Israeli Cyber Awards (not the ones you had in mind)

Last week the Israeli Cybersecurity industry came together to celebrate its success at the annual Cybertech event. There were countless vendors represented – VCs threw lavish parties and everyone who’s anyone in the local Cyber scene was there, including the Israeli Prime Minister. Mr. Netanyahu was indeed present, and delivered a very persuasive speech about Israel’s cyber abilities.

That was nice indeed.

However, just one week prior to the event, a smaller, albeit more significant event took place. It did not involve a massive amount of presenters or visitors. Nor did it charge admission.. In fact, it was semi- clandestine and published only on Twitter. The event was titled “the Israeli Cyber Awards”, presented by two independent security researchers- Noam Rotem and Ran Bar-Zik.

Unlike the mainstream “cyber” event, this one didn’t exactly celebrate Israeli prowess in the cyber realm. No, it kind of did the opposite: it “celebrated” very poor security behavior, from silly, negligent, to borderline criminal.

During the event, which was fully booked by aspiring cyber professionals, the duo presented the “winners” of dubious categories such as ‘Best (or worst ) Password’, ‘Best English, “Best Bot” and so on. All the evidence presented was gathered from open websites that were shared in the past by them (and other researchers) on social media platforms (following very responsible disclosure protocols). Sadly, most of the stuff came from government sites, like the national prison service, Telco company sites, and others which are usually regulated or should have known better. No real “hacking” took place – they were simply poking around the web looking for unsecured sites – and boy, did they find them.

Some might say that this is not really a cybersecurity problem, as most public websites do not contain real important information. You can check the  presentation , listen to the recording and decide for yourself. It is both dead funny and VERY grave. How can we be the No.1 cyber nation if we have so many faulty websites?

(yes this won the OMG it was on the client side award)

I’m adopting a positive stance here. First and foremost, I salute the duo in their lifelong struggle to bring dodgy security to light and help organizations put more effort into security.  (even by shaming them). I believe that by doing, we will become stronger and more resilient.

Secondly, I think it’s awesome how the local community is willing to share information, learn and improve.. It’s truly educational, and in this sense, beats any talks by famous persons who discuss the “importance of cyber”.

It also helps less-technical folk see that “Cyber” isn’t some scary domain – anyone with wits can learn the basics and improve his or her security, and perhaps even work in the field. (Ran says that since he taught himself to program at a very late stage in life, he reckons that anyone else can too).

I think that these are two extremes of our cyber nation. We develop awesome tech and sell it to the world while our government websites are poorly secured (and our politicians are trying to filter and control the web and limit access to certain sites and content types). With more people like Noam and Ran showing us we can and should improve, we will slowly bridge this gap. And even if we don’t, we’ll certainly have laugh a lot in the process.