Planning for Tomorrow's Cybersecurity Approach

Financial IT: Doron, can you give us some brief information about Continuity Software and your role there as chief technology officer?

Doron Pinhas: Continuity Software is a leading provider of IT Operations Analytics solutions for infrastructure outage prevention.  The company's solutions enable IT teams to proactively identify and eliminate single-points-of-failure across the entire IT infrastructure – including High Availability, Cloud, and Disaster Recovery (DR) environments. Founded in 2005 by a team of IT infrastructure and data protection experts, the company is focused on a single mission – helping the world’s leading organizations prevent unplanned IT outages. Currently, the technology is used in 7 of the top 10 US banks, along with many insurance companies. 

I've been with Continuity Software since 2005 and prior to joining the company, I worked with Xpert Integrated Systems LTD., a leading Israeli SI, first serving as its Chief Operating Officer and later forming the Business Continuity Solutions division. I also served in the Israeli Defense Force for 10 years as senior product developer and system architect.    These experiences have really shaped the way I approach each challenge,  really looking at the "outside universe" to develop and understand new technologies and the way they interact with IT organizations.  This allows me to understand their evolving needs, challenges, and requirements. 

Financial IT: Cyber crime is becoming a threat to the financial industry. Why is financial institutions industry facing these challenges and issues? Is Financial Institutions' cybersecurity getting worse or are cyber attacks' technique getting more sophisticated?

Doron Pinhas: It’s not only the financial industry, but I think this is rather obvious why financial institutions are an attractive target for hackers… 

Cyber security is definitely getting better, but the level of sophistication of the attacks is always on the rise as well. It’s a constant battle where each side tries to outdo the other and both have their successes and failures. We don’t hear about the “non-events” that were prevented due to better security, it’s the failures that make the headlines.

Financial IT: What are new security standards and approaches needed to combat with cyber crime?

Doron Pinhas: Enhanced standards are needed in order to increase operational resilience and reduce the potential impact on the financial system in the event of a disruption, such as the Enhanced Cyber Risk Management Standards under consideration by the Federal Reserve System. These standards need to address prevention as well as redundancy and recovery of services and data, such as the proposed rulemaking for sector-critical systems to meet a 2-hour RTO. 

Working with leading financial institutions to ensure service availability and business continuity, our experience shows that the ability to measure risk quantitatively is important in order to increase cyber resilience. Risk measurement metrics should apply to data recoverability and safety as well as the availability of recovery infrastructure. The risk management process should be actionable, so that when a deviation is measured, the required remediation actions are easily identified, enabling systems to be quickly brought back into the desired state. Another key factor is the ability to apply the measurement (and process) in a proactive and a continuous manner. An annual/bi-annual periodic measurement or testing, which is how most institutions measure readiness today, does not provide sufficient indication, when the IT environment is extremely dynamic. Rather, the frequency of risk measurement and assessment needs to be in line with the rate of change within IT systems – if changes are made on a weekly basis, testing and measurement must also be performed at least every week.

Doron Pinhas has been with Continuity Software since 2005. Prior to joining the company, Doron was with Xpert Integrated Systems LTD., a leading Israeli SI, since 1998, first serving as its Chief Operating Officer and later forming the Business Continuity Solutions division. Prior to joining Xpert, Doron served in the Israeli Defense Force for 10 years as senior product developer and system architect, retiring with the rank of Major.  Doron has over 17 years of experience in data and storage management, real-time applications, operating system design and development, and open system and networking architecture definition.

Other Interviews