Amir Mizroch: Welcome to the Dejargonizer. I'm your host. Amir Mizroch. Companies around the world are investing billions of dollars in cybersecurity, but they're still getting hacked. And here I'm talking about companies whose products we use every day, like banks, credit card companies, shipping companies, and even schools and hospitals. So what's missing from cybersecurity?
Why does it feel like the bad guys are always one step ahead? Today we're talking to Noam Joles Ichner from a company called Opora. Opora is like a cyber CIA for businesses, a kind of intelligence agency on demand. Noam spent years inside Israel's secret intelligence agency, the Shin Bet, where she did things like poses a hacker or buyer of stolen information to gather intelligence.
She says that without intelligence, All our firewalls and security systems won't stop hackers on their own. We have to get inside the minds of the hackers.
Amir Mizroch: Noam thanks for coming on to the Dejargonizer. I want to read what’s on Opora’s LinkedIn About Us. And it's gonna be painful. But we'll get through it.
Noam Jolles-Ichner: [Laughs.] OK, let's go.
Amir Mizroch: Opora's unique, cognitive based., threat quantification approach provides our customers with strategic quantified and prioritized visibility into threats active against their entire business ecosystem and supply chain platform... incorporates the most comprehensive risk rating methodology that includes a wide range of risk factors, variables, and attributes that look at the organization and its peers, key customer sectors and geography levels. We enable firms visibility into their entire supplier ecosystem including nth tiers, that's a big N, small nth , tiers, to fully assess their exposure to potential business loss risks.”
I can't, I can't even, I can't even understand where I even am.
Noam Jolles: am. In general, what we do in Opora is providing, uh, organizations, With an insight about the potential business risk that they should expect of their threat landscape, cyber threat landscape.
Amir Mizroch: Just very briefly, what is a threat landscape?
Noam Jolles: When we speak about threat landscape, we mean the potential threats that are going to face.
What
Amir Mizroch: is a cognitive based. Threat quantification approach. And can you, you know, contrast it to a non-cognitive based
Noam Jolles: intelligence for its own has no value. I can come and tell you stories about bad guys. I can come and tell you stories about malwares. I can come and make you. Not sleep at night because of the stories I'm going to tell you.
Amir Mizroch: Okay? I think we need an analogy here, so let me know if this works. Let's say I'm home and I can hear a noise in my attic. I have no idea what that noise is.
Noam Jolles: I think this is a good example because what you speak of is about something that is absolutely amorphic to you. It only makes noise and now we want to gain some insight of what it is, right?
Dealing with cognitive analytics, this is the amount of unknown you are dealing with. You only have this small perspective of what someone is doing, and now you need to understand a lot of it. The assumption is that there are patterns. Patterns reflect a behavior. And behavior reflect intentions and capabilities, et cetera.
And let's say that we will take this voice that you are hearing, okay, from your attic, and we will start to see in which hours you are hearing it. In which cases it gets louder. In which cases it's more quiet. How it responds to actions that you take. If you will example, react and make a noise of your own, what will be the reaction?
What will be the constant reactions? We will try to take a lot of parameters, a lot of features, and analyze it. We will try to compare it to other noises. To other reports of noises in at and to reports of noises in general in houses. So cognitive analytics are taking a lot of parameters and assume that there is a set of reactions, and once you understand which set of reactions you are looking at, you can now understand more about.
The entity or, or the subject that is reacting.
Amir Mizroch: I don't understand why you don't just walk up to the attic with a baseball bat, open the attic and just. Look for whatever is making that noise.
Noam Jolles: Of course, the challenge that cognitive analytics are being used to within threat intelligence, cyber threat intelligence, it's not the single noise within a single attic. It goes to a highly complicated and dynamic threat landscape that keeps hitting you ongoing and consistently that you need to deal with. There is no intelligence company or intelligence agency in the world that can cover all of the threats around us. And this is the issue of the known unknown, unknown known, and unknown unknown.
The known unknown are the things that we assume that we need to cover. That we assume that we need to collect.
Amir Mizroch: When you say cognitive, you're almost, in my mind you're saying human. There is humans that are behind attacks. Have patterns and these things, if you know where, how to look for them, can trigger alerts.
Noam Jolles: You need human knowledge. This is my my point here. Hackers are hacking in certain ways. When you are looking at someone that is going to an airport, you are not looking at the way he prepared the bomb. You are looking at the way he behaves when he's struggling with the same issues that you and I are struggling when we are walking through the airport.
And we assume that there will be things that he will do exactly like we do, but there will be things that he will do a little bit differently because his challenge is different. He needs to hide his identity. He needs to hide the bomb he's carrying. He will act a little bit differently. So when I speak about patterns, it's not necessarily the bomb itself.
And Amir it goes to the unknown unknown and the struggle within intelligence. If I already know that he's carrying a bomb and now what I need to see is which bomb he's carrying, I'm in a great situation in terms of intelligence, but my challenge is not that. My challenge is to even know that he's planning on carrying a bomb.
Amir Mizroch: Can you give me an example of a company in this kind of sector? And this is kind of what their threat landscape looks like.
Noam Jolles: Over the past two years we see a shift of threat actors that are targeting other sectors. For example,
Amir Mizroch: Bad guys, right? When you say threat actors, you mean bad guys?
Noam Jolles: Exactly. People with bad intentions.
Let's say it like that. So bad guys that are shifting their efforts, shifting the resources to target, for example, the maritime sector.
Amir Mizroch: Shipping.
Noam Jolles: Yeah, shipping. Sometimes the interest will be financial. Sometime the interest will be to gather data, and sometimes they will target because of an interest that has to do with creating chaos. It's a big world of things that are coming at you and you cannot control them. Right. And one of the approaches to deal with that is to say, I don't care.
Amir Mizroch: This is too big for me. There's nothing I can do about it. I'm just gonna trust my, whoever it is, Google, Microsoft, whoever that is on my computer. Or if it's a big company, you know, it's Checkpoint who are guarding me and I'm just going to forget about it.
Noam Jolles: Exactly. I will build fences, I will strengthen defenses. I will be in control of things that I can control. It is a good approach. It's not a bad approach, but it's kind of a blind approach, and the fact is that organizations are building fences and invest millions of dollars into their security and still they're getting targeted and still they lose money for cyber attacks. So the other approach, which I consider to be more responsible, but it's definitely more hard to do, is to be able to integrate intelligence insight into your security measures. But there is a problem into it. How can I know who is my enemy?
How can I know what is going to do? And now we are getting into the biggest challenge of intelligence. It's not that easy to do. It's not that easy to give people information, even at state level of what are the threats they're facing. In general, signal intelligence includes, uh, two types of, uh, signals, signals that are being produced by, uh, machines and by systems and signals that are being produced by humans.
When you deal with intelligence, you need to guess a lot. You need to put a lot of assumptions. And there is nothing better than to see things in your own eyes or to speak with someone that see it in his own eyes.
Amir Mizroch: You know, the last couple of minutes that you were speaking, I, I, my mind wondered, Sorry, and that's not, and that's fine.
It's just a sign that what I need is a story to bring me back to what you were saying. Everything you said was very vague and theoretical, whatever, but I need an actual example. You don't have to use names.
Noam Jolles: Let's take a big bank. Very big bank that is keep being hit by phishing attacks. The bank itself, the customers, the amount of phishing attacks is
Amir Mizroch: enormous. Just briefly a note, so a phishing attack is, um, you know, like an email that looks like. It's, it's from someone that you know, and then, uh, you respond or you somehow download a program that lets hackers into your system in an an advanced.
Persistent threat is, let's say a state actor, um, whether it's the Chinese or the Russians or whatever it is, you have a hacking unit that is broken into your, your network, but is lying low for now, not really doing anything. What
Noam Jolles: you described Amir is, uh, spearfishing or phishing delivery, which is using fishing methods in order to, uh, get a malware into your system.
But there are more basic variations of it. That only aim at getting details of people getting their credit card number, getting their login details. Okay. Getting personal identification information with, sometimes it's not even weaponized. There is no malware involved in such a activity. Phishing is, is the common way of looking at impersonation.
We wanted to give the bank time advantage. We wanted to give the bank context advantage,
Amir Mizroch: the cyber intelligence unit, uh, for this bank that gives them early warning for things that happen. Yeah,
Noam Jolles: yeah, yeah. But smart warning,
our approach, the cognitive approach basically says it's not only about detecting the Phishing attacks. It's also about understanding, correlating all of the signals and understand with how many threat actors the bank is dealing eventually with this bank. By the way, one of the outcomes was the understanding that the bank, there is one.
Threat actor, one bad guy or one bad group, okay? That is in charge of over 30% of their attacks. So it was pretty clear that a lot of efforts n need to be taken now in order to deal with this specific group.
Amir Mizroch: So let me ask you something. They didn't know this.
Noam Jolles: Before, they didn't know this before and it's not because they couldn't know it necessarily.
It's because it wasn't the approach. This is why cognitive analytics are important, because cognitive analytics enables you to correlate and profile signals and get the bigger picture. I'll
Amir Mizroch: quickly do a summary. This bank, very big bank, been playing defense for a long time. You through your work uncovered that there is a criminal group or a group that was responsible for about 30% of the attacks against this.
Bank, they didn't know that. That is through the intelligence work you did by this approach where you correlate all sorts of patterns, all sorts of data to try and see if, if you can uncover unknown unknowns and you uncovered and unknown, unknown. There was one big group that was really hitting this bank a lot.
One
Noam Jolles: of the things that, for example, we started to learn about this threat actor is that, is targeted, is targeting five banks in parallel and he's basically shifting from bank to bank, uh, in a. In this case, one of the solutions was the these banks should collaborate effectively against it together. They have more power to counter it than one by
Amir Mizroch: one.
So it's almost like a, um, intelligence agency on demand like. The Cyber Spy on Demand,
Noam Jolles: I would say it's Intelligence Agency on Demand.
Amir Mizroch: Intelligence on demand. That's exactly what Opora is about and what seems to be missing from cyber today. But what do you think? Let me know by leaving a review or comment on your favorite podcast app or on Substack at the dejargonizer.substack.com The Dejargonizer is produced and edited by Astrid Landon.