Israeli cyber security businesses poised to gain from Syrian crisis

From Edward Snowden to international hackers, Internet warfare is heating up in 2013.

By NIV ELIS
Cyber warfare 370 (photo credit: Rick Wilking/Reuters)
Cyber warfare 370
(photo credit: Rick Wilking/Reuters)
The high-profile cyber attacks emanating from Syria may end up giving Israel’s economy a long-term boost by raising demand from its burgeoning cyber security sector.
Before the West could fire a single shot towards Damascus over the use of chemical weapons, the conflict claimed a fresh round of cyber victims when a group called the Syrian Electronic Army attacked The New York Times and Twitter’s servers on Tuesday.
Though not the first such attack by the group that supports Syrian President Bashar Assad, the timing as the world anticipated a US-led military operation, vaulted the hacking into international headlines.
While the initial economic reaction in Israel to the impending strike was negative – the persistently strong shekel took a sudden dip, the stock market recoiled, and the risk premium on 5-year certificates of deposits jumped up to 140 basis points (1.4 percentage points), from 115 a month earlier – Israel may be poised to gain from the exposure in the long run.
“The big headlines help, because they are making cyber security a board room discussion,” said Gabi Tirosh, general partner at JVP, the largest investor in cyber security in Israel today. “In the past, it was something very technical that only IT [information technology] staff cared about. Now CEOs and COOs [chief operating officers] know that the company is going to be evaluated and measured on their ability to continue operating under cyber attack. In that sense, the big headlines push up demand.”
More than any other region in the world, he said, Israel is associated with cyber defenses, a point highlighted by recent high-profile business transactions.
Earlier this month, IBM acquired Israel’s Trusteer computer security company for nearly a billion dollars, while start-ups Seculer and Cybera received upwards of $10 million in investments. JVP, which opened a separate Cyber Labs division in May, said 100 cyber security start-ups have sought funding with it this year alone.
According to a survey done by cyber security company Kaspersky Labs, which opened its first offices in Israel in June, “Only 6% of companies truly understand just how many new malware samples are discovered daily. The highest rate of awareness – 24% – was shown in Middle East countries.”
But the Syrian hacktivists are the least interesting of the recent developments, said Udi Mokady, CEO of Cyber-Ark, which has taken the helm as Israel’s largest private security firm since the Trusteer sale.
For the first 15 years of the Internet’s growth, he said, the security paradigm was about “keeping the bad guys out.”
One of Israel’s greatest business success stories, Check Point, arose to meet those challenges.
But 2013 may prove a turning point, said Mokady.
“2013 is the year where cyber entered phase two. Probably the most eventful year I can recall,” he said.
The first major shake-up was a February report by American security firm Mandiant, which laid out in stunning detail a central Chinese hacking operation and linked it to China’s military. The attacks it tracked were long-term, complex and sophisticated, and the one unit was found to have “stolen hundreds of terabytes of data from at least 141 organizations, and had demonstrated the capability and intent to steal from dozens of organizations simultaneously.”
The second major shake-up was Edward Snowden, a Booz Allen US government contractor who, with his high-level access to data, managed to steal evidence about and reveal the existence of secret US National Security Agency spying programs.
“The borderline between an insider and outsider has been shut,” said Mokady, whose software focuses on building a “vault” to protect privileged access to the most sensitive information a company has. Its customers include some 40% of Fortune 100 companies, top banks and central banks including the US Federal Reserve and the Bank of Israel.
“The division between inside and outside has become almost irrelevant, because there’s so many ways to get in, especially because of social media. The NSA, with an unlimited budget for security, put trust in a contractor,” he said.
Firewalls and similar protection “are a necessary evil, but accessing privileged accounts are the strongest point of abuse, whether from Snowden or outside hackers,” Mokady said.
According to the Kaspersky survey, many companies have still not come around to the new perspective.
“Three of the four most-widespread security concerns are about external threats involving malware, network intrusion, corporate espionage and targeted attacks on corporate IT infrastructure,” it found.
Like many cyber security entrepreneurs, Mokady and his partner got their start doing IT work for the Israeli military. But the ecosystem in Israel is broader; The Office of the Chief Scientist in the Economy and Trade Ministry runs a program called Kidma to advance companies in the field, Ben-Gurion University has a graduate program in cyber security, and for three years, Tel Aviv University has hosted an International Cyber Security Conference; this year, both Prime Minister Binyamin Netanyahu and President Shimon Peres made appearances.
“One of the reasons that Israel is very creative in creating these cyber companies is that we’re literally on the front lines of cyber warfare,” said Tirosh, whose JVP was a significant and early investor in Cyber-Ark. “Israeli organizations, including the government, are being attacked as much if not more than any other organizations out there, so we look for technologies.”
While cyber-attacks of the past were about widespread viruses and spreading damage equally, Tirosh noted, “these days the attacks are tailor-made for organizations, extremely sophisticated, can get into your firewall, can sit there sometimes a few month or a few years, and then activate themselves on d-day to take out your systems or get information.”
That increased complexity has boosted demand for more tailor-made solutions.
Daniel Cohen, head of business development at RSA (the company that bought Economy and Trade Minister Naftali Bennett’s Cyota anti-fraud software company in 2005), said the combination of military training and academic focus give Israel a vast pool from which to hire. “As Israelis we grow up with security at the front of our mind. It’s something that you think about not just physically, but from all directions,” he said.
That being said, Tirosh added, “The most malicious threats are not those that you hear in the headlines. They’re the ones that are covered up, that nobody wants to speak about.”