The Israelis Leading the Fight Against Cyberattacks on the Banks

Seven cyber experts are helping financial institutions worldwide combat the threat of data security hacks: It’s the good guys against the bad guys, says one

Israeli cybersecurity experts Iftah Bratspiess, Avi Rosen, Amichai Shulman, David Mimran, Isaac Zack, Oren Shnitzer.
Israeli cybersecurity experts Iftah Bratspiess, Avi Rosen, Amichai Shulman, David Mimran, Isaac Zack, Oren Shnitzer. Ofer Vaknin

In February 2016, one of the biggest cyberattacks in the history of data security went down, when hackers managed to fool the Bangladeshi central bank’s interbank money transfer system (part of the international SWIFT system), stealing $850 million. The breach was only discovered because of a silly spelling mistake by the burglars, thanks to which most of the money was recovered. They did, however, get away with $81 million.

The hacking of banks is on the rise. A KPMG report from September 2016 listed other big attacks: In January 2015, $12 million was stolen from an Ecuadorian bank called BDA through illegal money transfers discovered only 15 months later; while Vietnamese bank Tien Phong foiled a $1 million SWIFT heist in May 2016.

A recent Verizon report analyzing more than 2,000 hacking attacks says the finance establishment is the biggest target, attracting 24% of attacks, followed by health care (15%), retail and hosting (15%), and the public sector (12%). The banks’ transition to digital, plus increasing self-service online, has helped customers, but also made them more vulnerable.

Yet the banks try to keep it quiet: information sharing would be useful, but they tend not to. Even though customers don’t particularly want to hear that their bank lost millions to thieves, that’s changing, and a group of seven Israeli cyber experts has connected with eight international banks to set up a system for exchange of information and to analyze attacks. They’re all working on a volunteer basis: their goal is to prepare for the future cyber world.

Each of the Group of Seven (GO7 – not to be confused with the same-named G7) has decades of experience in data security. The banks in the Cyber Defense Alliance include Lloyds, Santander, Barclays and Deutsche Bank.

Banks aren’t digital morons, but they need help staying abreast of threats, says Isaac Zack, technology angel and partner in Founders Group, who introduced the CDA to GO7.

An advertisement about the Microsoft Cybercrime Center playing behind a window reflecting a nearby building at the Microsoft office in Cambridge, Massachusetts, May 2017.
BRIAN SNYDER/REUTERS

Disarm and reconstruct

“We recreate the file without the threat component, which applies to both known threats and unknown ones,” says Oren Shnitzer, co-founder of ReSec Technologies, formerly security manager at Microsoft and a member of GO7. “We know how to protect email, the browser, the USB flash drive – every way files can get into an organization.” Founded in 2010, ReSec engages in CDR (“Content Disarm & Reconstruction”). Its clients include Bank Hapoalim and telecoms giant Bezeq.

Another G07 member is Amichai Shulman, co-founder and chief technology officer at Imperva. He has been in data security for 25 years, eight of them in the army. The third is Avi Rosen, co-founder of Kaymera Technologies, which engages in data security for mobile devices.

The fourth member is Iftah Bratspiess of Sepio Systems, which protects companies against device supply chain attacks. Or, in other words, Sepio is dealing with the challenges posed by the internet of things – from infected USB flash drives to mice to keyboards.

The fifth member is David Mimran, who never finished high school but is chief technology officer at Deutsche Telekom labs, which has collaborative relations with Ben-Gurion University of the Negev in Be’er Sheva.

The last two are experts on cyber offense. One declines to be named, but the other is Natan Bandler of Cyiot, which scans airwaves within organizations to identify and block breaches.

How does GO7 work? In collaboration with the banks, which openly provide information about cyber threats.

Don’t the banks have cybersecurity divisions of their own? “These are the biggest entities in the world, and also the most vulnerable. They’re on the front line,” says Bratspiess. “They don’t need us to investigate the event and explain what happened in hindsight. They can do that. We help them look ahead … it’s a great combination of Israeli innovation and the banks’ need to get beyond their paradigm.”

“Why do banks get robbed? Because that’s where the money is,” says Shulman, repeating a chestnut. “Although banks are perceived as conservative, in cyber terms they’re trying to get in as early as possible, and are open to experiments. They live with the threat on a daily basis. A tire retailer online might also be attacked every day, but its awareness of the threat is low and it’s harder to create a dialogue with it.”

Why give the banks the service for free? GO7 gains exposure to unbiased information about client needs and limitations, Shnitzer says. “It’s an opportunity for us to promote technologies that we know and believe in.”

They also learn how to sell to the banks, Shulman says. Also, once a giant adopts a technology, it will filter down, adds Bratspiess.

It’s the good guys against the bad guys, says Mimran, who describes himself as “the pessimistic type.” Now that advanced computing systems are commonplace, anybody with a keyboard and brain can become a master hacker, and he admits concerns about AI being harnessed for evil.

Shulman sees an escalation in cyberattacks: problems once unique to the banks are now commonplace in business in general. Also, once there were hackers, now there is organized cybercrime – “a whole industry in which aggressive services are bought and sold,” adds Shulman.

Israel now has about 400 startups engaged in cyber security, but Shnitzer doesn’t feel that this takes it into bubble territory. The need for creative solutions is greater than ever, and the big security companies – especially the antivirus and firewall crowd – are lagging, he says.