He started programming at the age of 13. At 15, she began her studies in computer science at the Hebrew University of Jerusalem. At 25, in 1993, she founded with two colleagues check point, which today is one of the most reputable cybersecurity companies in the world, with a turnover that in 2021 exceeded 2,100 million dollars. Gil Shwed (Jerusalem, 1968) made a name for himself in the industry by developing the first firewall or modern firewall, a type of computer program that protects the computer against external intrusions when browsing the Internet. His invention automatically became a category: all computers today use a firewallregardless of the security provider they have.
Shwed’s voice is listened to with attention in forums and events. Although perhaps the most interesting thing is what he keeps silent. The Israeli handles high voltage information. It is said that large multinationals and ministers have turned to him to resolve serious crises. He declines to talk about it: Confidentiality is a gold standard in his business. Shwed attends by video call to EL PAÍS from Jerusalem. He wears his trademark black t-shirt and speaks from a very normal desk. Impossible to infer at first glance that he accumulates a fortune estimated at about 3,400 million dollars, according to the magazine Forbes.
The interview took place before Russia deployed troops to Ukraine, but a few weeks after the cyberattack attributed to Russian groups against Ukrainian government agencies. Both Shwed and his team declined to discuss the matter, calling it “very sensitive.” They also did not want to comment after the ground offensive began.
Ask. Do we have reason to worry about cybersecurity?
Answer. I think that today more than ever, especially after two years of pandemic in which we have turned to the digital world. Factories, critical infrastructure such as water or electricity… everything is connected and controlled by the internet. From a remote computer you can disable hospitals, change train tracks or close the water supply pipes of a city. And of course our personal data can also be accessed: where I’ve been, with whom, my medical history, my finances, and so on. Our whole life is in constant danger, yes. And, unlike in the physical world, in the digital world it is almost impossible to locate criminals: someone can attack a Spanish infrastructure from Israel through servers in other parts of the world.
P. Is enough attention paid to these challenges?
R. We need to do more. We are developing tools to combat the fifth generation of cyberattacks. Most organizations are still protecting themselves against the fourth, which has meant, for example, that in Germany the systems of a hospital were hijacked in the midst of a pandemic and it had to become completely analog in order to continue operating.
P. What is the fifth generation of cyber attacks?
R. We have identified a number of patterns in next-generation attacks. First of all, they are polymorphic, there are never two alike, although they can often resemble each other. Second, they are multifactor. Before someone attacked the web and that’s it; now the attack can start with a apps of games that you download on your mobile that incorporates a malware [software malicioso] that goes to your credentials of the newspaper that you also read on the laptop to enter it and steal certain data that you have on that device. That brings us to their third characteristic: they are very difficult to detect and very sophisticated. We have seen how a malware altered the chemicals in the water in a water treatment plant. Poisoning an entire country is not difficult.
P. What is your approach to defend ourselves against this type of attack?
R. We need to protect ourselves against the latest attacks detected today and against those that happened 20 years ago, which can still hurt us. But also against those we have not yet seen. We must protect the web, mobile phones, company servers, the cloud and all devices connected to the Internet of things. We need a multi-vector approach, and that goes through automatic technologies, supported by artificial intelligence. Here in the end it is about preventing, not deterring. The police most of the time do not stop the crime, but appear when it has happened. That works as a deterrent, but in cyberspace that doesn’t work.
P. To what extent has cybercrime grown with the pandemic?
R. A lot. Last year the number of attacks increased by 60% worldwide compared to the previous one. And I think the figures will go further. The growth is explained by two reasons. The first is that the world is now much more connected and even more dependent on the internet. During the pandemic, people have dedicated between 70% and 90% of their time to activities on-line. That also means that many things that were once safe from the internet are no longer safe. Machines in many factories were manually controlled and maintained; with the pandemic they have been connecting to do work remotely. Hospitals, banks, offices… They have all given their workers access to more and more remote functionalities, and this in turn increases the attack vectors: if someone breaks into my computer, they can possibly also break into the company’s systems where I work. what work. On the other hand, hackers they have also been locked up at home and have had a lot of time to work. His methods have improved.
P. Have you helped any company avoid collapse in this time?
R. Several times, though I can’t name names. For example, a major government company that provides many services in their country asked us for help. Our team investigated and detected two malware who were controlling that organization and who had been in the systems for months. We stopped some 90,000 intrusion attempts in the following hours, we installed critical servers such as an email system and we cleaned 8,000 computers in the organization. We don’t know how much information the hackers before our intervention, but they could have led to its collapse.
P. In recent years, the use and popularity of cryptocurrencies has skyrocketed. To what extent are they safe?
R. I am not an expert on this topic, but you have to keep in mind that there are many cryptocurrencies that are scams in themselves. That said, although the encryption algorithms of digital currencies are very robust, the weak part is the digital wallets: this is where the actions of cybercriminals are concentrated. On the other hand, cryptocurrencies are one of the reasons why cybercrime has grown so much in recent times, since they allow attacks to be monetized. Now the rescues of the ransomware [programas que bloquean los sistemas de un ordenador y los liberan previo pago de una suma de dinero] They are paid very easily.
P. How easy is it to get a cyber weapon on the dark internet? [programas que explotan vulnerabilidades de otros programas]?
R. It’s pretty easy. And that is one of the big differences with the physical world: for a terrorist group it is almost impossible to have access to an F-35 fighter because the most sophisticated weapons are subject to great controls, they are identified, they are extremely expensive… In cyberspace it happens exactly the opposite. There are many networks on the dark web where you can get competitively priced cyber weapons, some even for free. It is a real industry. You can even pay others to do the work or share expenses and profits with criminal organizations that offer.
P. Are you aware of any government having acquired cyber weapons?
R. We try not to get mixed up in government affairs, but we have seen groups linked to the Iranian authorities trying to access resources monitored by our investigative teams. On the other hand, all the big countries develop their own cyber weapons.
P. Some companies, like the Israeli NSO Groupdevelop software spy used against individuals. They exploit vulnerabilities to sneak into other people’s systems, just like cybercriminals. Is your job also to deal with legal companies?
R. I would like to make it clear that we are not in the same industry. When our researchers discover a vulnerability they don’t exploit it to make money, they don’t sell it to third parties. We are clear that we want to be on the side of security. The first thing we do is notify the owner of the vulnerability, we provide them with all the information we have gathered, we help them fix the problem and finally we publish it.
Exclusive content for subscribers
read without limits