Ariel Silverstone knows a thing or two about the data protection challenges facing modern companies. HYAS’ European data protection representative and data protection officer helped write the cybersecurity policy for some of the most popular ones.
Silverstone has served in senior cybersecurity roles for some of the most demanding companies in the world, including Bell Canada subsidiary Bell Teleglobe, Expedia and GoDaddy. These are companies at the foreground of the technology industry, handling oceans of sensitive data while constantly developing new products and services. He has developed security policies to keep that information safe while assessing the impact of new business and technology developments on corporate privacy.
Now, he is a partner at DataProtectors LLC, a select group of consulting partners that provide outsource data protection officer (DPO) services to clients in a range of sectors. He advises on cybersecurity and privacy issues including compliance reporting, developing privacy policies, and employee training. When industry executives deal with privacy regulators, it can often seem that they’re speaking different languages. Silverstone and his partners serve as intermediaries, able to translate smoothly between the two.
Silverstone got involved with HYAS after a colleague introduced him. He quickly came on board not just as an investor, but in an operational role at the company. He explains that he saw something unique in what HYAS was offering.
Leveling the battlefield
“Battles are won because of asymmetry,” he says. The victor always has the advantage in some way. In the cybersecurity war, the attackers have long had the upper hand because they outclass the defenders in two key areas: information and time.
“They choose which target to attack first. They choose when to attack, and they choose what to go after,” he explains. “The target doesn’t know who will be attacked, or how, or for what.”
That puts today’s companies at a disadvantage, and we see the results in headlines every day. They are suffering data breaches on a systemic basis. As Silverstone says, cybersecurity defenders must win every time, whereas attackers must succeed only once.
That is, until now. “HYAS is doing something that is much needed in the market,” Silverstone says. It’s redressing the imbalance by providing advanced information and giving defenders time to prepare.
Companies that don’t know where the next attack is coming from or when try to defend everything at once. They end up spending millions providing inadequate protection everywhere.
Hyas enables them to focus their armor where the attacker will hit. By understanding the attack formation that they are likely to face, information professionals can focus their response, choosing where to invest their cybersecurity dollars for maximum effect.
“Imagine that we get foreknowledge about an attack, or even a probability score concerning what someone will go after,” Silverstone says. “That is priceless.”
Nothing works without data
HYAS does this by collecting vast amounts of information from trusted partners that together make up the fabric of the Internet. Its data sets are both historical, reaching years into the past, and evolving second by second as it gathers real time, streaming signals. In many cases, it knows about emerging attacks on a target before that company’s executives do.
Any company that thrives on data in 2018 must govern what data it collects, from where, and how. Managing data privacy is a key responsibility for a company like HYAS. Even though the information that it collects isn’t overly sensitive, the company understands that people are increasingly aware of the issue thanks to decades of abuse.
“The excesses of the last 25 years mean that data subjects are more aware and execute on their data privacy rights,” Silverstone says.
As European data protection representative and data privacy officer at HYAS, Silverstone brings regulatory expertise that helps the company to comply with an uneven patchwork of regulations spanning multiple countries.
“There is no uniform regulation that says how to handle privacy,” he says. The US doesn’t have a federal one at all. Canada’s has shifted, and Europe has imposed the strictest privacy rules in history. Various state and provincial rules add to the complexity still further. HYAS must manage not only data privacy rules within these countries, but the data relationships between them.
He explains how to collect information in line with rules such as the General Data Protection Regulation (GDPR), protecting European data subjects, and then uses his extensive regulatory knowledge to define if there’s a need to transfer data to Canada and under what conditions. He also coordinates collaboration between HYAS and European regulators when data subjects make requests.
This focus on privacy protection will become even more important issue for security companies as their protective tools and services move into the cloud. That’s a trend that he sees continuing, because the cloud’s benefits are compelling.
“After all, the data is already in the cloud, and financially it’s far more efficient,” he says.
Intelligence is key
Extensive data gathering alone is not enough, though. There are thousands of free open source intelligence feeds available today, but the secret lies in finding what is important in a sea of data points and is providing corporate clients with the one thing that they are sorely lacking today: intelligence.
Silverstone has strong ties to Israel, having established the Israeli Center of Excellence for Information Security. It is a country that has fought against attack from its inception, and the cybersecurity industry can learn a lot from that mentality.
“In Israel, we have a saying that if they get to the fence, it’s too late. That’s the core of what I see in HYAS,” he says. HYAS stops the attackers before they become a threat by providing advanced intelligence before they even reach the battlefield.
“If we can use that information proactively, understanding where they’re going and where they’re coming from,” he concludes, “it’s invaluable.”