Application Security in the age of AI cyber attacks

Application security as a broad label implies the ability to effectively manage all types of cyberthreats aimed at a given application.

Applications are often targeted by SQL injection attacks for example, inserting malware in a database containing user data. Cross-Site Scripting attacks (XSS) can inject malware into websites.

Session jacking relies on many “tools” to steal credentials, like buying fraudulent tokens on the dark web, or setting up advanced phishing campaigns.

Knowing these threats help setting up appropriate validations reducing risk and mitigating potential cyber fraud costs.

Some of these threats target vulnerabilities in the software itself, such as SQL injection, cross-site scripting (XSS), and remote code execution. Attackers exploit flaws in the application’s code to gain unauthorized access or manipulate the application.

Often software type cyberattacks will target a secondary software first, or a plugin in need of update, rather than the core software head on. From there on they can inject malware that typically gives them privileged access to the whole application and its data.

A more recent class of cyber fraud, but one growing at the fastest rate of all.

Account fraud is a broad label involving at heart unauthorized access to user accounts, often through credential stuffing, phishing, or brute force attacks.

It is a particularly invasive type of cyber attacks, forcing organizations as well as users to adopt new cybersecurity habits, posture.

It is also particularly challenging to prevent “at root” since attackers routinely buy lists of stolen or weak credentials.

In other words, even users who followed best practice in their authentications, may immediately fall to it, whenever their personal data is hacked at any of the online/SaaS platforms they had an account at.

Account fraud is a huge class of fraud, including in theory anything from someone physically acquiring your data (dumpster diving, shoulder-surfing in the physical world) all the way to buying stolen tokens on the dark web.

The advent of Generative AI has profoundly shaken and weakened traditional authentication and account protection policies.

The simplest illustration would be how “deep fakes” can now bypass a variety of voice, or 2D facial recognition policies once thought unbreakable.

But this is only one of many ways in which AI can be leveraged by bad agents. The extraordinary computational power of AI can also automate network vulnerabilities monitoring or account vulnerabilities detection.

Older cybersecurity policies such as network infrastructure monitoring and penetration testing will not go away soon, but gradually fail to counter the growing threat of account fraud and data theft cybercrime.

In the evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) and behavioral biometrics has emerged as a potent solution to counter sophisticated threats against application security.

This approach is particularly relevant in the era of SaaS and cloud-based applications, where traditional security measures often fall short against advanced cyberattacks.

AI, and chiefly machine learning algorithms, can analyze vast quantities of data to detect patterns and anomalies that may indicate a security threat.

One of the primary advantages of AI in cybersecurity is its ability to learn from ongoing activities in-app, continuously improving its threat detection capabilities.

For instance, AI can monitor network traffic in real-time to identify unusual patterns that could signify a breach, such as an unexpected large data transfer or an unusual login attempt.

This proactive approach not only helps in early detection of threats but also enhances the response times to potential breaches.

Finally it allows for a more strategic cybersecurity setting, based on a more holistic view of the typical cyber threat around the organization, in types, scale, and evolution.

Behavioral biometrics takes cybersecurity a step further by focusing on the unique patterns in human activity.

Unlike traditional biometric systems, which rely on static physical characteristics like fingerprints or iris patterns, behavioral biometrics analyzes patterns in user behavior such as typing rhythm, mouse movements, and even walking patterns if applicable.

This method is extremely effective at detecting imposters who may have obtained the correct credentials through phishing but cannot replicate the legitimate user’s behavioral patterns.

Behavioral biometrics can be easily integrated to MFA policies to provide a finer layer of protection, based on usage data. They can be leveraged to identify a very wide variety of frauds, keeping the cybersecurity posture structurally relevant and future proofed.

Finally, behavioral biometrics do not interrupt UX for normal users, while allowing for faster/immediate mitigation. For a long time, digital solution designers had to weigh UX interruptions with cybersecurity demands.

This is not so evident for behavioral biometrics which only get triggered and elevated as the account usage grows in risk. It remains in background monitoring for normal uses, but allows for immediate mitigation on high risk profiles.

Increasingly users of digital platforms expect and demand top-class cybersecurity policies from their suppliers. Providing a more nuanced and more effective cybersecurity protection can only lead to growing user satisfaction in the mid-longer term.

Cloud configuration and cybersecurity settings have long now been a key tool and battlefield for application security managers. Many cybersecurity managers have hands on experience in Cloud migration and engineering in effect.

Adopting Cloud infrastructure also required organizations to consider centrally for the first time for some, current cybersecurity.

Cloud storage and apps provide near infinite scalability, centralized data, permissioning and authentication. However they also raised in full light for the first time, concrete related questions.

What UX / Cybersecurity posture do you want for your Cloud-based app? What permissions should govern that Cloud access? What authentication policies should we demand, of what users levels, with what risk mitigations? (compromised account, malware injection, etc.)

The mass migration to Cloud hosting of the last 10-15 years has elevated durably the scalability and effectiveness of many cybersecurity protections.

However, much of the cybersecurity upgrade from Cloud came in the form of network monitoring, basic cybersecurity governance and protecting from direct attacks. Cloud technology by itself provides little protection at application level, or user account level.

This growing threat around authentication and credentials (identity theft, session hijacking, data harvesting, new account opening fraud, etc.) is unaffected, unmitigated. This problem is particularly acute for high data value startups, and SaaS type applications.

Lawtech, medtech, fintech typically market Cloud-based SaaS apps, or use them in their critical BAU work. The data they hold is of extremely high value on average (in absolute terms: sold, or in relative terms: shared fraudulently with the legal opponent).

Medtech also typically face huge amounts of cyber attacks, due to the extremely high value of the data and the criticality of the service that cannot be disrupted.

Fintech finally also face a disproportional amount of account fraud attacks, holding here also valuable data and allowing for direct financial damage. Fintech are also particularly targeted by “new account opening” fraud (NAO fraud).

In SaaS environments, where users access cloud-based applications from various devices and locations, behavioral biometrics can significantly enhance security.

By continuously analyzing how users interact with the application, AI-driven systems can detect anomalies that deviate from established behavior patterns, potentially indicating a compromised account.

This is particularly useful for protecting against insider threats and credential stuffing attacks, where other security layers might fail.

As is easy to imagine, implementing AI-led behavioral biometrics cybersecurity policies must duly consider relevant standards around data privacy and confidentiality.

Different regional and global norms now exist requiring strict adherence (GDPR in Europe). Legislators all around the world however must now increasingly balance privacy and ethical standards, in balance with providing effective cybersecurity, a growing concern across constituents.

At heart of the matter also here is simply the user.

What does the average user want in terms of concrete trade-off on his/her apps, between UX, cybersecurity and data privacy? These may sound like idle questions but they will probably become more and more acute in the future.

AI-led behavioral biometrics seem to have an early advantage here. The data is hashed and encrypted, meeting immediately most basic governance. The purpose of AI-led behavioral biometrics must also be considered: Ironically, it is about exactly that: data protection.

These questions are guaranteed to remain current for the foreseeable future, as the cyber threats evolve, grow, scale and diversify.

A best practice will remain engaging the user transparently. Organizations must ensure that they have explicit consent from users and that the data is securely stored and processed.

Another best practice will remain in engaging only experienced IT partners and proven cybersecurity suppliers in AI-led behavioral biometrics.

As the cyberthreat grows, so will the everyday openness about cybersecurity with users. As users understand more and more about 2FA policies and how obsolete they may be, their willingness to accept “Smart MFA” and AI-led behavioral biometrics protection will likely rise.

There is also the risk of false positives, where legitimate users might be flagged as suspicious due to changes in their usual behavior, leading to potential disruptions and user dissatisfaction.

In concrete terms, it could be a user who goes on a business trip, logs in using a different IP, time, device, and keyboard (influencing his keystroke speed).

This however is a bit of a fallacious view since in this case, the mitigation would not necessarily be an account freeze if say, a user fails password login 3 times in a row. Rather, AI-led cybersecurity would trigger a low-level alert, requiring a discrete authentication, in context.

The user also is also more engaged in the process as he probably realises somehow that his unusual usage may be the source of the issue. This can also be openly described in the Smart MFA text, sent out for the low-level alert.

Finally it is worth remembering that in real life, right now, users who authenticate through keyword/MFA tools often trigger false positives already. Users routinely change passwords, confuse apps, and attempt logins until being frozen out.

A modern application security strategy provides more control over false positives. Instead of being a byproduct of a fairly coarse, binary policy (like a classic 2FA at login), false positives can here be estimated, and configured as security levels.

Integrating AI and behavioral biometrics into existing security Cloud software / SaaS infrastructures tends to pose little technical and logistical challenge.

AI-led behavioral biometrics work at the ready with existing MFA measures and the existing cybersecurity posture. Most organizations have typically already identified critical transactions paths, most common fraud types and other useful cybersecurity information.

Some integration is required, which is almost immediately “RoI’ed” in the sense that implementing that layer of AI protection also provides a much finer toolkit to configure your cybersecurity program, policy and posture.

There are a variety of proven, existing AI cybersecurity suppliers who have done the heavy lifting, in terms of designing the sophisticated algorithm, and advanced statistics at heart of the AI behavioral biometrics cybersecurity software.

No model training is required. No specific data sets need to be surfaced, as the AI cybersecurity layer works by monitoring real-time usage patterns.

Additionally, these systems must be trained on diverse datasets to avoid biases and ensure accuracy across different user demographics.

As cyber threats continue to evolve, the role of AI and behavioral biometrics in application security is expected to grow. Innovations in AI algorithms and data processing technologies will likely enhance the effectiveness and efficiency of these systems.

Moreover, as organizations become more aware of the potential of AI and behavioral biometrics, adoption rates are expected to rise, setting new standards in cybersecurity practices.

The use of AI and behavioral biometrics represents a shift towards more adaptive, resilient, and user-centered approaches in cybersecurity, crucial for protecting against the sophisticated cyber threats of today’s digital age.