Page 101 - Cyber Defense eMagazine September 2023
P. 101

advantages attackers in a number of ways. Firstly, they are more likely to receive (and retain) any sort of
            ransom payment if authorities are never involved. Secondly, unreported and unpatched vulnerabilities
            offer an opportunity for hackers to expand their operations under the radar. Only the introduction and
            enforcement of comprehensive regulations that mandate cyber incident reporting will force organizations
            to adopt true transparency when they are attacked. In some regions, such as the EU,  the NIS2 directive
            mandates cyber incident reporting, while in other regions it has not yet become mandatory.



            What other strategies can we adopt then?


            Rather than attempting to patch our way to perfect protection, we can accept that human error will always
            be a factor and shift focus from access interception to outcome prevention. Assume that breaches will
            happen. Then what? If we can find a way to better define the level of privileges of our workers, and
            educate them about the threats, intruders will have a much harder task. Their access becomes much
            less threatening. A hacker with access but no abilities is a lot less problematic and a lot more fixable than
            the alternative, especially when they are an insider with privileged knowledge. Zero Trust is the key to
            defeating insider attacks because it’s not insiders that are the problem - it’s insider privilege. Manage and
            monitor that privilege and you can eliminate the attack vector.






            About the Author

            Moty  Kanias,  Vice  President  of  Cyber  Strategy  and  Alliances  for
            NanoLock, is a veteran of the Israeli security forces (Col. res) with
            vast experience in cyber security, counter-intelligence and insiders
            threats. In his previous position, Moty served as a senior executive
            in the Israeli Prime Minister's office, managing research of new civil
            defense & aerospace technologies. Previously, Moty served as the
            head of counter-intelligence and cyber threats research branch in the
            IDF and his work was awarded several certificates of excellence.

            Moty also served as a division manager in the ministry of Defense
            Security Authority (D.S.D.E - Directorate of Security of the Defense
            Establishment),  leading  a  counter-intelligence  task  force  that
            researched cyber technologies and human vulnerabilities, such as insiders. Moty holds a BA in history
            and Jewish philosophy from Tel Aviv University.

            Moty can be reached online at ([email protected]) and more information can be found on the
            company website https://www.nanolocksecurity.com/









            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          101
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   96   97   98   99   100   101   102   103   104   105   106