At FS-ISAC EMEA the RPost CEO provided a session entitled, “Rethinking Third Party Risk, CTI & Attack Surface In this Age of DarkAI”. While this was not a recorded session, we provided the FS-ISAC Expert Webinar Series session related to this topic on June 2 (members can register to view recording here).
Over the course of the few days of sessions and after about one hundred conversations, we’re pleased to share the following three trends and insights:
Resilience as a C-Level Theme: Evolving from the EU DORA cybersecurity regulation / operational resilience framework, the term “Resilience” meant different things to different people. Bottom line, CISOs, threat intel, data protection, threat hunting teams were thinking about resilience requirements to include the need to: Detect cybercriminal reconnaissance, pre-empt disruption, and contain risk with attribution sufficient to preserve forensic evidence to support incident response. Even better, being able to see leaks / cybercriminal recon in compromised accounts in third- and -fourth parties to reduce third-party and supply-chain exposure. And, optimally, produce outcome driven metrics for executive team and board reporting.
This is what RPost enables, built on our email security, document remote controls and rights, and transaction security management powered by our RAPTOR™ AI which was recently named visionary by Gartner. After these FS-ISAC discussions, we’re considering coining the phrase RAPTOR = RESILIENCE 😉.
Democratization of Cybercriminal Sophistication with DarkAI: This is a combination of terminology gleaned from one of the Accenture sessions and carry-over from the recent Gartner keynote session in Washington DC. Bottom line, for banks (as the CEO of JP Morgan reaffirmed) the number one risk is cyber risk. And now, the sophistication that in the past few cybercriminal cabals had, is now readily available – democratized as they put it -- via AI agents configured to operate for the dark side (real world, not Star Wars 😉). Considering most sophisticated cyber-attacks start with reconnaissance – and that reconnaissance is often via compromised email accounts inside less cybersecurity resourced third parties – one needs to work to see the recon, kill the recon before a hyper-contextual juicy lure can be cast; kill the recon even before the cybercriminal knows they have a target of opportunity. Preempt the crime before the hook is in.
This is what we presented, what we call PRE-Crime™. Offensive threat hunting that sees cybercriminal fingerprints forensically beyond your endpoints. Our RAPTOR™ AI effectively eats the juicy phish bait before humans take the bait; before the hook is in.
Cyber Threat Intelligence is What Happened Yesterday: Taking inspiration from the Barclays CTI session and the Accenture session, their bottom line was cyber threat intelligence is commentary on what happened, repeating the news, which is of course critical. But they suggested in today’s world, this needs to now provide forward thinking intelligence to predict what would otherwise have happened, how the threat actor may move, almost game theory thinking from the attacker perspective. This requires seeing the security operational mistakes of the cybercriminal that unmasks their activity (with lots of threat intel hard work and tools) and then taking this further to find related otherwise seemingly benign activities that can be then converted from otherwise false negative alerts to positive risk identifications plus attributing these to people, messages, content, matters, context and threat actor cabals. Bottom Line, this sounds complicated but it is today’s cybersecurity gold. It is the hand-off of effective threat intelligence to active threat hunting to preempt targeted attacks.
In the RPost session and in the recent June 2 FS-ISAC EWS webinar, we demonstrated a live Russia-Nigeria collaborative attack building by way of a compromised third party to a financial transaction. But importantly, we showcased how to use these unmasked and now attributed cybercriminal fingerprints to see otherwise well-masked activity by these same threat actors. Unmasking these otherwise false-negative non-alerts can expose the crime in the building phase pre-strike.
We look forward to continuing the discussion about RPost’s RMail® email encryption (Gartner Magic Quadrant), RDocs document rights and controls for data protection, Registered Email™ and Registered Encryption™ for auditable proof of compliance, and our RAPTOR™ AI security booster.
We’ll be speaking next at FS-ISAC APAC on July 14 in Singapore, the International Legal Technology Assoc. conference in Nashville in August, and at the Gartner Security & Risk EMEA summit in London in September. We look forward to connecting with you at these locations, over coffee somewhere, or by web.
Cybersecurity Insights