AICC Cyber Security Workshop: An Israeli Perspective

12 March 2019

On Wednesday 6 March, the Australia-Israel Chamber of Commerce in partnership with the Department of Innovation, Industry and Science Entrepreneurs Programme and KPMG held a cyber security workshop with a panel of Israeli cyber security companies that have Australian-based operations.

Gordon Archibald, National Lead, Cyber Security Services, KPMG Australia chaired a panel that included Scott McKinnel, Managing Director, Australia & NZ, Check Point Software Technologies, Tom Rozenblith, ICT Director, Elbit Systems of Australia and Adam Neale, Asia Pacific Director, CYBERGYM.

While cybersecurity is now one of the biggest threats to business continuity, research shows the bulk of Australian small businesses and start-ups and are under-prepared for cyberattacks. The 2017 MYOB SME Snapshot showed that only 13 per cent of 400 small businesses surveyed had a cyber security plan in place.

Panellist Scott McKinnel told workshop participants that cyber security is ranked number three in terms of geopolitical risks in the world. He said that cyber teams in banks used to comprise around 50 people, now they are around 500.

All three companies represented have their origins in Israel. With a culture of entrepreneurship and innovation, strong government support and a steady stream of talented, well-trained cyber security experts, Israel is a global cybersecurity powerhouse.

According to a report from Start-Up Nation Central, in 2018, Israeli start-ups received $1.19 billion, almost 20% of global VC investments in cybersecurity, up 47% from the previous year. A report by Strategic Cyber Ventures shows that last year, Israel surpassed China as the hottest spot for VC investments in cybersecurity companies outside of the US.

There are now 450 cybersecurity companies in Israel and 47 multinational corporations with cybersecurity related operations. From 2017 to 2018, the sector enjoyed an increase of 12% in revenues and 13% in employee numbers.

Clearly, the Israeli cybersecurity sector is booming, but what about the local landscape here in Australia? Panellists were asked about their Australian operations, and challenges that they are facing locally.

Adam Neale gave the example of football team, the Sydney Roosters, who train to learn how to respond to situations. He said CYBERGYM does the same for businesses – it prepares them for cyberattacks.

“We help create an environment where customers can practice and have a plan that they can implement,” he said.

CYBERGYM has only been in Australia 18 months, and, from his visits to Israel, Adam said he has observed a very different mentality in Israel.

 “From adolescence, Israelis are taught to believe the world is out to get them, and they structure things accordingly. Australia has a “it’s not going to happen” mentality, but gone are the days where Australia can be a soft touch.

“Bringing an Israeli tech services company to Australia, we can educate [ourselves] about what Israel has lived through and what the rest of the world is now facing. The bad guys are out to get us as well! We need to be more aggressive, we have to be ready,” he said.

Tom Rozenblith said one of the challenges in Australia is a lack of awareness and support.

“We have had major success with Australia’s defence industry, [securing] training contracts with the government.” She said Elbit enjoys global success due to years of experience in the army environment.

Scott said “Israelis are very agile; they’re not big on structure and they know that tomorrow may never come so they just get on with it. They focus immediately on the global and not the domestic market, and Australia can learn from this.”

All the panellists agreed that the biggest challenge globally is a skills shortage.

Tom said “it’s no longer just the IT department that should be responsible for cyber, everyone needs to upskill to cybersecurity.”

Adam said that the word cyber is becoming overused, and everyone thinks they are a leader.

“The word ‘cyber’ is being muddied and therefore boards dismiss it. Tech people need to convince boards [of its importance]. Also, within organisations different departments don’t communicate. We need to break down barriers and help people understand that it is a whole company thing. We need end-to-end cyber crisis workshops – we need buy in from everyone,” said Adam.

Moderator Gordon Archibald said the way to communicate the importance of cybersecurity within organisations is through education. Employees need to start thinking about emails and whether they could be malicious or not.

But it seems there is a long way to go. Adam Neale said very few companies run simulations, and less than 50% or organisations have a cybersecurity plan. It’s a logistical problem to get people out of the office all at the same time. CYBERGYM launched a simulation arena in 2017 to help with this.

When asked how companies can build businesses cases for prioritising cybersecurity, Adam said “you need to introduce fear and show them how they can be compromised and what the repercussions would be.”

Scott said Check Point is currently working with government to build a big business case.

“IT departments don’t have enough money, you need to go to procurement. Build a macro level view, and have three-to-five-year timelines. Ensure you have cyber tech, operations, security and finance on board,” he said.

To conclude, the panellists offered advice for organisations looking to protect themselves in the digital age.

Tom said “more companies will go to the cloud and AI, machine learning and [will be more prevalent]. Train and have the right people. Work together to keep your company safe.”

Adam said “we are going through generational change. Kids are learning on the fly – [they] don’t know what digital footprint they have left. Business is the same. Look at the Facebook example, there was no privacy built in. [Facebook] was built by geeks who didn’t understand not wanting to share everything. IoT is making the same mistakes.”

To combat these problems, Adam said we need to look for biometrics and know who is behind transactions. He suggests increasing your trust insurance and building more confidence in security processes you already have in place.

Scott said that viable quantum computing will be introduced, the whole world will shift and companies will need to adjust.

“Worry about identity theft,” he said. “Don’t put more personal credentials online.”