Make sure you discover where all your personal data is stored, processed and shared in real time — even in the dark corners you don’t know about.
Don’t be fooled by shiny interfaces…not all that glitters, shines.
Demand security principles to drive your data privacy technology. Make them tell you what you don’t know.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Zak Rubinstein, CEO and co-founder of 1touch.io, the developer of Inventa, a discovery and control platform that accurately and continuously catalogs sensitive and protected data to help organizations meet privacy, security, governance and cataloging requirements. As a 13-year veteran of the security industry and organizational psychologist by training, Zak led the global sales and SE Training efforts at CheckPoint to help advance field education aimed at selling deeper and wider in targeted markets.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in Golders Green, London and emigrated to Israel for the sun and high-tech scene. I came from a family of innovators and entrepreneurs, with my grandfather being one of the first to mass-produce candles for several new markets. My father was a real estate developer, and so this entrepreneurial spirit has guided me to what is now my third start-up. My father’s motto is “Whoever doesn’t do, doesn’t do.” (sounds better in Hebrew :-))
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
When I was living in the US, a day after I was stopped by a traffic cop for speeding, I received about a dozen letters from attorneys that wanted to represent me. My wife got a massive shock and, as I was out of town, she was very worried.
Though my cybersecurity career goes back to 2005, my main inspiration for 1touch.io came in 2014 when I began to realize the sheer commoditization of personal data, and how wrong it was on so many levels. Complete strangers had access to my home address; that was crazy!
Can you share the most interesting story that happened to you since you began this fascinating career?
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
There are so many people that have helped along the way, but really my wife would top the list. The life of an entrepreneur is very difficult, to the extent that we faced losing our house — twice. The first time, my wife’s response was, “Okay, so let’s look for a flat.” The second time, when my second start-up failed, her response was, “You’re a resourceful guy. You will figure it out.”
But generally, the belief that so many people have had in me has been a major factor in my success.
Are you working on any exciting new projects now? How do you think that will help people?
We are. In October, we will release a new version of our product that will revolutionize the perception of what artificial intelligence can do. It will allow ground-level users to utilize machine learning as part of the standard user interface. It’s mind blowing; you can actually see the application learning from you and implementing what it learned.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
Find a group of people you trust to give you advice on different aspects of business. No single person has all the answers. But mostly, surround yourself with people that believe in you. It’s a tough journey, and that support helps a lot.
Also, I was brought up with a very Socratic mode of thought that powered my education from an early age. The ability to constantly question assumptions and not jump to conclusions has also been very important. But most importantly, never be arrogant!
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
1. Being an Israeli company, we already have a head start in terms of expectations. Leading the first data privacy company that has cyber security principles at its core is a very exciting place to be. By cyber security principles, I mean, “Don’t tell me where the threats are.I will tell you.” This concept is also known as Zero Trust.
2. It’s a small market. To do well, you need to behave. I love the sense of reconnecting with people I met years ago in my roles at Check Point or Indeni. At the end of the day, I find that the business people I work with are fantastic.
3. The sense of innovation that customers — especially American customers — are open to. I love speaking to early adopters and visionaries and forming lifelong relationships. I find that these people see the adoption of early stage tech as a chance for them to prove themselves in their companies, so it’s a true partnership, and I love that.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
I can only speak in terms of privacy and security. For me, the biggest threat is the false sense of security that the first generation of privacy tools is giving to customers. There are a lot of tools out there that label themselves as security and privacy tools, but a PrivSec tool that makes you tell it where to look for personal data is like an antivirus solution that needs you to tell it where to look for viruses.
I actually think the biggest threat is one that we are already familiar with, but I’m not sure people truly understand just how pervasive it is. We all know various organizations use our private information as both currency and product. It’s the scope of this use that’s becoming a true threat, as well as the purposes for which it’s being used. There’s a new film out on Netflix: ‘The Social Dilemma’, directed by Jeff Orlowski. It provides insight from tech experts on just how insidious the use of our private data can be, and how it can be used to manipulate us on every level: from the personal to the political. It’s highly informative, very sobering, and spot-on.
Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
Not a breach, but a data privacy vulnerability. In a POC, we were up against a first generation privacy tool and we found a list of the executive leadership teams’ shareholdings and SSNs. The other mapping tool, which sells itself as a discovery tool, did not pick this up. In another POC against the same solution, we revealed tens of thousands of unique credit card records in a network with full PII, and the other tool couldn’t find it at all. This is what I meant earlier when I said that customers are being lulled into a false sense of security, which is dangerous.
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
It’s less a matter of the size of the company, and more about the scope of private information it handles, the commitment it makes to its customers with regards to privacy and security, and of course the relevant regulatory requirements. A global corporation that does not handle any personal data doesn’t really need anything beyond the basics, but a two-man operation that processes the financial records of all its customers may need the most cutting-edge solution in order to stay compliant.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
Not really, in most instances. That’s the main problem: the “first signs” of a breach occur when the information is already out and the damage is done.
Since the weakest link is always the human factor, it is sometimes possible to identify suspicious or unauthorized transfers of data to locations where that data should not be. Of course, in order to do that, you need tools that can track data transfer and discover when private records are copied and saved.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
The first step is to contain and limit the damage of the data breach by identifying both the data that has been exposed, and the manner in which the breach occurred. This is crucial both for transparency purposes, and in order to sanitize the breach and ensure that it does not allow additional leaks.
Then, the company must proceed to ensure that there will be no future recurrence. Cases in which data breaches have exposed personal information teach us that both customers and regulators pay close attention to not what companies did before a breach occurred, but also the nature of their response (i.e. how they upgraded and modified their system configuration to handle such situations).
We’ve seen a massive uptake in business as a result of these measures. Privacy is the new green. More and more companies are expected to take care of customer data. I think adherence to privacy dictates will become a selling and boasting point for companies, like green credentials are today.
What are the most common data security and cybersecurity mistakes you have seen companies make?
Complacency; dysfunctional operational silos in an organisation of key stakeholders; and naivety of glossy marketing and flashy interfaces.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
Too many companies think they can buy a very commoditized first generation privacy tool and prove they have made best efforts. This is an error. There is now a technology that discovers ALL uses of personal data, even what you don’t know. Relying on a dated technology that only finds personal data when you point the system to a known repository is a HUGE mistake, and given that you can’t really tell whether ALL personal data is properly secured, it significantly increases your chances of a larger fine in the case of a breach.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
1. Make sure you discover where all your personal data is stored, processed and shared in real time — even in the dark corners you don’t know about.
2. Privacy workflow and management tools are now very commoditized. Don’t overpay.
3. Don’t be fooled by shiny interfaces…not all that glitters, shines.
4. Don’t be fooled by product pricing. There is a lot more to cost than the software. First generation mapping tools are extremely expensive to implement from a manpower perspective. Do your homework.
5. Demand security principles to drive your data privacy technology. Make them tell you what you don’t know.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)
Tax benefits for hotels/restaurants etc. to distribute food in a hygienic and safe way to the poor and homeless. Everyone can lobby local and federal governments for change. Everyone can ask their favorite restaurant, “Hey, what do you do with leftover food?” and make sure they make a commitment to not throw out decent food, but instead find a good local outlet.
How can our readers further follow your work online?