Israel is a world leader in defense against cyber attacks on critical infrastructure and the military, but when it comes to protecting companies, the country lags most of the developed world, says Gabi Siboni, director of the Cyber Warfare Program at the Institute for National Security Studies.
- Israel's enemies are able to launch major cyber attack, defense expert says
- Indonesia and Israel to ally on cyber-war?
- Who protects the Israeli civilian home front from cyber attack?
- IDF forms new force to combat cyber warfare
- Geeks pile into Tel Aviv as tech conference season begins
- Cyber warfare unregulated, says IDF adviser
“Compared to many other developed countries including the United States, Israel is behind in protecting its business sector from cyber attacks,” Siboni, who also heads the Military and Strategic Affairs program at the INSS, told TheMarker. “That’s something that poses a danger not just to companies but to economic stability, because our exports are based on technological innovation.”
As far back as 2003, Israel formed a special unit to fight cyber attacks, but no equivalent campaign has been undertaken for or by the corporate sector.
Together with Shahar Argaman, head of the National Cyber Bureau, Siboni recently completed research on Israeli companies’ preparedness against cyber attacks. On Tuesday he hosted a conference on how businesses can defend themselves. Israel is especially vulnerable to cyber espionage because its economy is so geared to high technology.
“Much of industry is based on technological innovation and unique intellectual property, which for the Israeli economy is very significant,” the report says. “Israel’s startup industry is a world leader, which increases the motivation [for others] to conduct industrial espionage.”
Because the most advanced spying software is impervious to detection by the network-security software that most companies use, businesses are spied on even if they're unaware of it, the report’s authors assume.
It’s hard to put a dollar figure on the damage to Israeli business, but the report estimates it at $2.5 billion annually, or 1% of gross domestic product. Still, this understates the problem because it does not include theft of Internet protocol from startups.
An estimate by business research firm Meidata, which was commissioned by the National Cyber Bureau, put the annual damage at $1 billion to $3 billion.
The U.S. national security assessment for 2013 puts the cyber threat at the top of national security challenges, ahead of terrorism and the spread of weapons of mass destruction.
Security researchers in the United States estimate that only 6% of American companies that have suffered a cyber attack ever detect it – a figure that experts assume is about the same in Israel. This makes it difficult to assess the scope of the problem. Even when companies discover they are being spied on and identify spyware in their computer networks, they usually don’t know what has been seen or taken.
The costs of a more extensive investigation deter most companies from doing more than removing the threat and erecting defenses to ensure that it doesn’t happen again. Many businesses prefer to sweep the matter under the rug so as not to scare customers or business partners.
Small and midsized companies are presumably the most vulnerable because they lack the resources, but Siboni says bigger companies are at risk, too.
“If the Chinese managed, as has been reported, to attack Lockheed Martin and steal the F-35 [fighter jet] plans, this can happen to the biggest,” he says. “The government needs to ensure that the business sector takes basic measures to protect itself based on the sensitivity of the business to espionage. This isn’t any different than demanding that a company not pour toxins into the environment.”
The need for security also extends to nonprofit groups such as academic research institutes that deal in militarily sensitive issues, he adds.
Siboni and Argaman note that Israel has no requirement for companies to report the presence of spyware in their computer systems, apart from industry-specific rules for banking and defense firms.