Michal Braverman-Blumenstyk, a recognized expert on cyber-security, is the global chief technology officer of Microsoft’s Cloud and Enterprise Security division. She previously held executive position in startups and global corporates and served in one of the Israeli Army’s top technology units. Braverman-Blumenstyk recently spoke to The Innovator about the cyber-security issues facing big corporates.
Q: How concerned should executives at big corporates be about cyber security?
MBB: The number of cyber breaches are increasing exponentially. It is clear now that cyber-security is a boardroom problem, not a technical problem.
Look at Yahoo [a data breach at Yahoo in August 2013 affected some three billion customer accounts]. This explains why Marissa Mayer did not get a bonus. And, in the case of the Equifax breach [which impacted about 44% of the adult American population] the CEO had to resign. So it is a CEO problem. A cyber breach can destroy a company.
This is something executives have to be concerned about. When it comes to the biggest threats to society for the first time in 70 years the threat of nuclear war has moved to number 2. Number three is terrorism and number one is cyber-security because it impacts all aspects of society from manipulating elections to destroying the economy to reality breaching and human breaching.
Q: What is reality breaching?
MBB: Reality breaching is fake news, telling lies about something that happened. It is about creating fake realities. Recently several celebrities were said to have appeared in porno movies. It looked real thanks to AI and machine learning . Another example is that IoT [Internet of Things] means that everything is connected and all those security cameras will many times catch crimes being committed and the film be admissible in a court of law. But what if someone implants a movie in a security camera? You could frame someone. What if someone created a movie of a world leader talking with ISIS? This is the problem with fake reality. It is increasingly difficult to tell what is real and what is not.
Q: And human breaching? Please explain what that is.
MBB: Hacking humans. Pacemakers and electronically implanted insulin pumps can be hacked. So can your navigation application. It could be directed to make you run off a cliff or enter a very dangerous neighborhood. Yes this is scary but scary does not have to mean we go backwards. We should embrace connectivity and technology advances but be aware that there are malicious criminals.
Q: So what should big corporates do?
MBB: You have to make sure you are doing everything you can in terms of prevention — that you have good locks on the door -but once there is a break in you also need to use machine learning to detect anomalies.
Q: But isn’t the problem that some cyber security systems issue many false alerts?
MBB: It is important that those systems are very smart and know how to filter out false alerts. You need collaboration between solutions that are integrated to take all the Big Data and give you small bits of actionable information.
Q: Which offers better cyber security: on-premise or cloud solutions?
MBB: Some clients believe that the cloud is less safe than on-premise. It reminds me of the past when people thought it was safer to put money under the mattress then to trust a bank. If a cloud provider is doing their job correctly there is built-in security and more visibility. If cloud providers see an attack on one tenant they can move right away to protect the rest of the tenants.
Q: What sorts of trends are you seeing? Are the types of attacks changing?
MBB: In the past most of the attacks were about stealing money or data. Now we are seeing different types of attacks. The Mirai attack over a year ago was the biggest denial of service attack ever, it took down sites like Amazon, Paypal, Netflix and Spotify. Criminals have also infected millions of IoT devices — everything from baby monitors to refrigerators — but that doesn’t mean we need to back to the Dark Ages. We just need to find ways to protect IoT devices.
Cyber criminals are people that are both technology savvy and business oriented. They are creating very shrewd startups that create malware and trade and market it. They are very creative in the technology and in the marketing. We have to be even more innovative to keep one step ahead of them. It is like playing chess but it is more and more difficult because the rules keep changing and evolving.