What would be your advice to other states and companies regarding cyber security?
Amnon Bar-Lev: That's an excellent question, I think. Many people ask the same question today, mostly CIO and CEOs ask what are they supposed to do. And like anything in life, the basics are the most important and we tend to forget them. The 80/20 rule works as well: You do 20 percent of the efforts, you'll get 80 percent of the protection. So look at your networks, segment them, make sure that you use the right controls in the right places, make sure your people are educated. If you do those very basic things, you are probably protected from most of the important and common attacks happening today in the world.
Let's make it a little bit abstract: History showed us that highly developed societies can fall down rapidly. Are we at such a reversal point at the moment? Because critical infrastructure - and there is the basis of digitization - is so vulnerable?
Amnon Bar-Lev: I'm sorry to say that the answer is yes. And I don't want to frighten anybody, but think about our lives for a second. All of our lives are controlled by computers. When we wake up in the morning, we switch the electricity on, it's all computer-wise. We go to the car, drive our cars in the traffic, it's all controlled by computers. We drink water, we go into the banks, everything we do in life has computers involved. And computers are vulnerable. So, yes, we are in the age of that crisis that can happen to us because we are totally dependent on computers. You've seen WannaCry recently. Right? You've seen what happened. Hospitals needed to close down, they could not treat their patients because they didn't have computers. And we see it in other places when there is no electricity and hundreds of thousands of people with no electricity for a couple of days. So, we definitely depend on computer systems. Now, when you look at the way different countries in the world operate, you understand that they have cyber warriors. Their job is to penetrate other countries and other big companies' environment. And they will go to critical infrastructure. And critical infrastructure, cyber war is very different than physical one, because it can happen every day and you don't know about it. You don't even know who made it for you. You see all these debates about the election in the U.S. and others? So, these things really, really can happen every day. There are systems that might be already exploited, but they don't shut down because the attacker will decide when and how he's going to do that. So, we can - and I assume we are at the verge of that kind of situation - and we have to do something about it.
You say we have to do something about it. So, what must be done to assure that we are not at such a reversal point?
Amnon Bar-Lev: I'll go back to my first answer to you. It goes back to the very basic. Many environments, many critical environments are not protected. There is the assumption, "Hey, this system is not connected to the Internet, so it's okay," and other assumptions that they don't tend to focus there. That`s what we call OT - you know, a company's IT, information technology, and they have operational technology -, the OT environments today are lagging behind the IT. And the usage of technology to protect themselves is much, much lower. I think on critical infrastructure, we need to step in and to make sure that the right technology, the right segmentation, the right architecture is implemented. It's a matter of education, it's a matter of awareness, it's a matter of regulation, and it's mostly a matter of technology that can help make it happen. So, again, going back to the basics of network security: Segment them, put the right control in and manage them correctly - this will lead us to a much better and safer area.
Is there enough money spent from your point of view at the moment in this area?
Amnon Bar-Lev: Surprisingly or not, I would say yes. I don't think it's a matter of money. I think it's spending correctly, it's not just about spending of money. In many cases, today we see opportunity to safe customer's money by consolidation, by the right architecture, by less of small point solution, but much more of an architecture view and building the right architecture for your security. So, we're happy that customers are spending and they are spending, but it's not a game of money investment. It's much more about doing the right thing. So, all of you, please do the right thing.