As Switzerland seeks better technology defenses to protect its financial center, start-up founder Shira Kaplan tells finews.com that cybersecurity's biggest problem is that «it is never really enough.»
Shira Kaplan, Switzerland is elevating the importance of cyber defenses are part of its wider security plan. What do you make of these efforts?
Definitely better late than never. Switzerland concentrates $8 trillion in client assets – 25 percent of the world’s wealth is parked in Swiss financial institutions. It is a very attractive target for cybercriminals, especially if you have businesses and individuals that are not aware. Swiss enterprises, whether large or small, need to let go of the thought that this country is geopolitically neutral or protected by mountains. In a digital world, this is absolutely irrelevant.
As a cybersecurity specialist, you're hired to test the defenses of Swiss banks. What's your impression of how sturdy they are?
Swiss banks are dealing with the same question-of-the-century which many enterprises in a highly wealthy economy are dealing with: with so many information technology projects, how do I interweave cybersecurity into all of this?
«No silver bullet fits everything»
Cybersecurity has remained and will remain for the coming ten years, a plaster type of industry. Microsoft is trying to change that by becoming a strong cybersecurity player, but the complexity of IT means that there is no one silver bullet solution that fits all. There are dozens of cybersecurity solutions that are necessary to protect any single organization.
What does that mean for Swiss banks?
Swiss banks, like anyone else, need to invest in a plethora of cyberdefense solutions. It’s not easy, and it creates a very big headache, and a lot of noise, for their CISO (Chief Information Security Officer).
Swiss banks are investing heavily in cyber-security. Is this enough?
The problem is that with cybersecurity it is never really enough. You could always invest more, and try to lock another »digital door». That is why we are starting to see more and more financial institutions globally taking a risk-based approach to cyber defense: where am I most vulnerable – this is where I will protect myself first. By protecting 20 percent of their assets, they can defend 80 percent of the organization – at least this is what the theory says.
And in reality...?
Truthfully, the only imminent solution to fending off cybercrime is to educate literally everyone. If the assistant of the CEO is educated, if the CEO is educated, and if the wife and children of the CEO are educated, as well as any employee in the organization, junior or senior, we are significantly reducing the risk for cyber attacks.
«Attackers are looking for that open 'crack' in»
Remember, the attackers are looking for that open «crack» to access the organization – a simple password to crack, a code that is defected, a network that is not secure. Our goal is to make their life difficult in finding that crack.
In other words, the Swiss financial center has a lot of catching up to do, or is it already at the forefront of cybersecurity?
The good thing about the Swiss is that they learn very fast. It might have taken them some time to get to the point of awareness, but once they’re there, they are going to catch up very quickly.
«Digitization is a boon to would-be hackers»
The firm I own, Cyverse AG, has been in the business for nearly six years. At first, no one understood what we were doing, but now, our solutions seem like a no-brainer to many of the Swiss enterprises who call us.
There has been a boost in the digitization of financial services during the pandemic – is this a boon for hackers, too?
Digitization generally speaking is a boon, because it creates more «cracks» through which hackers can hack. If you’re suddenly connected from your home device, your home device and your home network become an access point for hackers to your corporate network. That’s why we are starting to bring now to Switzerland game-changing solutions that protect, for example, home devices.
So we should behave as if we had already been hacked?
People need to stop fearing the topic of information technology and cybersecurity. If they know how to lock their door and their car, they must have a basic understanding of how to protect their digital assets.
«Protection of digital assets needs to start in school»
And as a mom of three little children growing up in Switzerland, I would use this opportunity to say: if we want to prepare the Swiss economy to be at the cutting-edge for generations to come, we should start teaching these things in kindergarten.
A new threat seems to be coming from artificial intelligence-fueled attacks. How serious is the issue?
AI is putting technology on steroids. It is giving computers the power to make decisions and act. Of course, we should be worried about AI-driven attacks. But we should mainly be worried about not educating ourselves and thinking that everything is fine because we’re in Switzerland…
To combat this specific threat, UBS plans a research hub in Israel. Is Cyverse involved in this?
There have been several Swiss multinationals who have put together cyber-security centers in Israel in the last few years; naturally, as we’re on the crossroads between the Swiss economy and the Israeli cyber industry, we have had some involvement in many of these activities.
«UBS may find it difficult to attract tech talent in Israel»
I would not comment specifically on UBS’ activity, as I have not gained their permission to do so. I can only tell you that I am very impressed with UBS’ forward-looking approach to cyber-security. They have absolutely fantastic people in place. It might, however, be challenging for them to attract people to work for them because there’s a huge fight on talent at the moment when it comes to cybersecurity professionals in Israel.
You are an ambassador of Israeli fintechs and cybersecurity startups in Switzerland. How much are they in demand now at Swiss financial institutions?
In the last six years, we’ve focused only on reselling Israeli cybersecurity products, that can help protect the Swiss digital economy. I am 38 and I can tell you, we are going to do the exact same thing for the next 50 years. Because the challenge is only going to rise. Swiss institutions are very open now to Israeli cyber innovation.
«Cyber offense tools wouldn't qualify as trustworthy»
They see the 500-plus Israeli cyber startups, with over $3 billion invested into these startups only in the last six months, and know that Israel can be a huge part of the global battle against cyber-criminals. For this, we have always stayed away from any cyber-offense tool, or any tool which we believed had anything that would not qualify as highly trustworthy. To Switzerland you can only bring the very best and the most trusted; otherwise, you’re out of business very quickly.
Shira Kaplan is the CEO and co-founder of Cyverse, a cyber-security firm based in Zurich. She served as an intelligence analyst with an elite technology unit of Israel's military. Kaplan, who holds an MBA from St. Gallen's HSG University, is an active angel investor in selected Israeli tech & cyber-security startups.