Dr. Jeremy Weisz 16:04
So the OT side is, is basically operational technology and protecting it. And I know you work with a lot of manufacturers, there was attacks like this can cause chaos, you know, digital, or cyber attacks can cause real physical issues. And there was something that happened with
Yair Attar 16:26
there was no gas in certain areas. What happened with that? Yeah, so I think this is a good example. So a few years ago, there was a cyber attack, I think one of the attacks that caused significant damage in the US on the Colonial Pipeline Company, which basically have gas pipelines and distributes at the end of the day, gas to different places. And due to cyber attack, they stopped their operations for about a week. And this caused like panic in many places, because there was no gas in gas stations and things like that. And what was interesting with this use case, is that what’s known today is that there was an attacker that reached the IT organization, but because they could they took a decision, they took a decision to stop operations, because think about it, if there you have an attacker within your pipelines, it can actually cause much more damage from explosions, to stopping things, and etc. So safety related, environmental, environmental related. So they took the decision to drop everything down and stuff operations. And if they had a chance to understand they really had the visibility of how the environment is secure. And how hard it is to actually cause this type of damage. Maybe they could have taken a different approach or decision. So this is just one example. And unfortunately, and we hear almost every week now, there’s a big one that was happening a few months ago, called our x company, the ones responsible for manufacturing of like different cleaning materials and things like that we’re talking about, they’re now reporting their q1, you know, some of the revenues within the last quarters. And we’re talking about more than $300 million losses. And this is what at least we know, one of the challenges also what happened with a CIO. So actually, it’s quite similar to some extent to Colonial Pipeline where basically they will get hit. Again, when you don’t have proper visibility into your digital operational environments, and how well they are connected, and you are immediately afraid. And so they also took a decision in some places to just stop operations. And unfortunately, by the way, think about it when you have materials that sometimes you know, are they serve pharmaceutical, for example, whatever, so they are regulated. If the operational process steps, then you need to stop everything, clean everything, and do everything from from the beginning. And this is just one use case within the pharmaceutical and food but also food beverages and things like that. So the whole operations become much more complex, much more digitalized. And again, over there just stopped operations because of this attack. Because the significant impact
Dr. Jeremy Weisz 19:42
from an authorial perspective what would you have done, or what would have been in place that would allow them to maybe do something differently?
Yair Attar 19:55
So I think that’s today. One off. So first of all, what we’re seeing here is almost as a pattern, that the most significant and scarier attacks are ransomware. Because it’s the easiest, to some extent, the easiest attack like you don’t need to invest a lot. Once you get one foothold within the organization, you basically it spreads. And it causes the most significant impact on those types of environments and those types of organizations. And what we do, which is quite different today, with what we’re seeing in the market, is we’re helping those organizations to understand proactively, where are those gaps. And one of the challenges in general in cybersecurity is that you’re, when you see everything, you’re you’re overwhelmed, because you’re not an expert always, and you don’t know where to start, and you don’t know what decisions to take, that will create the most significant impact from a risk reduction perspective. So what we’ve built, we have a solution that basically helps to take them to this journey. And it’s a journey, by the way, that we accompany them throughout this journey. And we just, it’s not just, here’s the product or technology, and that’s it And goodbye and talk to us when you renew. But it really is a journey, that we work with them to help them build the workflows and processes around that because again, this is still maturing and evolving. But at the end of the day, it really helps them to take the best call to action. And leverage already compensation controls they invested in the past, and hopefully do more with less. Because again, we know that, you know, one of the some of the biggest challenges in in general, but in cybersecurity specifically, is manpower skill set. And especially, you know, those sophisticated people will not always go and work for, I don’t know, an energy utility, they will go to work for our IT or advanced technology companies. So we know that we address the markets where there’s not a lot of people are where they’re dealing with this. And there’s not always the skill set, and we need to help basically support them upskill them and accompany them in this journey. And then they help them be protected. When do you get a call? Because I mean, I look at the spectrum of being super proactive, and being super reactive. And I don’t know, my thoughts skew to people are calling because they’re attacked. But when do people actually call you? Yeah, so definitely, today’s still the best driver for companies to start moving the needle is either being attacked, or their direct competition or someone they know from close has been attacked. This is work is unfortunately, you know, there’s the saying, you know, it works. So don’t do anything. And people tend to it’s like sometimes like insurance, right? You sometimes you need to pay you need to do the minimum just to comply or whatever. And you get things when when when something happens. So people think about it that way sometimes, but this is changing. So let’s say we of course definitely will always get a more alarming call when something happens. But our goal is to educate and work with our customers not to get their right to hopefully get to the point because let me give you an analogy. The cybersecurity in general, right? It’s like a rotating wheel here. Everything is changing all the time from defend both from defender perspective and attacker perspective. They get better tools, they get their job, they’re changing things and defend needs to be changed as well. And I think I usually usually use this analogy of thinking about two men that are in the field. And they see danger. That’s a lie if one goes down to tie his shoes. The other one tells him what are you doing like he’s going to chase us anyway. But then he tells him that’s okay. I only need to outrun you. So basically write the whole thing about it is that I don’t think anyone needs to be perfect. I don’t think anyone needs to do everything everywhere. It doesn’t make sense. But you need to start doing some things and you need to start protecting your environment a bit better than others. Because attackers are also human beings, like everyone else they like to do. They like to work less, but still do more. So if it will be one company that is trying to attack, it will just be too hard.
Dr. Jeremy Weisz 25:03
They will go to the next one. Yeah, yeah, I can see that it’s probably similar to, let’s just say someone’s going to rob our houses, right, and they see one with a big sign, we have an alarm system, and we have a dog and we all the stuff, you know, then they can go to another house that doesn’t have all that stuff, you know, it’s obviously going to be an easier, easier task. And that’s kind of what you’re saying, in this case.
Yair Attar 25:30
Yeah. And also that those, you know, danger signs or whatever is definitely something that helps. But then you have the more sophisticated, that will still try to get in, right. But you need to make sure that you’re doing the I would say, some hygiene, right, making sure that your door is locked and making sure that windows are locked and things like that. Because at the end of the day, sometimes you also see a lot of organizations that, you know, puts and let’s use this analogy on the door, like cameras and everything and making sure et cetera. But then there’s the window behind that is widely open. So it’s also really knowing the whole terrain of your house in this analogy, and understanding where it might come from, and based on that doing what we call risk management, right prioritizing and things like that. But yes, if you do those, let’s say even basic things, definitely more makes more sense that someone will just go to the next start.
Dr. Jeremy Weisz 26:32
What are some you mentioned, you know, looking at everything holistically, what are some mistakes that you’ve seen companies, they were making that maybe seemed obvious to you but weren’t warranted on?
Yair Attar 26:48
I think in this case, unfortunately, almost everything. Because it was really getting to basics sometimes. Because thinking about what would you consider basics. So thinking just from proper segmentation, so segregating between different networks, or things related to user management, or authentication, or etc, because think about it, and it’s nobody to blame because those environments were built with the mindset that they are arrogant, that they are separated. But what happened with digitalization, everything became connected. Because if you’re not digitalized, you’re going to go back from see from just cost revenues, etc, right against your competition. So those environments, to some extent, were built insecure by design. But they are not built to be connected. And sometimes you have people that have been responsible for those for many years. And they are great at what they do. Great operational teams, automation engineers, but again, they didn’t always have the full understanding of what does it mean to do it also security. And this is what we’re seeing today within the market. And again, also what we’re seeing is, as I mentioned before, CISOs the cybersecurity officers are taking responsibility, because then as a board, I want you know, someone who wakes up and go to sleep thinking about cybersecurity. But the thing is that up until yesterday, he’s he’s been told this is not your domain, don’t touch. And all of a sudden, he has been tasked with this responsibility. But when he goes to the operational teams, it’s not always that smooth and easy. There’s really a need for and by the way, it’s not to blame them because I think what we signed the past that IT folks came with their own solutions and approaches and what they did, they ran things in operational environments, and they caused things to break. Because what we see today what I think there’s already an understanding today that IT security as it is, doesn’t fit ot security, because again, you have very sensitive assets, they will not build with the mechanisms they can it to protect them. So they just break and collapse and stop working. And at the end of the day, if this you know affects operations and cause production stop, nobody wants that then that’s a significant impact.
Dr. Jeremy Weisz 29:32
Talk about your from from a leadership perspective. What you’ve learned from your your co founder?
Yair Attar 29:43
Yeah, so I think is definitely one of the most strategic people I’ve ever seen. You know, he gets to a room. He really reads everyone understand what’s happening and You know how to, you know, used to say to me, sometimes he plays multi dimensional chess. So it’s not just what you see on the board and all the, you know, the entities that are on the board itself, but also who’s looking, what’s their thinking, and what’s their going to play? What’s it going to be the next move. So I think really, from a strategic perspective, is one of the best leaders I’ve ever met, of course, also what I always liked, even when he was a general in the military, that’s key, didn’t care about getting his hands dirty. And when something needs to be done, just go up to the last person, get the details, understand what’s happening, and go and fix it. And not just asking other managers or officers that are within his unit to go and fix it, etc. But really some things that are critical, just make them happen. So those are things that I’ve seen, and I’ve learned, and I think it’s something amazing that I’ve learned a lot from,
Dr. Jeremy Weisz 31:17
you know, we talked about some of the attacks that can cause chaos. And I understand, you know, you help a lot of people in automotive manufacturing. There’s pulp and paper, there’s food and beverage pharmaceuticals, can you walk through a little bit? Take, for example, like a medical manufacturer? And what kind of what do you do for for someone like that? Yeah. So
Yair Attar 31:45
think about it, like when, when the solution is deployed, the first thing you basically get to do get to see is the whole, like visibility of what’s happening in the environment, like what assets, how they are connected, where they are located, to watch business units, they serve, because at the end of the day in, I would say operational environments, right. Not all assets were born equal, I might have same digital assets same, let’s say, controller, a sensor that have the same vulnerabilities the same gaps and exposures, but they serve different purposes. One is for a critical process. And the other one is for less. So adding this context, this contextualized visibility. This is the first step of our customers, they understand what they have, they understand where it is they understand their gaps and exposures. And this is the first step that our platform takes them. Now the second step is by integrating with their compensation controls. We assess how much they are affected. So think about it, that I’m as a company, I invested in firewalls, and endpoint protection, and etc. But it could be that they’re not configured to the maximum, especially what we’ve seen those types of environments, it’s not always managed properly, because again, people processes things like that. So we find those, what we call evidence based gaps, from a segmentation from assets that are not covered by different controls from a policy gas perspective. And then what our solution is doing is take all the findings, all the network connectivity, how everything connects to one another, creates this, what we call a separate digital twin or sandbox environment, where it then simulates attacks in a non intrusive ways to understanding what an attacker can do in order to prior and this is why but always something we have patterns in the states on and understand what is actually exploitable. What attacker can actually do, which identifying the easiest vectors. And based on that prioritize for the company, what’s the best call to action, what action items they can actually do like it really shows you the actual steps you need to do to start reducing the risk. So once once everything like this is going in an ongoing process, I would say the company can start implementing processes of they’re starting to take actions, mitigation actions in maintenance routines, or different types of assets, how it basically fit the company, and they’re starting proactively to manage and reduce the risk. So this is usually the journey that our platform takes them. We’re then again, we accompany that with helping them build the right workflows, the right processes, and who needs to do what because again, sometimes those are new people, new technologies, new environments, new responsibilities. They need help
Dr. Jeremy Weisz 35:02
Talk about growing through partnerships. And what have you done with the company that has helped you grow through partnerships?
Yair Attar 35:14
Um, so I think, at the end of the day in order for a company to scale, it cannot do it by himself. And this is where partners plays a key strategy. Because today, I mean, who knows about authorial right, we’re small, we’re started for me as well, when someone in the States or in Europe or in any other place, they’re not always aware of who we are the solutions that are out there and things like that. So yes, there is this, you know, direct approach when we’re targeting and creating marketing and everything else. But this is just in a too small scale. In order to grow a company and scale it, you need to start multiply that much faster. And the reason and the way to do it is to partners, especially by the way, cybersecurity is considered a trust topic. So a lot of companies out there already have those trusted advisors, those companies that they work with, that they established relationship with, that help them with this journey in their IT space, or whatever, whether those are large managed security service providers, whether those are global system integrators, whether those are resellers, whether those are individual contributors, so different types of entities that exist, that basically, once I am establishing a good relationship with those types of entities, they helped me to scale, because they have 1015 100, hundreds of customers that are my target customers, and they have the reach out. So this is a key strategy of I think any cybersecurity company about us, but of course, ours as well, in order to scale our business, we work a lot with partners. And I think what we also saw, which is interesting, I think this is something more specifically for the OT space is that the whole service organizations out there are also learning and adjusting and evolving. Because again, this whole market is still still growing. And we’re seeing different types of providers, some that come like enriched comes from the industrial or engineering background. And they have the trust of the operational teams on site, where sometimes you have cybersecurity providers, that they are the trusted advisors for the seaso teams. So I think everyone finds this market glowing. So you know, everyone wants a bite. What we saw that really make things successful, is that, especially at our at our stage, I think that also there’s there’s a different, what we call stage appropriate to which partners you want to go because the big ones and to small fish for them. They don’t want to work hard, they want someone it’s very repetitive, like easy to scale. And without a lot of heavy lifting. At the beginning, when you’re a disruptive solution, like we are in still evolving and changing market, that there’s still a lot of unknowns and uncertainty. We’re mainly looking for those early adopters or types of the ones that really drive through innovation, or are smaller, sometimes even regional partners that are more eager for success, there are more hungry for success. And also, we understood that we are limited from the resources that we can invest. And this is an investment from our side as well, to educate, to train to enable to work with them, to shadow them until they are enabled. And that’s a heavy lift. So at the end of the day, as I think Partners is a key strategy for scaling a business. But in our area, first we need to really choose wisely. Because just having a big list of partners, that’s easy. You need to have a few that are actually successful and for them to be successful. You need to invest and make them successful so everyone gets successful.
Dr. Jeremy Weisz 39:47
Here I want to talk about you know, surrounding ourselves with groups of people that help us up level and what you know, entrepreneur organization, which I know you’re a part of of how is Entrepreneurs Organization EO helped you?
Yair Attar 40:07
So, first of all, I’m still kind of here, joined a few months ago. So I’m still learning. But our perspective, my learning curve so far has been great. And what I’ve learned has been amazing. First of all, it’s a, it’s an amazing group of people. That’s one of the things that I really like is that they’re really there for each other. And whatever you need, in any subject, whether it’s personal or professional, or etc. And I think so, at the end of the day, something that is not always easy for people to understand who are not intrapreneurs themselves who haven’t, like they didn’t found something is that it’s not exactly the same role, as I think working as a CEO in a company or something like that, because I think there is a feeling, you know, that that it’s on you, as the founding member, that this is why you do whatever it takes to make it successful, even sometimes with the price of your personnel. I’ll say things. And first of all, it’s a group of people that has the same mindshare and you can talk about things that not everyone will understand. So this is amazing, you know, it’s like sounds like going sometimes to treatment, and you have the pleasure of talking about things and whatever you have people who you can echo things, and they understand you. But can also echo things back that you learned from an adjusting give you more perspectives and things like that. So I think it’s a community that really helps to build one another from this relationships and connections. And I’ve learned a lot just from hearing different people, and sometimes very tactical and pragmatic questions like, I don’t know, I had a question about a specific topic regarding a vendor related to marketing to a use it or should I not, what’s the benefits and what’s not? You know, I send a question out there, immediately, I get a response. Yes, I have experience, let’s talk. One day later, I have insights that I just couldn’t have elsewhere. Or it would have taken me so much time to get those insights.
Dr. Jeremy Weisz 42:29
What’s it like your first of all, one last question? Before I ask it, I just want to thank you. Thanks for sharing your journey, your experience lessons everyone can check out otorio.com otorio.com. To learn more. Yair. My last question is, you have a young family. Kids talk about what it’s like, you know, because we aren’t operating companies in a vacuum. Right? You have other responsibilities and roles is, as a dad, husband, what’s it like managing a company, running a company with young kids and family?
Yair Attar 43:14
First of all, I think I’m still figuring it out. Because I just have a newborn, like, three weeks ago. But it’s my first job. But I think that first of all, I truly believe that in order to be successful in any aspect of life. First of all, you need to be whole and forward yourself, in the sense of that you have a happy life that you live them to the maximum that you live in. And that allows you to thrive in other aspects. And you also need to have this significant and it’s a significant it’s John riding the roller coaster, right? It’s a significant support from home to allow you to do that. Because definitely, we’re investing a lot of our time, effort, resources in building a company. It’s like having another baby, right? I mean, you build it, you grow it you there are ups and downs and cries and excitement and headaches and everything. So you definitely need to have I think the supports that is going to help you do that is going to help you be strong. Because I also believe that you know, especially these days, I think building companies it’s not it’s a marathon, it’s not a sprint. And so you need to have good support to allow you continue, because you can break at any time. And there are so many there are milestones that you really think to yourself, What the hell am I doing here? But but I think that’s what really helps you to continue is that you have your, your support. So So definitely, this is a key thing. And I also think that we need to balance I also don’t believe, you know, that there’s this thing, like, everything is critical. So nothing is critical, right? You really need to be able to focus DNA need to be able to differentiate, what are the things you that are most impactful? Because I think, again, as I said, it’s a marathon, you cannot just continue to run 200% all the time, you will exhaust yourself and it will be just I think it will impact everyone, the company, the success, grow everything you need to be in a happy place to to be able to move forward strongly. So I think those are the things and maybe one critical aspect, communication. I think what one of the things I’ve learned is, you need to be able to talk about things openly, transparently, freely, in order to you know, to start addressing them. And as a team, within relationship, as a group of people, especially if you want to work and be together with someone closely for the long run. You need to be able to feel like you can say everything and solve everything together. Love it.
Dr. Jeremy Weisz 46:28
First of all, I want to be the first one to thank you your thanks for sharing your journey lessons, everyone check out Otorio.com more episodes of the podcast. And we’ll see everyone next time. Thanks. Hey,
Yair Attar 46:39
thank you.
Outro 46:41
Thanks for listening to the Rising Entrepreneurs Podcast. This episode is powered by Rise25 Please subscribe and check out future episodes.