Check Point: Founder & CEO Gil Shwed on CNBC Squawk Box

CNBC Squawk Box featured Check Point CEO & Founder Gil Shwed. Gil Shwed discusses 5th generation cyber attacks. For more www.checkpoint.com/gen-v-cybe...

Talking about level three attacks, level four attacks; what are fifth and sixth level attacks?*

[Shwed]: [The] current generation of cyber-attacks which we are seeing are what we call the fifth generation. These attacks are coming from multiple vectors. From the cloud, from our mobile, and from the traditional network and endpoint. These attacks are what we call “polymorphic”. They change their shape every time, so it is not like in previous generations you could say, “This is how I identify an attack, this is what a malicious looks like, it has a signature and I know how to identify it”. Now hackers are changing the form of the file and the attack every time, so it is very hard to spot it.

[Male Interviewer]: So is that considered a level five attack or a level six attack?

[Shwed]: Level five right now and what is more important, the hackers are using tools that are basically the most sophisticated tools. Like government-grade level tools. Basically all of the tools that state-sponsored organizations are developing today. They are finding themselves in the hands of the general criminal hacking community.

[Female interview]: What are they trying to get? Are they trying to get money? IP from companies? Are they trying to steal secrets form the government?

[Shwed]: All of the above. I mean there are a lot of [them] trying to steal secrets. There is a big industry in blackmailing and ransomware and things like that that are happening. There are just hacktivists that want to show what they can [do].

[Male interviewer]: What percentage of this is economically driven versus, like you said, sort of the “hacktivist” that want to show that they can break through the perimeter?

[Shwed]: I think the evolution of cryptocurrency has made economical crime really exist today. 20 years ago it was very hard to do it because there was no way to charge money, today there is a way to charge money.

[Male Interviewer]: We constantly hear about thousands or millions of credit cards or usernames getting hacked, and yet what you don’t hear about is on the very individual micro-level those accounts being used to extract money or something else.

[Shwed]: They are being used. Usually the credit cards block them in a very small amount and absorbs the damage, but it does happen. Basically, a stolen credit card number is sold in the black market for “x” number of dollars. The hackers know how to create trade out of it.
[Female Interviewer]: My biggest fear is a massive hack that actually cripples or destroys a bank. Is that possible?

[Shwed]: That’s more possible and we are seeing things like that. Cyber-attacks destroy big organizations. These things happen, it is not science-fiction. This week we are actually commemorating the WannaCry attack that happened a year ago. That demonstrated that most of theoretical cases of what an attack can cause are real. That happened. I mean factories were closed, almost an entire country in Ukraine was shut down, factories all over the world, and by the way hospitals and emergency rooms were shut down. It proved that a large scale attack like that can happen.

[Male Interviewer]: So what are you worried about at night?

[Shwed]: For us it is about developing the answers to that and mainly educating the market that we should step up to this fifth generation. Only three percent of organizations today are getting ready for the fifth generation of attacks. Most people are really struggling with what we used to do, 10 years ago. Which is not meant for us. We sell also the second and first generation solutions. The message that I am trying to convey to the world, “If you want to be secure, you need to step up to the fifth generation”

[Male Interview]: Is that a process issue, or is that a software issue, or are there a lot of components to this?

[Shwed]: There are several components. In small-midsize companies it’s relatively easy because they can make these decisions quickly. In larger organizations it’s more complicated because they have huge organizations that are dealing each one with their own domain. And the issue is to consolidate and to step up and to deal with “what I used to do".

[Male Interviewer]: Final quick question because we have to go. In a cloud world where you see the Amazons, the Microsoft's and Googles starting to develop their own security stacks, where do you fit into all of that?

[Shwed]: I think we fit in on top of it and that has always been our job. Whatever the vendors are doing in the operating system, in the router, we want to give the layer of security that is above that and we have been doing that for 25 years. By the way, I think mobile phones are the real backdoor to all of our assets these days. Only less than one percent of organizations are using something to secure their mobile phones.