Instead of producing an 'Iron Dome' for public mindset, regulators and companies that were hit, keep hiding behind walls, and are just building them higher. The hundreds of companies that kept quiet and paid a billion dollars in ransom in 2020 - only made sure future victims were only a matter of time.
Avi Muskal
Published in "Haaretz", 14 November 2021
We first became acquainted with the hacker group that went by the name Black Shadows, in December 2020, when it attacked a number of major companies, including Shirbit and KLS Capital. Back then, some people still questioned the assumption the attacks were terrorism.
Already then it was clear: the ransom demand was not the attackers' goal, but only smoke screen masking. The manner in which the negotiations were handled, and mainly the way social media and media organizations were used clarified this was terrorism, and its' purpose was to damage not only a particular company but the Israeli economy and public as a whole.
Shirbit management understood this in real time. Accordingly, it decided, rightly, not to cooperate with the attackers, and thereby prevented more serious damage. Ronen Tzur and I conveyed then that message on behalf of the company. Subsequent to this event, Shirbit invested heavily in advanced protection, which made it "super protected", as a senior director in the Israeli National Cyber Directorate said.
The problem is, that during the past year, Israeli "cyber border police" has remained virtual. Apart from some offensive actions - according to foreign media, and that we refrain from discussing - the defensive perspective on economy and on citizen privacy remained tactical rather than strategic.
In 2020, hundreds of Israeli companies paid a ransom in total of about $ 1 billion USD, according to a survey which was held by the Cyber Companies Forum at the Israeli Manufacturers Association. 87% of cybercrime victims did not complain at all, according to the State Comptroller, Matanyahu Engelman. The rest of the companies, and encouraged by the Cyber Authority, focused on raising the walls, that is, on equipping themselves with additional protection systems, usually subsequent to the attacks.
The fact that the attacker group, Black Shadows, which is assumed to be associated with Iran is currently attacking for the third time, and particularly the profile of their attacks' targets - indicate that our loophole remains to be the public mindset arena: Hillel Yaffe Medical Center, Mor Medical Institute, Local Radio Station FM103, and finally 'Atraf' LGBTQ dating website are all targets that were picked in order to profoundly hit public mindset. This suggests psychological warfare that goes beyond the immediate damage that information leakage causes. The fact some information was leaked at the same time, and even prior to the ransom demand, like in Shirbit case, made it very clear: this was terrorism.
When the goal is to morally blow the Israeli public, investing in cyber protection and advanced technologies do not cut it. While the attacker groups time their information-leaks according to the broadcast hours of major news editions, many companies continue to bury their heads in the sand. This ostrich policy of denial, is about keeping low profile and not about facing the situation. While the attackers clearly aim to sow panic across Israeli civil society, the Israeli cyber authority discusses a resilience pass for web hosting providers. The Knesset's Constitution, Law and Justice Committee is expected to discuss the issue in the coming days, but even there - only the legal response to the problem will be discussed. One month after the first cyber missile hit Hillel Yaffe governmental hospital, no ministerial voice was heard.
Just like the Iron Dome defensive system, leading companies, such that contain sensitive databases (including finance companies, infrastructure, and communications) must be provided with protection. In this context, it is necessary for companies' managements to not only invest in technology (in compliance with provisions of law on citizen privacy) but also get an "Anti-Crisis Vaccine". In the age of re-shaping the concept of privacy anew, the need for strategic communication response to cyberterrorism bargaining attacks must be recognized.
Anti-Crisis Vaccine should be based on the work assumption that cyber terrorism will continue. Therefore, we must formulate ahead an action plan for D-day. The plan should include technological and legal aspects response, and no less important: media and communications response. Even in an era when information is public domain, it's still the public's right to know what is being done with its' data, what has been revealed, and most importantly - how to ensure that no further damage is done. The "keep silent and pay" policy rewards terrorism. However, a senior official who will demonstrate responsibility, share information and reflect the situation (based on facts, not assessments) may miniaturize the potential psychological damage that such attackers can cause. At the same time, reporting journalists should also demonstrate a responsible approach, one that makes sure no personal details are revealed by mistake, even if they are available on Telegram. At the same time, it is best to avoid actions that can encourage the attackers and provide them incentives, such as interviews that serve them to reach out to victims, in real time. As a former journalist and editor, I am the last person to lend a hand to censorship or to posing restrictions, but this is certainly the case that requires discretion and responsibility on the part of broadcasters and publishers. The attackers did not need the media in order to identify "Atraf" website as a strategic target. However, the excessive ongoing reporting about it created expectations that have encouraged further leaks. While the data file which the attackers leaked vanished from the web within the hour, as did their Telegram page, the articles that report about the leak and about the people who were affected by it, remain online forever.
Comments