Cybercriminals are innovating and operating the same as other organisations

Cybercriminals are spending proceeds from attacks on innovating their own attacking tools, according to Glilot Capital Partners co-founder and managing partner Arik Kleinstein.

Cybersecurity is a one of the biggest concerns for all types of businesses. The number of attacks hitting the world is continuing to increase and each year the systems become more and more sophisticated, making it a continuous battle between cyber attackers and cyber defenders. A recent study from Deloitte found that attacks can be carried out from as little as $34 and earn the criminal of up to $25,000. If its output is increased and it spends $3,800 a month, returns could be up to $1m each month.

There is clearly an incentive for all companies to explore protection solutions, as failure to implement procedures could cost them thousands, if not millions. Interest is clearly also present from the investment’s perspective, with there being a total of $2.3bn invested into cybersecurity startups in 2017. Hoping to capitalise on the opportunities is Israel-based Glilot Captial Partnres, a cybersecurity-focused venture capital firm. Earlier in the year, Glilot closed its third fund with a capital pool of $110m.

While companies are spending millions on developing solutions to protect their digital environments, likewise, attackers are spending money on evolving their attacking tools. This constant drive of innovation is one of the appealing aspects of investing in the cybersecurity space, Arik Kleinstein said. The level of attacks and the amount of money to be made from them is not really changing, which means the drive to build protection is very stable. In fact, as attacks use part of the stolen money to develop their tools, funding cybersecurity tools is essential just to keep up.

Arik Kleinstein said, “Around 20 years ago, there were many hackers that were pretty much doing it as a game, and kind of a sport or a challenge to hack in to a network. Whereas, today almost all of the hacking activity is financially motivated. These are very sophisticated criminal organisations, but they act almost like business organisations in the sense that they continuously invest money in developing their hacking skills. Every time there’s a major attack that’s successful, part of the proceeds are being used to invest in more and more advanced attack tools that are used to launch the next cyberattack.”

Its not just about them spending money on upgrades to the technology, but they are also able to spend money on hiring new engineers. Kleinstein said that in some places in the world, criminal organisations would spend $50,000 on a new engineer that would go on to develop the next malware or ransomware. These people are quite often those which have been trained professionally by government bodies and have been lured away by these criminal organisations that can offer a lot of money, Kleinstein stated.

“Since it’s the cyber space, you can launch an attack from one country and the damage will be done in another country. There are no borders. You can launch a malware which is being developed in certain regions of the world where law enforcement is not as effective, and the damage will be done in the UK or the US. And I don’t see it changing anytime soon, because these are countries where cyber is just not among the issues.”

This means that it’s not just a simple case of blocking the attacking source, as there are so many places for them to hide from enforcement. Even if they do get stopped, there will always be more cyberattackers that replace them. This means developing stronger protection solutions and more innovative solutions is the only plausible response. Kleinstein added, “We have to assume that these attacks will continue.”

The EU clearly understands the threat which is posed by cyberattacks. Earlier in the month, a number of measures to improve the cybersecurity efforts across the EU have been provisionally agreed by MEPs and member states. An EU-wide cybersecurity certification scheme is part of these measures and will ensure all products and services sold in EU countries meet certain standards. Coming alongside this, would be more information made available to consumers around cybersecurity products, with manufacturers being required to offer detailed explanations, such as guidance on installation, length of security support and security updates, when selling products.

Automate the future

More and more aspects of our lives are becoming digitalised, such as smart cities, IoT connected devices, and even smart cars. These are all improving the quality of our lives, but with them come a darker side. They open up the world to more cyberattacks. All of these systems are potential targets for hackers, and each of them increases the level of data on us, which can be monetised or exploited.

Israel, where Glilot is based, is a strong market for cybersecurity companies. Major players in the market Checkpoint and CyberArk were both founded in the country, while international enterprises Microsoft, Cisco and IBM have set up hubs in Israel. One of the reasons why Israel has such a strong cybersecurity space is because there is strong training within the country, with this typically coming from the government during national military duty, or many of the academies which has focus on cybersecurity.

Although, Kleinstein does think that talent around the world is becoming sparser, especially as demands to maintain protections continue to rise. Due to this, he believes that moving towards automation and AI-powered technology is going to be a big driver for the future of protection.

He said, “Ultimately, we will see many cyber defence activities being fully automated against attacks which have also being launched by computers. It will be like two computers playing against each other. The advantage of defence systems that are based on AI is that they lack the weaknesses of a human operator, because they can work 24/7, they use huge amounts of data, and the response time is very quick.”

Companies are spending more money on developing these types of solutions and Kleinstein thinks this will just continue to increase by 10 or 15 per cent in the spending efforts of companies each year. The key thing is that solutions don’t just indicate that there has been an attack, and this is how it works, which is how most work today.

“If we know an attack happened on a credit card database it’s not helpful to just say “Look, someone is attacking this file and that’s the way it worked”. For me, that doesn’t mean a lot, because I don’t just need the element of knowing that there is a new attack. I need the translation into the relevant action and actually performing this action. There are so many attacks happening, so what is really of interest is not so much the intelligence but actionability and the performance of the action. And that’s the weak link today.”

Glilot has already taken advantage of the opportunity in the market, having closed a number of deals in the cybersecurity sector this year. Prior to the close of its third fund, Glilot invested in the New York-based cybersecurity company IntSights Cyber Intelligence. The company delivers enterprise cyber risk analytics, threat intelligence and mitigation solution which automate proactive defense. The firm also co-led the $2m seed funding of Protego, a developer of security solutions built for serverless infrastructure.

Copyright © 2018 FinTech Global

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.