Major flaws shown in Shirbit's handling of hack - report

The report stated that in handling the incident, Shirbit's "every decision over time was a mistake."

Hackers and cybersecurity (photo credit: REUTERS)
Hackers and cybersecurity
(photo credit: REUTERS)
Major failures were found in Israeli insurance company Shirbit's preparedness and handling of the major cyberattack it was victim to earlier this month. That, as well as weak regulation of the necessary cyber risk management standards, may have contributed to the severity of the hack, according to a new report.
The report refers to details released until December 8 and was written by CSFI fellow and cybersecurity consultant, Einat Meyron. It states that "the sequence of failures that led to such bad management of the incident and with it bad decision-making, indicate a lack of  understanding and experience in dealing with cyber  incidents. [Shirbit's] every decision over time was a  mistake."
This is not a problem that is unique to Shirbit according to the report. Companies that win government tenders are held to standards set by the government, putting responsibility on government bodies as well. "The National Cyber Directory also needs to explain how it allowed this to happen," stated the report.
The report found that Shirbit was not prepared for the attack in part due to an insufficient information security incident monitoring service (SOC). The report stated that the system Shirbit used provided service during the work week, leaving the company vulnerable on weekends. This is a "strange decision," according to the report, due to the fact that weekends and holidays are ideal for cyberattacks due to smaller teams working during them.
Another failure of the use of the service was the limited way in which it was used, according to the report. The service was used to monitor but did not offer remote assistance or support. This indicates that the use of the service was intended to meet regulations and "show the regulator [that the company] did what they asked," as opposed to actually offering defense against cyberattacks according to the report.
Shirbit was making use of a number of software solutions and applications  that were not properly installed, some of which were not patched as required, according to the report. The hackers gained access through a known security breach in Pulse VPN software, according to the report. "That's why the attackers could have pulled a lot of  information without [raising] a red flag."
Shirbit's reaction to the hack also indicated poor handling of the situation according to the report.  "[Information provided by the company in the wake of the attack] proved that the company still doesn't  understand what a cyber-attack is, what is data  breach means, what happened to them and what  they're required to do," the report stated.
The report is not the first time those in the cybersecurity field have levied criticism against Shirbit. Zohar Pinhasi, CEO of the ransomware removal and cybersecurity service MonsterCloud, told The Jerusalem Post that the conversations leaked by Black Shadow show that Shirbit’s representative “has zero experience in negotiating with such attackers.”
“This is another big mistake by Shirbit,” said Pinhasi. “The first rule when communicating with hackers in the field of cyber terrorism is to minimize the interaction, as they cannot be trusted. The fact that they brought the issue of “trust” to the negotiations also proves that Shirbit’s representative has no experience in negotiating in such cases.”

Tzvi Joffre contributed to this report