Organizations Are Ill-Prepared for Cyberattacks, Says Israeli Cyber Law Expert
CTech – Most organizations are ill-prepared for cyberattacks, according to Nimrod Kozlovski, partner at Israel-based law firm Herzog, Fox, Neeman, and lecturer at Tel Aviv University. Kozlovski spoke Monday at Calcalist’s Cyber 2020 conference, held at shared office venture Labs at Tel Aviv’s Azrieli Sarona tower.
It is amazing to realize that big pharma companies, infrastructure, and banks are not safeguarding their data, do not keep organized security systems that can provide information on breaches, and do not have procedures in place to allow for a thorough investigation, Kozlovski said.
Kozlovski mentioned two events he was involved with: a big financial firm that got a threat that included a list of some 50 major clients, complete with bank account and deposit information, and a hospital doctor that paid a $500 ransom to hackers that blocked access to his computer, where patient medical files were stored. The doctor failed to report the incident until he realized the medical data was now scrambled, confusing the file of a five-year-old patient with that of a 70-year-old man.
“That is where we come in,” Kozlovski said. With the financial firm, we had to run a process of forensics, to figure out the seriousness and extent of the event, he said. “Was it just a printout that somebody failed to shred and ended up in the wrong hands, a contained computer breach, or did someone steal the company’s complete client list?” The latter of which would require involving the police and the Israeli Internal Security Service (Shin Bet), he said.
With the hospital, the most important thing was to figure out if the two incidents were in fact related because the blunder could also have been caused by human error, Kozlovski said.”If someone did manage to hack the medical registry, they can encrypt it and change it, which means patients might receive treatment based on the wrong medical data,” he said. “No doctor would dare treat a patient when there is reason to believe the data has been tainted.”
According to Kozlovski, the first thing that needs to be done in order to address an incident is to establish a narrative, figure out whether there even was an attacker, how they got in, what codes they used, what computers were infected, and how widespread the incident was.
Organizations have to be prepared and need security systems that can issue detailed, accurate reports on any incident, so it will be possible to cross-reference information and form a strategy in a timely manner, Kozlovski said.