe’s 2022 FIS Trends Report, for instance, found that more than half of financial services and insurance firms surveyed experienced a notable increase […]

The elephant 🐘 in the cloud
The elephant 🐘 in the cloud

As much as we love the cloud, we fear it as well. We love it because cloud computing services of Amazon, Azure, and Google have transformed operational efficiency and costs, saving us money, time, and alleviating much of the IT burden. We also fear it because as companies moved to the cloud, they found that […]

A new era of tested Cloud Security is here
A new era of tested Cloud Security is here

Cloud computing has fundamentally changed how we operate. It’s efficient and scalable, but it’s not without some problems. Security is the biggest. As we’ve shifted to the cloud, we’ve exposed ourselves to new risks that can’t be ignored. The IBM Cost of a Data Breach 2023 Report points out that 11% of breaches are due […]

Learn more about our platform
Platform