Bringing Israeli Cyberdefense Technology to MexicoBy Jan Hogewoning | Tue, 10/27/2020 - 10:36
Q: Why is your firm specifically focused on offering Israeli cybersecurity technology?
A: We search around the world for cybertechnology used for cyber-defense and cyber-intelligence and the majority of it comes from Israel. That country has a historical advantage in this area. It is a country founded less than a century ago, always under threat from its neighbors. Israel has used technology as a tool to defend itself; it has sought out the limits of what tech can do and created many innovations. The country also understood early that the future is going to be hyperconnected and hyper-tech and as a result, decided to make this a business. Retirees from Israel’s intelligence services and tech battalions were encouraged to become entrepreneurs. For 25 years, they have been making the best cybertechnology available in the market. Today, this country of 8 million people has a 25 percent share of the world’s cybersecurity market. That is remarkable.
My firm was founded in 2017 and given our expertise in Latin America, we started bringing Israeli tech over here. We offer military-grade cybertechnology, which is only sold from government to government and used to generate intelligence. We are an approved reseller of the Israeli government. We also sell defensive cybersecurity, which we offer to private companies.
Q: Where do you see the biggest vulnerabilities for Mexican companies right now?
A: There are three fronts that are targeted by cyberattacks. The first includes computers and servers, which is what most people are aware of. The second is the mobile space. Right now, most communication happens through Wi-Fi, Bluetooth or 3G and 4G. We know that 67 percent of attacks in Mexico last year took place on this front, which is mostly uncovered by existing technologies. There are many ways to cheat your way into devices, including IoT devices, using this spectrum. For example, there can be fake free Wi-Fi points that fool you into believe you are connecting to a trustworthy source. More than 50 percent of financial companies in Mexico have free Wi-Fi spots for company devices or personal devices with a company email or for guests. These can be rogue ports. Cybercriminals will use these ports to get into a device. Imagine if they do that with the CFO’s or CEO’s phone.
Another tool can be fake 3G towers, which make you believe you are connecting to Telcel. Someone can insert themselves into your phone and listen to everything you are doing or type on your device. The most common attack in Mexico on this front is the human-enabled attack. Criminals send you a message with characteristics that are very similar to your day-to-day communication. This is called smishing. Once you open the link or document, a malware enters the system and can move laterally in the company.
The third front is operational technology. We have tech for each front, but right now the second is demanding the most resources.
Q: What tool is used to detect cybercriminals entering your device?
A: There is a technology tool that we call “sniffing.” It is constantly looking for anomalies. Let us say an employee’s Apple watch suddenly starts to transfer large amounts of data to an external port. The device’s behavior would be detected by our system. It may not necessarily be malicious. However, if the systems deem it so, it can be immediately stopped. A dashboard will let the chief security officer know and, depending on the grade of maliciousness, different actions are taken. You can counterattack. Sometimes you leave it open for a bit, containing the attack but giving the tool enough time to gain more information about the attacker. This is called honeypot. Knowing who it is also allows potential legal action.
Q: What type of training do company employee’s need?
A: There are two kinds of training. The first is directed to every single employee. Because every single person in the company is a target of attacks. You are a vehicle for others trying to enter your company. Over 90 percent of employees in an average company are unaware that they are being attacked every day. They need to be digitally literate. It comes down to specifics, such as learning to read whether email addresses and URL links are correct.
The second training is for those who are in charge of cybersecurity in the company. There is a tremendous shortage worldwide of cybersecurity experts. Knowing how to work computers, like the IT person, does not mean you know cyber-defense. A company either hires cybersecurity experts or trains their own people.
Q: What are the first steps you take with a new client?
A: In the first few months when we enter a new company, we find many flaws in company policies. For example, the only information some companies have on their devices is their serial number, which is to stop theft. We start by helping them change their focus to cybersecurity, which requires more monitoring of their devices. One important step is to provide Wi-Fi to employees. If you do not provide it, employees will search for other free Wi-Fi sources and these can very easily be malicious. Often, our new clients come to us because they have already been attacked. In this case, we fight back against the attacker. The number of recovered documents and systems often depends on what policies for backups they had in place.
Q: Why is Mexico vulnerable to cybercrime?
A: Unfortunately, Mexico’s privacy and data protection laws do not force companies to disclose attacks, even if it is your data. It is not that Mexico is such a profitable country for cybercrime. The problem is that no one tells anyone else that they have been attacked. Not knowing if your data has been accessed means you cannot take steps to limit the damage. The EU is the best example for strong data protection laws. If any company is attacked there, they have to disclose it to every single client. In Mexico, apart from the lack of a relevant law, we also have a culture of denial. In April, a study called Cyberedge, published by Sophos, found that 93.9 percent of Mexican companies had experienced a successful cyberattack. This makes the country the most successfully attacked country in the world. In the area of successful ransomware attacks, Mexico stands second after China.
Q: What is the risk of attacks on operational technology (OT) in Mexico?
A: Today, these attacks are much more sophisticated. At the moment, they are not as present in Mexico. However, considering that we are the world’s largest manufacturer after Asia, the risk is very high. Manufacturing companies are usually low tech in many aspects. They use high tech at their plants but the cyber protection is minimal. They have a few guys with computers and a simple antivirus. The landscape, however, has completely changed. Attacks no longer need to go through computers, they can go through the programmable logic controller, the SCADA architecture or the protective distribution system of an electrical grid. Consider the case of steel or glass oven plants in the north of the country. If an attack shuts these down, they will crystalize and the whole oven goes to waste completely. Attackers could threaten to turn them off unless they get US$200 million. Companies will pay this ransom because they cannot afford to turn these ovens off. This situation could present a huge problem for the north of the country. People think this is something from the future but it is happening already in this country.
Q: How fast will cyber-defense be adopted in Mexico?
A: It will happen quickly in Mexico. If you are a global company, global policies will demand you adopt better cybersecurity in this country. Equally, if you are a core supplier to these companies you will need cybersecurity to assure continuity of operations. My advice for every company is to train people to understand cybersecurity risks. Secondly, they need to do a penetration test. These are easy to acquire and in the span of less than a week, someone can test hack every system you have and tell you every single vulnerability in the system. That will give you a realistic picture of where you need to invest resources.
Nekt Group is an authorized distributor of cyber-defense and cyber-intelligence technology from the Israeli government. It also offers cyber-defense software to the private sector