How AI Can Help Level the Playing Field
On the 2nd episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton of Abnormal Security dive into a conversation with Selim Aissi, the Global Chief Information Security Officer at Blackhawk Network. Blackhawk Network, a provider of branded gift cards and digital payment services, is a company that impacts the lives of many individuals globally through its partnerships with renowned brands. In this conversation, Selim shares his perspectives on the shifting perimeter of security towards identity, recent intriguing attack vectors, and his optimism for the future of cybersecurity with the integration of AI.
Selim discusses the challenges of addressing evolving security needs and emphasizes how the perimeter of security has evolved over the years. Specifically, the level of sophistication in cyber attacks has significantly increased, highlighting the growing financial incentives for threat actors. "The sophistication level and the evasion techniques have evolved tremendously over the years. The collaboration between the different adversaries in terms of collection or theft of identity and credentials, including email addresses, DDoS attacks, and different extortion techniques." Selim highlights the role of software-as-a-service (SaaS) in this landscape. While businesses adopt cloud-based systems for collaboration and record-keeping, bad actors leverage SaaS platforms to provide attack services to other potential threat actors. "Many of the attacks that we see daily are provided as a service by the adversary to other adversaries. So not only the good guys are using SaaS services, but there is also a significant number of adversarial services provided as SaaS."
In a continuing game of cat and mouse, threat actors follow the money closely and evolve their evasion tactics, making fraud a significant challenge for many businesses. One notable area of interest for Selim has been the recent rise in attacks involving extortion through ransomware. He highlights the threat actors' utilization of advanced evasion techniques and security tool defeaters in the initial stages of these attacks. "A lot of the frauds run are using different types of defeaters for the controls that they have in place for rate limiting and detection of automated attacks such as attacks generated by bots." The growing trend of fraud-based attacks shows increased investment and sophistication by threat actors looking to outmaneuver enterprise security leaders. "There's a lot of investment on the adversarial side, and these types of evasion techniques and especially the [tool] defeaters are very interesting because a lot of us invest in various tools, especially at the endpoint, but also on the network to block lateral movement. As these attacks become more sophisticated, how can we raise the bar to ensure our controls are not defeated?"
The growing focus on staying ahead of advanced threats requires security experts to explore all current tools and methodologies available to cyber criminals. Selim examines whether artificial intelligence is involved in these sophisticated evasion techniques and notes that many are rooted in well-known computer science principles and theories. "A lot of the frauds run are using different types of defeaters for the controls in place for rate limiting and detection of automated attacks generated by bots. Sometimes I wonder if AI tools are used for this level of sophistication. But in many cases, it isn't AI; it's just well-known computer science and computer theory evasion techniques they've been leveraging. Those are some of my biggest concerns."
Selim's optimism for the future of cybersecurity lies in the potential of AI as a tool for those wanting to maximize their defensive capabilities. He shares his observations about the potential utilization of AI tools in the growing capabilities of evasion techniques. "Whether it's malware detection or endpoint protection, the tool needs to be able to do a multitude of things versus just identifying anomalous behavior and blocking it. That's where AI can come in handy and unify many of these overlapping capabilities." To that end, Selim believes that AI can play a crucial role in fortifying cybersecurity. He emphasizes the importance of continuously raising the bar to detect and block attacks because now AI-powered solutions can enhance threat detection, enabling security teams to respond more effectively and minimize the impact of attacks. "Every area of security can leverage and use some of the AI because they all deal with some kind of threat. And for a system that learns from large data sets, there's so much to learn from all the threats over the past 30 years." It's a hopeful glimpse into a more secure future.
As cybersecurity professionals face new challenges posed by cloud adoption, collaboration through APIs, and remote work environments, Selim emphasizes the need for continuous improvement in shared trust models, monitoring techniques, and multi-cloud environments. "What I see for the future is somebody like myself, a CISO of a large FinTech company or a large healthcare company, that doesn't have to deploy 40-50 security tools. The CISO would only have to deploy two or three capabilities that can perform the functions of these highly fragmented tools that we have to deploy today." With the integration of AI and the collective efforts of security leaders, the future of cybersecurity holds promise in staying ahead of evolving threats and ensuring a safer digital landscape.
Listen to Selim's episode here and read the transcript here.
