Cyber crimes cost financial companies an estimated $500 billion per year, and the problem is growing — leading to investments in cybersecurity companies.
Yaov Tzurya, a partner and the CEO of JVP Cyber Labs, said 65 percent of adults worldwide have experienced some kind of cybersecurity breach. As a result, the cybersecurity business sector is expected to reach $170 billion in products and services by 2020.
But most of the technology is inefficient, Tzurya said during the Atlanta-Israel FinTech Innovation Conference on May 22.
“Banks are repeatedly being hacked, and people are investing more and more in cybersecurity,” Tzurya said. “But everyone wants to know: Why is it still happening?”
He said the problem is a widening gap between the knowledge of hackers and the knowledge of victims. Cyber attacks were faster in 2015 than in 2014, signaling that it’s becoming easier to hack into a bank as the efficiency of cybersecurity decreases.
“The same vulnerabilities and exploits discovered in 1998 are still getting hit,” Tzurya said. “The tactics used in 2007 are still being used, and banks should be worried about how effectively they’re using their cybersecurity budget.”
Israel receives close to 20 percent of global cybersecurity investments from venture capital groups, U.S. financial groups and angel investors. Eighteen global corporations made cyber acquisitions in Israel in 2015.
Tzurya credited the startup culture, defense industry and government commitment to technology training for the advancements coming out of Israel. But he said young Israelis are cashing in with their cybersecurity companies instead of improving their technology.
“We need more mature innovations,” Tzurya said. “They should build companies to scale rather than sell.”
Many Israeli cybersecurity companies start with great technology but sell it to foreign corporations for a big price. Ultimately, Tzurya said, “they are just launching new versions of the same defense.”
When young Israelis come out of the military they want to outdo their predecessors, which leads to new technology but the same cycle of quick sales.
Aron Rissman, a special projects analyst at Theta Ray, which provides a big data analytics platform and solutions for advanced cybersecurity, said the threat to the electronic environment is changing dramatically, including an exponential increase in the amount of data that organizations are trying to understand.
“The Swift breach caught organizations blindsided. The obvious, traditional methods are not working,” Rissman said. “Organizations are investing millions of dollars on security to predict threats based on threats that happened before.”
The problem is that electronic viruses, like the biological kind, can mutate and become resistant to treatment. Security software is designed to prevent previous threats, which means that most financial institutions are defenseless when attacks evolve.
“The heart of the problem is that there is a lack of balance between perpetrator and defender,” Tzurya said. “Attacks are easy and low-cost, and defense is high-cost, takes a lot of time and requires knowledge.”
Companies such as Theta Ray are developing technology to detect anomalies with high precision in real time, detect operational risk and detect emerging sources of fraud.
JVP recently acquired a company that works from a strain of the Poison Ivy attack used by China to steal plans for the F-35 Lightning II fighter jet. Essentially, the security company uses the code within the malware to identify new strains and develop defensive lines.
The technology can predict every possible hack attempt based on software from 2007 to 2013 and thus block hackers from developing new strains to attack vulnerabilities in financial systems.
“By using the genetic algorithm, we’re not able to predict each and every future attack, but we’re able to put the sanity back and make it not so easy for hackers. They now have to come up with new ways,” Tzruya said.
The new approach to cybersecurity is making attacks more expensive and pricing some companies out of the market.