Parts of Spain, Portugal, and France on April 28 experienced a blackout that is believed to be related to events involving the loss of electricity generation potentially from solar power plants, which triggered instability in the grid. The grid blackout affected tens of millions of people, flights were grounded, cell networks went down, and businesses closed for the day.
Jonathan (Jony) Fischbein, chief information security officer at Check Point Software, happened to be in Spain during the disruption and discussed how governments, organizations, and enterprises could avoid problems of this time using network segregation and backup mechanisms.
“In the cyber world, we have been talking for many years about segregating networks. For example, if one network goes down, then the whole system does not go down because it is segregated. If you have a system of permissions to a network, then … people cannot enter other networks. They need other permission systems,” Fischbein says.
That way, if someone’s identity is stolen they can cause damage only in one isolated location and not damage another. “We work to assess the damage, and we do access segregation,” says Fischbein, who didn’t know the cause of the general grid blackout April 28.
“Since 2010 there have been cybersecurity systems, also from Check Point, that help prevent this type of incident from occurring. But I’m not sure it was a cyberattack,” says Fischbein, who recalls that it took six months for the attack on the Natanz nuclear power plant in Iran to be identified as a cyber incident.
As usually happens in the first hours of confusion in this type of situation, some organizations such as DarkStorm or NoName057 claimed responsibility for the blackout, something that was quickly denied by Sergey Shykevich, manager of Check Point’s Threat Intelligence group, who stated, “there is no concrete evidence that DarkStorm is in any way related to the power outage” and that this organization “is considered a relatively weak actor, known for its opportunistic behavior and for frequently claiming responsibility for incidents that they did not actually cause”.
Fischbein agrees 100% with his colleague’s analysis and adds that education and training can help prevent such incidents from occurring. “Simulating such a blackout is impossible, it has never been done,” he acknowledges, but he is committed to strengthening personal and team training and risk awareness.
Increased defense and cybersecurity budgets
In 2025, industry watchers expect there will be an increase in the public budget allocated to defense. In Spain, one-third of the budget will be allocated to increasing cybersecurity. But for Fischbein, training teams is much more important than the budget.
“The challenge is to distribute the budget in a way that can be managed,” he notes, and to leverage intuitive and easy-to-use platforms, so that organizations don’t have to invest all the money in training. “When you have information, management, users, devices, mobiles, data centers, clouds, cameras, printers… the security challenge is very complex. You have to look for a security platform that makes things easier, faster, and simpler,” he says. ” Today there are excellent tools that can stop all kinds of attacks.”
“Since 2010, there have been cybersecurity systems, also from Check Point, that help prevent this type of incident from happening, but I’m not sure that [Spain’s electricity blackout] was a cyberattack.”
Leading the way in email security
According to Gartner’s Magic Quadrant, Check Point is the leader in email security platforms. Today email is still responsible for 88% of all malicious file distributions. Attacks that, as Fischbein explains, enter through phishing, spam, SMS, or QR codes.
“There are two challenges: to stop the threats and not to disturb, because if the security tool is a nuisance it causes more harm than good. It is very important that the solution does not annoy [users],” he stresses. “As almost all attacks enter via e-mail, it is very important that the security tool gives you the information, the loads, and the alerts. With our tool, it takes very little time to understand what happened. We are very pleased to lead this area,” he adds.
With 23 years at Check Point and 30 years in the cybersecurity world, Fischbein says the main challenge for the CISO of a company like Check Point is to convey and demonstrate confidence to customers and suppliers. “Our company’s job is to put together the security tools that are going to help stop threats in companies of all sizes. If we can’t secure Check Point internally, then we have a big problem in securing the world,” he says.
Still, there are other risks. “In the last two years, we have been dealing a lot with AI risk, and in the last four years with those related to legislation,” notes Fischbein, who points out that the multinational nature of his company forces it to deal with very diverse regulations. “The infrastructures, too. We used to have everything ‘on premise’ and now we are migrating to the private cloud and hybrid cloud. Protecting infrastructure has changed a lot in the last two years,” he says.
As for attracting talent, Check Point’s CISO reveals that his company has training programs for network engineers or cybersecurity engineers, lasting four to six weeks or two to three months that make it possible to enter the company with knowledge, but without experience. “The commitment is to stay at least a year and a half, but there are people who have stayed for many years,” he says.
This program also has a university extension. The company trains professors from the faculty of engineering or systems, and they train the students to acquire the necessary knowledge. “When they finish this course, students can work for Check Point or companies that install or sell their products,” he explains.
“We have people working in a SOC every day, but attackers use AI 24/7.”
Does AI benefit attackers or defenders more?
One of the big questions of the moment is determining whether the use of AI benefits attackers or defenders more. On this point, Fischbein highlights the benefits this technology already brings for protection. “We have almost 96 engines that help us identify whether what is happening is good or bad using AI. That’s more than 50% of the ones we use,” he notes.
“In a security operations center (SOC), a person using Check Point tools could previously take between two and four hours to investigate the causes of an alert. Today that time has dropped to 20 minutes,” he says. He also explains how they work with vulnerabilities. “Currently, Check Point checks all of them in a few seconds and tells you whether you are protected or not. And if you are not, it tells you which network to protect.”
Regarding attackers, he acknowledges that they now make “richer and more logical” attacks. “With AI, they check the data and social networks of any person to impersonate a friend of the attacked person, because when someone receives something more personal they lower the defenses against phishing,” he says.
He also warns about the scalability of cyber attacks. “We have people working on a SOC every day, but attackers use 24/7 AI. The scalability of attacks and their sophistication is growing. So are ‘infostealers,’ who steal identity in an automated way.”
“Before to enter the ‘dark web’ you had to be an expert, today there are agents who sell you identities. There is a sales market, with agents buying them for $10 and selling them for $20. Attackers are using AI in a very interesting way,” he concludes.
This article originally appeared in Computerworld Spain.
Source:: Network World