Cymulate’s Avihai Ben-Yossef: ‘Cybercriminals will increasingly leverage AI in attacks’

4 Oct 2019

Image: Cymulate

How will cybercriminals leverage emerging technologies? Avihai Ben-Yossef, CTO of Cymulate, gives his perspective.

Avihai Ben-Yossef is the CTO of Cymulate, a company that produces a cyberattack simulation platform, which allows companies to road test their defences before cybersecurity events take place.

Here, he discusses the challenges that come with digital transformation, why legacy firms can often be the ones that fall down the most during implementation, and how how emerging technologies will impact cybercrime.

‘Ultimately, the prevalence of AI will make life harder at both ends’

Tell me about your own role and your responsibilities in driving tech strategy?

I’m CTO at Cymulate, a breach and attack (BAS) simulation platform that enables organisations to automatically assess and improve their overall security posture in minutes by continuously testing defences with the latest threats in the wild.

Simulations, which can be run on-demand or scheduled to run at regular intervals, provide specific, actionable insights and data on where a company is vulnerable, and how to amend the security gaps. My team is responsible for the platform’s development and delivering the roadmap to enhance functionality.

As part of the R&D department, we have a highly experienced and diverse research team who are fluent in security intelligence practices, combining private security, military and intelligence experience.

By continuously examining and understanding the cyberthreat landscape and attacker capabilities, they deliver in-depth visibility into the latest threats and the actors behind them, from zero-day vulnerabilities to the most advanced attack tactics, techniques and procedures (TTP). Leveraging this knowledge, my team designs and implements new ways to pinpoint security gaps that attackers can leverage.

Are you spearheading any major product/IT initiatives you can tell us about?

We’re replicating the entire process of when an attacker decides to compromise an organisation’s network so that companies can authentically simulate such attacks and identify gaps across the entire kill chain. With a click of a button, companies can challenge security control mechanisms through the entire cyber kill chain, from pre-exploitation (reconnaissance, weaponisation and delivery) into exploitation, and even post-exploitation activities such as command and control (C&C) communication and data exfiltration.

We’re introducing a new industry benchmarking feature to our platform, enabling our customers to compare themselves against their peers. We hope that this will provide a means to encourage a higher level of security across an industry, as well as comfort that our clients are meeting certain standards.

On this year’s roadmap, we’ll also be launching a new crowdsourcing tool. Our customers will become another source that feed into Cymulate’s engine with new malware variants and suspected payloads found. Clients will voluntarily update the platform with payloads or suspected threats (files, links etc), empowering our entire customer base with an ever-growing database of grassroots intelligence derived from organisations of all sizes spanning continents and industries.

How big is your team? Do you outsource where possible?

We have 15 team members comprising full-stack developers, QA, pen-testers and security analysts. We haven’t outsourced as yet.

What are your thoughts on digital transformation and how are you addressing it?

Digital transformation has been around for some time and organisations have been embracing it in various guises in order to improve the way they manage their operations and business processes in the digital era.

However, not all organisations are successful in implementing such strategies, especially legacy institutions that usually require quick, automated and broader services than originally planned to prevent them from becoming obsolete. Digital transformation holds many risks and the process requires meticulous planning and execution.

New architecture needs to be carefully developed and customised, taking into consideration infrastructure requirements that will keep the environment stable and prevent downtime.

Network topology and segmentation can be implemented to prevent unauthorised access to assets and exfiltration of data, plus the creation and enhancement of applications should follow approved secure development lifecycle methodologies. All these changes need to be tested continuously prior to moving to production to minimise vulnerabilities and risk of cyberattacks. Alongside this, more traditional organisations should adapt culturally to ensure their entire workforce – from the most junior to C-level roles – is on board to embrace the change and ensure it succeeds.

At Cymulate, we’re able to act rapidly to changes with different issues that arise. The IT environment and the attacker landscape changes on a daily basis, so to ensure we continue to deliver a high-quality product, we need to continuously evolve our platform. Data is collected from employees across various teams, correlated and analysed in a secure and agile manner to help achieve this.

What big tech trends do you believe are changing the world and your industry specifically?

As technology advances, artificial intelligence will become more commonplace within our day-to-day activities and, in parallel, cybercriminals will increasingly leverage it to perform more sophisticated attacks. To counter this, defensive cyber vendors are incorporating AI into their solutions, which will require continual development as attacks evolve.

Ultimately, the prevalence of AI will make life harder at both ends and accelerated growth in the cybersecurity workforce will be needed to enable organisations to cope with this evolving world.

IoT will further propagate as connected devices become integral to our day-to-day living. The need to defend all of these touch points will require immense work, commencing with secure development, moving towards monitoring and detection solutions that incorporate protective suits of individual houses to prevent whole neighbourhoods and cities from shutting down or falling hostage to nation-state powers.

The internet will be more accessible in developing countries due to expansion of satellite communication and it’s highly likely that more opportunistic threat actors from around the world will join the threat landscape.

In terms of security, what are your thoughts on how we can better protect data?

Protecting data is an ongoing mission. With the IT production environment changing rapidly, it is imperative for companies to always stay up to date with the latest trends and continuously validate their security posture from an attacker’s perspective.

Building a robust and layered cybersecurity framework, incorporating granting or revoking rights for users to access critical data, resources and systems, is crucial to protect a company’s most sensitive assets. Hiring well-trained security personnel alongside adopting and maintaining proven cybersecurity processes, policies and standards (NIST etc) is also paramount.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.