1
Tell us about your career in cybersecurity to date
For the first few years of my career, I served in the military as part of the Israeli Defence Force. My journey then led me to a career in cybersecurity, where I’ve been working now for over 20 years. During that time, I’ve founded and operated as CEO across two successful cyber companies, most recently Performanta. I specialise in two critical business areas, Data Loss Prevention (DLP) and Insider Threat, but my experience expands across several aspects of cyber in some form or another.
2
What does Cyber Safety mean to you?
As the founder of Cyber Safety, my mission is to help reform the way organisations address cybersecurity measures that are becoming increasingly critical to business operations. Cyber Safety represents a way of thinking and implementing cyber protocols that innovates ineffective methods that are commonplace in organisations across the globe.
Companies need to operate safely, not just feel safe. The ability to provide organisations with early warning views and enable fast defence adjustments can have a huge impact on risk reduction. When a company is breached, the Cyber Safety methodology allows them to limit the impact far quicker than traditional, outdated approaches, providing damage limitation and resolution in hours instead of days.
Equally, the ability to provide meaningful information to our clients’ stakeholders ensures a greater degree of alignment across the various contributors, reducing the likelihood of poor decision making and instead creating an overall safer environment. Ultimately, Cyber Safety brings cyber to the fore of business decision making, allowing organisations to operate with fewer threat-based limitations.
3
Why is Cyber Safety important to you and your organisation?
Cyber Safety is crucial to our organisation as it’s how we remain safe and secure. As a service provider, and a key entry point for attackers seeking to harm our clients, we must ensure that we are as protected as possible. Our role in the Cyber Safety Force means we are in a position to catalyse and implement effective change throughout the cyber community, leading businesses to a more impactful way of achieving true safety. In doing so, we allow organisations to focus on their planned operations without interruption, and at the same time negate the losses that occur through ineffective cybersecurity practices.
4
What are the three biggest Cyber Safety challenges facing businesses today?
With the growing sophistication of technology, Cyber Safety is under increasingly diverse and powerful threats. The transition from external threat to internal breach can be mitigated if three key challenges are overcome. First, businesses need to deliver company-wide context. Without it, relevant stakeholders cannot fully understand the situation and the chances of them making less than optimal decisions increase. If context is clearly demonstrated, businesses will gain a better scope of the challenge and find more effective solutions on how to resolve them.
Second, businesses can fall into the trap of ensuring security systems are compliant with auditors, leaving them with a false sense of safety, rather than producing systems designed to go beyond compliance and protect against actual threats. Cyber Safety is not a tick box exercise, but a protocol designed to ensure businesses are as safe as possible when it comes to existing threats and those waiting for us in the future. Adopting this mindset enables businesses to deploy defence systems that go beyond the bare minimum and start reducing significant risks to their operations.
Third, businesses need to be in control of their defences and must have systems in place to adapt quickly. If successful, organisations can reduce breach likelihood and contain eventual intruders with as much damage limitation as possible.
5
What more can be done to support businesses with improving their Cyber Safety?
Visibility is a pillar of Cyber Safety. Businesses need to know the exact situation they are in as opposed to solely relying on Security Theatre. With a high degree of visibility, businesses gain a holistic view of their cyber practices and are empowered to make more effective decisions.
Transparency is equally important. Without it, stakeholders find it difficult to garner thorough understanding of cyber risks and how well their business is equipped to deal with them. Transparency underpins resource prioritisation, investment and collaboration between departments, which is essential for businesses to operate more freely and with greater confidence in their systems.
While visibility and transparency allow key stakeholders to avoid making rash or ineffective decisions, providing accurate and data-led context enables them to make optimal choices in regard to the safety of their organisation. Without context, any plan for Cyber Safety is misguided.
Lastly, once stakeholders fully understand the risks, they must be able to deal with change management effectively and at pace. They must do so proactively to mitigate current and future threats, avoiding the practice of dealing with risks as they occur. Equally, companies must invest in ways to make defence changes in minutes or hours as opposed to the days or weeks that have become the industry standard.
6
Why do you think businesses generally prioritise cybersecurity ‘compliance’ without striving to champion best practice and true Cyber Safety?
For far too long, businesses have deemed compliance to be ‘good enough’. However, this is very rarely the case, and a lack of understanding here is dominant and only leads to further security issues down the line.
Complying with cybersecurity regulation is perceived as being more straightforward, less expensive, and altogether easier than truly achieving Cyber Safety. In today’s competitive business landscape, organisations are trying to save costs and resources wherever they can. However, the initial investment needed to become truly cyber safe far outweighs the losses associated with underperforming defences and eventual breaches.
The idea that being compliant directly translates to Cyber Safety is one of the key oversights witnessed in our industry. Just because businesses have long-established practices does not mean these measures are effective. Compliance is important, but it must alway be treated as a bare minimum and not the overall target. Being compliant with regulations is a good place to start, but it is just that, a starting point on the journey to true Cyber Safety.
7
How will online security continue to evolve in the years to come?
For years, cybersecurity has been siloed from other business practices and only properly focused on when a threat emerges. To change this, awareness of Cyber Safety and how to achieve it must become baked in, going beyond the responsibility of CISOs and becoming a collaborative objective for stakeholders across the business.
Achieving this will rely on the core principles of visibility and contextualisation. We’ll know that fundamental progress has been made once the impact and influence of Cyber Safety gains mainstream understanding and is deliberated and implemented proactively. A realignment towards Cyber Safety can also be evidenced once service providers helping businesses achieve their cyber goals are supported and nurtured, delivering more effective solutions in turn.
8
Which technology with the potential to improve Cyber Safety are you most excited about?
Intelligence tools such as Attack Service Management (ASM) across internal and external assets, and Automated Moving Target Defence (AMTD) play an important role in shaping the future of Cyber Safety. Data and identity are two critical elements of extended detection and response (XDR), and are often exploited by adversaries to gain entry to an organisation’s infrastructure. Intelligence tools are paramount to overcoming this threat.
9
Are there any other businesses you believe set the standard for Cyber Safety?
The purpose of the Cyber Safety Force is to spread awareness of a new method for operating safely, one that extends beyond any of the current practices. So in short, no other business is currently setting the standard for such an evolution. While this paints the current ecosystem in a bleak light, it provides added motivation for Performanta and myself to spread the word and help businesses realign in the immediate future. Some senior decision-makers already think the way we do, so we must support them on their journey.