Nadav Avital

Opinion
The next October 7th? A grim cyber forecast

Cybersecurity in Israeli local authorities is critically underfunded and poorly planned, according to a State Comptroller report. This lack of preparedness and enforcement endangers vital infrastructures amidst a rise in cyber-attack attempts, writes Imperva's Director of Threat Research Nadav Avital.

People tend to have the mistaken perception that their private information is protected by the website they use, especially if it's an official site of the state or local authority. This week proved otherwise: the State Comptroller's report on cybersecurity in Israel does not bode well and its findings are disturbing, especially in light of the constant increase in cyber-attack attempts against Israeli websites and government symbols. The report noted that the cybersecurity of many local authorities suffers from significant gaps, including the absence of a work plan to deal with cyber events and a lack of dedicated budget for information security.
1 View gallery
נדב אביטל ראש קבוצת מחקר ואיומים בחברת אימפרבה
נדב אביטל ראש קבוצת מחקר ואיומים בחברת אימפרבה
Nadav Avital
(Photo: Imperva)
This is an issue enshrined in Israeli law. It requires an introduction to the "Privacy Protection Law," an Israeli law that establishes a series of obligations and restrictions on the owner of a database to protect the privacy of individuals whose information is stored in it. In other words, every database owner is obliged to secure it properly. However, there is no official state standard, and more importantly - there is no significant enforcement, especially on official state websites and critical infrastructure sites such as energy, health, and finance systems. In a reality where every system is connected to others, penetration into a local authority's system can serve as a gateway for broader attacks affecting critical infrastructures like water, electricity, transportation, and more.
Attacks on critical infrastructures have become an integral part of military conflicts, as we see in the war between Russia and Ukraine. Cyber-attacks can prevent an enemy state and its residents from accessing trade and financial systems, block money movements, prevent trade instructions, gather information and expose sensitive details, freeze bank accounts, or simply limit cash withdrawals. These attacks add to kinetic attacks and amplify the damage to the enemy's economy. The functionality of the economy in the attacked state is significantly impaired.
Moreover, the field of hacking is evolving and becoming easier than ever. The AI revolution lowers the entry threshold, creating a reality where any amateur can easily attack organizations and institutions. The technology allows for the relatively simple creation of 'new attacks,' essentially enabling the potential for many more attacks produced by many people. Much more than we have experienced so far when attackers had to be professionals to launch a complex attack campaign.
A good example of the potential damage can be seen in the event that occurred over the past weekend, where a failed software update to one of the American cybersecurity company CrowdStrike's products caused a massive computing failure in several entities in Israel and worldwide. Although this is not a cyber-attack, this example highlights the critical need for risk management in the supply chain and information security, so organizations must ensure that their software suppliers take stringent security measures and conduct a comprehensive mapping of the organization's computer systems and software components.
There are two main keys to success - the first is comprehensive preparation and building a structured plan to deal with cyber threats. Local authorities must invest in dedicated budgets for training skilled personnel, installing advanced protection systems, and creating a quick and efficient response system for cyber-attacks. Without these steps, they will remain vulnerable, and the potential damage will continue to grow. The second key is updating the legislation and strict enforcement on organizations, including local authorities. Therefore, as long as the situation does not change and the state does not force organizations to internalize their security obligations and implement solutions to monitor abnormal access to sensitive information, we will continue to see breaches that could lead to data leaks, classified documents, and even a total shutdown of critical systems.
The unpreparedness of local authorities is an urgent problem requiring immediate action. Appropriate steps must be taken to ensure the protection of local infrastructures, update legislation, ensure enforcement, train skilled teams, and install smart protection systems. Investing in the cyber future of local authorities is not just a need, but an obligation.
Nadav Avital is Director of Threat Research at Imperva (By Thales).