Cyber 2020
Organizations Are Ill-Prepared for Cyberattacks, Says Cyber Law Expert
Nimrod Kozlovski, partner at Israel-based law firm Herzog, Fox, Neeman, and lecturer at Tel Aviv University spoke Monday at Calcalist’s Cyber 2020 conference
It is amazing to realize that big pharma companies, infrastructure, and banks, are not safeguarding their data, do not keep organized security systems that can provide information on breaches, and do not have procedures in place to allow for a thorough investigation, Kozlovski said.
Kozlovski mentioned two events he was involved with: a big financial firm that got a threat that included a list of some 50 major clients, complete with bank account and deposit information, and a hospital doctor that paid a $500 ransom to hackers that blocked access to his computer, where patient medical files were stored. The doctor failed to report the incident until he realized the medical data was now scrambled, confusing the file of a five-year-old patient with that of a 70-year-old man, Kozlovski said.
“That is where we come in,” Kozlovski said. With the financial firm, we had to run a process of forensics, to figure out the seriousness and extent of the event, he said. “Was it just a printout that somebody failed to shred and ended up in the wrong hands, a contained computer breach, or did someone still the company’s complete client list?” The latter of which would require involving the police and the Israeli Internal Security Service (Shin Bet), he said.
With the hospital, the most important thing was to figure out if the two incidents were in fact related because the blunder could also have been caused by human error, Kozlovski said.”If someone did manage to hack the medical registry, they can encrypt it and change it, which means patients might receive treatment based on the wrong medical data,” he said. “No doctor would dare treat a patient when there is reason to believe the data has been tainted.”
- You Don’t Need to Be a Genius to Launch a Successful Cyberattack, Says Cybercrime Researcher
- Intelligence Is Vital to Protecting Company Assets, Says Verint VP
- Cisco’s Threat Intelligence Team Sees 195 Billion Requests Daily, Says Cisco Cybersecurity Exec
Organizations have to be prepared and need security systems that can issue detailed, accurate reports on any incident, so it would be possible to cross-reference information and form a strategy in a timely manner, Kozlovski said.