Keren Elazari is a dynamic cyber security speaker and esteemed ethical hacker whose TED talk, “Hackers: The Internet’s Immune System,” has been viewed millions of times and selected among TED’s Most Powerful Ideas in 2014. Her insight into hacker culture reframes the hacker not as a threat, but as society’s first responders.
She forged her reputation through real-world roles—Information Security Architect, Operational Security Expert, and Cybersecurity Business Development Manager—before founding BSidesTLV, Israel’s largest hacker community, and Leading Cyber Ladies, a global network boosting female representation in cyber.
In this exclusive Champions Speakers Agency interview, Keren reveals her top strategies for preventing cybercrime, what distinguishes empathy from ignorance in cyber defence, and how negotiating ransomware gives you the upper hand. Essential wisdom from a trusted voice in digital resilience.
Q1. From your experience, what core steps should organisations prioritise to effectively defend against cybercrime?
Keren Elazari: “So my first lesson for organisations that want to protect themselves from cyber threats, from different attacks and hacking: my first lesson, know yourself first. Understand where all of your digital assets are.
“In so many cases I see security incidents that happen because the criminals know the network more intimately than the organisation. They understand where all the open holes and vulnerabilities are. They know how to trick your employees into clicking on a link or installing an application.
“So, understand how your network looks, what your digital footprint is. It starts with knowledge, it starts with really being insightful and knowledgeable about your environment, because you don’t want the criminals to know more about your environment than you do. That’s my first lesson.
“My second lesson is that it’s not just about the technology. So, it’s not just about buying the latest firewall or the best machine-learning AI-driven network security technology. Trust me, I have designed and built those technologies, and they are great, but that’s not the cure-all to cyber security threats. It’s a lot about the people.
“It’s about getting people to be part of your digital immune system, because the people that have to make everyday security decisions — they’re your first line of defence. You want to empower them, you want to make them knowledgeable about threats, you might want to give them the information and the tools to make better security decisions. So, it’s not just about technology, it’s also about the people.
“My third lesson is that you need to learn from hackers, because hackers are the early adopters for any new technology. They’re incredible innovators whether we like it or not. They come up with really creative and clever ways to use technology, sometimes against us.
“So, there’s so much we can learn from identifying, from studying the techniques that criminals use, and this is what I spend my every day on — researching cyber security threats, the techniques and the methods that hackers develop. There’s so much that we can learn from hackers, and that can teach us how to protect ourselves.”
Q2. Many still see cyber-attacks as distant or exaggerated threats. Do you think businesses and the public take them seriously enough, and what’s truly at stake?
Keren Elazari: “I believe that cyber security today is no longer just about protecting our secret information, or our credit card numbers or our Facebook chats. It’s literally about our digital way of life. Now more than ever, after the 20-something months of this pandemic, we’ve learned how much we rely on secure, trustworthy digital infrastructure.
“So cyber security is about protecting a way of life. It’s not just about protecting one transaction or one database. It’s really about the way we thrive in a modern digital society.
“Now, the threat of cyber-attacks is sometimes perceived to be just out there. It’s too big of a deal, it’s too scary of a deal, so we leave it as the realm of government ministers and military generals and clandestine agencies.
“Whereas the effect of cyber threats is actually in our everyday lives, in the transactions, in our work, in our digital devices. We really can’t afford to allow the topic of cyber security to remain in the domain of the MI5s and MI6s and the GCHQs. It has to be something that we all know about, care about and are passionate about.
“I think businesses and organisations can stand to learn a little bit more about cyber threats and what they can do about it.”
Q3. Ransomware has become one of the most disruptive cyber threats worldwide. If a business finds itself financially extorted, what’s the most pragmatic course of action?
Keren Elazari: “Ransomware has been perhaps the most innovative and successful form of cybercrime in the last few years, and I forecast that it’s only going to grow. It’s here to stay. Ransomware operators have innovated in the last 20 months. They’ve created ransomware-as-a-service, they’ve created new business lines, new distribution models, new attack techniques.
“So, if you’re faced with a ransomware incident and you need to decide what to do, I’m not going to say pay or don’t pay. My advice is: negotiate. Because in the negotiations themselves you can learn a lot about how the attackers got in, what they’re really after, what their motivations are.
“And it can actually help in a law enforcement investigation, because they can glean clues and hints, because the negotiators on behalf of the criminals might drop some information that’s valuable to uncover what’s really going on.
“Furthermore, in several cases we know as a fact that the negotiations actually helped to reduce the amount that was ultimately paid to the criminals. Now, again, I’m not necessarily advocating that you should pay ransom, but I would recommend being prepared.
“Have that mindset of: what do we do if we’re hit with that incident? Who’s eligible on our behalf in our business, in our organisation, to even conduct this sort of negotiation or relationship? Is it a third-party advisor, is it a hostage negotiator, is it your legal counsel, is it your CTO?
“Have some thought about that and how you are going to respond to a ransomware situation, because it is happening to more and more businesses.”
Q4. You’ve faced immense pressure in both your professional and personal life. How have those experiences shaped your resilience, and what lessons can leaders draw from them?
Keren Elazari: “Growing up in Israel and serving in the military, I’ve had my share of going through war, conflict, terrorist attacks, rocket attacks. Just in the last two years we’ve had to deal with the Covid pandemic and with air raid sirens and rockets going off in the middle of the night.
“So, the way to find the silver lining through all of that, for me, it’s been something we call in Israel “pressure makes diamonds”.
“For me, all of that pressure has just pushed me to be better at what I do, to be more hopeful, more positive, to really count my blessings every day, to be grateful for the opportunities that I have available to me, for the privileges that I have available to me, and to try and share my knowledge and my passion with as many people as I can.
“Actually, the pandemic has been quite a challenge for so many of us, and I’m really grateful that virtually I can now reach even greater amounts of people. I’ve spoken with people in Australia, China, Chile, Nigeria — all over the world in the last two years. So that’s where I find my resilience: it’s in really that “pressure makes diamonds” ideal.”
This exclusive interview with Keren Elazari was conducted by Mark Matthews of The Motivational Speakers Agency.
