We’ve been going about cyber-security all wrong, according to the former head of Israel’s intelligence unit. Rather than patch each hole that springs up, security experts should focus on finding the “puppet masters” behind the malware, says Nadav Zafrir, the former head of the military’s legendary 8200 unit, a breeding ground for veterans who feed Israel’s thriving startup industry.
Cyber-defenders can use tools within their networks to find traces left by hackers and use the clues to snuff them out, according to Zafrir, who spoke at the International Cybersecurity Conference at Tel Aviv University. Zafrir points to the Target hack during the last holiday shopping season, which exposed some 40 million cards, as well as an attack on Home Depot, where the extent of damage is not yet public. Defense has focused on pinpointing scripts or malware instead of dealing with the people who actually write them, he says.
“The problem isn’t the malware,” Zafrir says. “It is about the ghost in the machine, the people and the process behind the malware. It is about the tenacity, the capacity, the resources that the people behind the malware have. It is about game theory.”
Keith Alexander, who headed the U.S. National Security Agency until March, warns that no single company or country can solve the hacker problem on their own. “Cyber-security is a team sport,” he said on stage at the conference in Tel Aviv. “This is a new frontier.”