Safety Detective security expert Aviva Zacks sat down with GamaSec CEO and co-founder Avi Bartov to find out how he got interested in cybersecurity and where he thinks the industry is headed.
Safety Detective: Can you tell us a little bit about how you got into cybersecurity?
Avi Bartov: It was 1999, and I was living in Europe at the time, studying law, and I had already decided that law wasn’t the right profession for me. I knew that Israel was very well regarded for its cybersecurity knowledge and I was interested in bringing that to Europe. So, I began working with Fortune 500 companies in Europe like Rothschild Bank and Tetra Pak providing IT security services.
After a while, I returned to Israel. For five years, I flew to Europe on Mondays and came back to Israel on Thursday evenings. I was growing tired of the traveling and seeing my family only on the weekends. I also saw that cloud computing and software as a service were about to take off.
So, we began focusing on websites and specifically eCommerce sites. That’s when we moved from an IT consultancy to a company that created its own technology. We developed a virtual hacker platform and a vulnerability scanner that would crawl websites and automatically detect if they had any security problem—and, more importantly, offer a solution.
We quickly realized that we also had to provide malware scanning, as we saw that it was growing in importance within cybersecurity. Finally, we added another layer in the form of a firewall and DDoS protection which was intended to provide cloud computing providers with protection for their customers.
About two years ago, we decided that cyber insurance is something we wanted to become involved with. We partnered with Assurant, a US company, and became one of the first companies in the world to provide a limited warranty alongside our cyber protection services.
The second stage was partnering with BFL Canada and Mirades, BFL launching in January 2019 a new cyber insurance policy integrating GamaSec services with their cyber policies, which are underwritten by Lloyds and Zurich Insurance. In fact, the Insurer has provided a 10% premium discount recognizing the impact of the technology in reducing risk and added value awareness to the cyber insurance owner.
SD: Why do insurance companies need to have such a high level of cybersecurity?
AB: Insurance companies realized two things:
Firstly, that selling cyber insurance as a standalone product is difficult. But when you pair that with a cybersecurity platform, the product starts to make more sense. In addition, normally, when you purchase insurance, you pay a premium—and unless you make a claim, there’s no immediately apparent returned value. By contrast, a customer that purchases one of the products provided by our insurance partners will receive added value from day one in the form of the GamaSec online daily and monthly cybersecurity reports.
We know that 52% of all hacking and data breaches arrive through the internet and the company’s website. And that’s where we provide protection. Companies realize that there’s no silver bullet that can protect them against all cyber risks, but our tool can protect against a significant portion of the threat landscape.
SD: What are some of the industries you provide services for?
AB: We work a lot with companies that need to protect their reputation (which I will explain later), healthcare companies, and eCommerce companies.
A company that needs to protect its reputation could be a law or accounting office. Their website is their window to the external world. If that’s hacked or defaced, or somebody manages to steal information from their website, the loss of professional reputation could be enormous.
We know that eCommerce providers don’t want to see their website down because that means an immediate loss of sales. We also find that companies that display a security seal have 14% more income and sales. People are more security minded and want to make sure that any website they’re entrusting their credit card information to is trustworthy.
Healthcare companies are often custodians over a lot of sensitive information. Protecting that is an important part of the duty of trust they have to their patients.
SD: How do you see cybersecurity changing in the next five years?
AB: Threat hunting—providing rapid identification and remediation of attacks—will be the next major development. That feeds into threat intelligence and real-time attack detection, which means that we are always working on developing the capability to detect attacks when they are just starting out rather than when they are already “on premises.”
We are already working on the next generation of tools to protect websites. In the very near future, we’ll be launching GamaEye, which we have patented in the US and Canada. A real-time website attack detection based on deception technology gives defenders a rare advantage against attackers by doing something that other forms of cybersecurity don’t.