Page 101 - Cyber Defense eMagazine September 2023
P. 101
advantages attackers in a number of ways. Firstly, they are more likely to receive (and retain) any sort of
ransom payment if authorities are never involved. Secondly, unreported and unpatched vulnerabilities
offer an opportunity for hackers to expand their operations under the radar. Only the introduction and
enforcement of comprehensive regulations that mandate cyber incident reporting will force organizations
to adopt true transparency when they are attacked. In some regions, such as the EU, the NIS2 directive
mandates cyber incident reporting, while in other regions it has not yet become mandatory.
What other strategies can we adopt then?
Rather than attempting to patch our way to perfect protection, we can accept that human error will always
be a factor and shift focus from access interception to outcome prevention. Assume that breaches will
happen. Then what? If we can find a way to better define the level of privileges of our workers, and
educate them about the threats, intruders will have a much harder task. Their access becomes much
less threatening. A hacker with access but no abilities is a lot less problematic and a lot more fixable than
the alternative, especially when they are an insider with privileged knowledge. Zero Trust is the key to
defeating insider attacks because it’s not insiders that are the problem - it’s insider privilege. Manage and
monitor that privilege and you can eliminate the attack vector.
About the Author
Moty Kanias, Vice President of Cyber Strategy and Alliances for
NanoLock, is a veteran of the Israeli security forces (Col. res) with
vast experience in cyber security, counter-intelligence and insiders
threats. In his previous position, Moty served as a senior executive
in the Israeli Prime Minister's office, managing research of new civil
defense & aerospace technologies. Previously, Moty served as the
head of counter-intelligence and cyber threats research branch in the
IDF and his work was awarded several certificates of excellence.
Moty also served as a division manager in the ministry of Defense
Security Authority (D.S.D.E - Directorate of Security of the Defense
Establishment), leading a counter-intelligence task force that
researched cyber technologies and human vulnerabilities, such as insiders. Moty holds a BA in history
and Jewish philosophy from Tel Aviv University.
Moty can be reached online at ([email protected]) and more information can be found on the
company website https://www.nanolocksecurity.com/
Cyber Defense eMagazine – September 2023 Edition 101
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.