When Aviva Zacks had the opportunity to interview Guy Levin, Founder and CEO of RestCase, she asked him what threats people should be concerned about.
Safety Detective: How did you get into cybersecurity and what do you love about it?
Guy Levin: I was introduced to cybersecurity a year before being drafted into the Israeli army when I was working for a startup that developed a network self-healing system. It was automatically discovering all the network devices and was able to control them. This was the very first encounter with cybersecurity since we that the system was discovering that others are attacking network devices and making them inactive, making the startup shifting into a different niche – protecting the network devices and recognizing penetrations. After that, I worked in the financial and healthcare sectors that required much attention to security issues and addressing all common cybersecurity threats.
I love that cybersecurity is always evolving. Attacks, threats, and vulnerabilities that we saw in 2000 are very, very different from what we see today, much smarter and evasive making them much harder to recognize and prevent.
SD: How does RestCase’s testing work?
GL: RestCase introduces a concept where we try to prevent most common cybersecurity threats by helping developers to build and test their microservices faster and secured. Once a developer builds or imports his API definitions to our platform, we are automatically generating a suite of common security tests by using AI and ML and penetration testing suite. This helps companies to prepare their microservices to many of the cybersecurity threats our there today.
RestCase is focusing on security in the development, testing and deployment phases which covers many of the cybersecurity threats today. By giving security and quality insights at the development phase, creating automatic security suites for the testing phase, monitoring and providing a secured gateway at the deployment phase, we help companies to create a very secure and robust microservices.
SD: What types of enterprises use RestCase’s services and why?
GL: Enterprises that use RestCase are mostly large software companies in the healthcare, advertising, and finance sectors as of now. But startups are the largest growing industry for us. The main reasons for that are that we increase their speed of API and microservices development and we are preparing them for security compliance in order to get big deals flowing in and signing big agreements with corporate America or even companies in Europe.
SD: What cyberthreats should people be concerned about today?
GL: I think that there are many cyberthreats that people should be concerned about, especially data breach identity and “mind” theft. Today, companies are shifting to microservices in the cloud environment and with that, they must build them with focus on security. The cloud environment is exposed to everyone since it is public and any of the services can be attacked, causing data breach by revealing sensitive information.
The second cyberthreat is exploiting AI for identity and “mind” theft. Thanks to advances in artificial intelligence, it’s now possible to create fake video and audio messages that are incredibly difficult to distinguish from the real thing. AI-generated “phishing” e-mails that aim to trick people into handing over passwords and other sensitive data have already been shown to be more effective than ones generated by humans. Now hackers will be able to throw highly realistic fake video and audio into the mix, either to reinforce instructions in a phishing e-mail or as a standalone tactic and stealing peoples identities.
One more issue that can rose is that the AI used by hackers could also be used to manipulate stock prices by, say, posting a fake video of a CEO announcing that a company is facing a financing problem or some other crisis. There’s also the danger that deepfakes could be used to spread false news in elections and to stoke geopolitical tensions (“mind” theft).
SD: How do you see the cyberthreat landscape developing in the next five years?
GL: I think that in the next five years we are going to see more AI involved since more security companies are using AI models as a way to help anticipate and detect cyberattacks. However, sophisticated hackers could try to corrupt these defenses since AI can also generate the most sophisticated attacks.
Also, I believe that today, with many companies are starting to work with many microservices, IoT devices, and APIs, the security state of the services and IoT devices is not good. There are secure devices and services out there, but they are the exception rather than the rule. Perhaps more concerning is that there are no revolutions in IoT security on the horizon, no standards that are emerging in order to give some basic cybersecurity shield for IoT or when developing microservices, security is not being the main focus.
Until now, the general thought was that security is a privilege that is preserved only for enterprises since the cost is very big and startups were doing only basic security if any. Therefore, the focus will be on security first when developing IoT devices, microservices and APIs, allowing everyone to develop secure services with small costs which is exactly what RestCase is doing. Also, cloud vendors like Amazon, Microsoft, and Google, will be developing new security options to the services deployed there since it is also their interest to see that their cloud infrastructure is not being breached.