Cyber expert: Shirbit erred in its response to hacking attack

Expert admits that Shirbit was right not to pay ransom: "Data was already circulating; they had no reason to pay up."

Nitzan Keidar ,

Cyber defense (illustrative)
Cyber defense (illustrative)
istock

Erez Kreiner, a research fellow at the International Institute for Counter-Terrorism (ICT) at the Interdisciplinary Center in Herzliya, told Arutz Sheva on Sunday that in his opinion, the Shirbit insurance company erred in the way it reacted to the successful hacking of company data by cybercriminals last week.

Kreiner, a former senior officer in the ISA (Shabak) and the founder of the governmental authority for data protection, noted that the hacking of Shirbit’s customer data had been accorded an unusual measure of publicity. “To put it mildly, I would say that it wasn’t quite the best way of going about things,” Kreiner said. “In my opinion, too many details were publicized, and the whole thing became something of a farce. In the end, that caused the negotiations to break down and it reached a situation where everyone was the loser.”

Kreiner added that “In a situation where the hackers were already in possession of client data and were selling it to outside bidders, the company clearly had no reason to pay them the ransom demanded. The data was already circulating on the internet, with plenty of people interested in obtaining it. But Shirbit should have refrained from accusing intelligence officials of being behind the hacking. Shirbit’s attempts to blame foreign intelligence sources was not the right way to go about things – they should not have made such statements without having solid evidence to back up their assertions.”

Asked whether a former employee, perhaps with grievances against the company, could have been at least in part responsible for the cyber-attack, Kreiner agreed that it was a possibility. “A former employee with a chip on his shoulder is really the highest source of risk in cases like these, especially given that he has been privy to the inner workings of the company, and also knows which data are the most sensitive and how to access them. It’s far more likely that a former employee will be successful in a hacking attempt than a foreign element, and such a person can also cause a lot more damage.”

Nonetheless, Kreiner was quick to add that the identity of the hacker or hackers is still unknown. “It could have been a former employee, but it could equally have been a group of hackers or a criminal working alone,” he said. “Anyone could potentially have gained access to the data without even realizing at first exactly what a valuable trove he had discovered. All the same, my impression is that here we are dealing with an organized group of hackers that succeeded in breaking through the company’s defense systems, which seem to have failed at some stage. They managed to access a great deal of data in a short amount of time.”

When asked how other companies could protect themselves against similar attacks, Kreiner replied that, “Companies need to try to imagine what could happen if such a thing happened to them – they need to anticipate the consequences of any weak points in their cyber defenses, and be proactive in dealing with threats. Of course, not every company can install the same level of defenses used by banks, for instance, but companies do need to be constantly monitoring their cyber defenses, and they need to be able to know immediately, at any point in time, exactly how effective their defense systems are and how prepared they are to meet the kinds of threats that are lurking out there.”



top