Artificial intelligence has added a whole new dimension to cyber-threats, says Joseph Dhanapal, CEO of internet identity security company SecureAuth.
Practically every day it brings reports of new and audacious ways people are cheated online.
Dhanapal cites the widely reported case of a finance officer at a company in Hong Kong who transferred the equivalent of $25 million to fraudsters earlier this year. He was the victim of a “deep fake” that included AI-recreated versions of the company’s CFO and some colleagues in a video call.
“That’s the level of sophistication the bad guys are using,” Dhanapal told the Business Journal on Aug. 19.
‘Every Channel’
With artificial intelligence, the fraudsters “are able to mimic every channel.”
Irvine-based SecureAuth operates in a vital area of online protection — making sure that those seeking to access information and data have a right to see or use it.
SecureAuth’s systems “look at a holistic set of signals which continues to evolve and increase every day to make sure we can have a high level of assurance that it is the person who they claim to be.”
Dhanapal says SecureAuth operates in a two-step sequence:
—Can I validate the person’s identity?
—Can I allow them to do the act or the action?
For example, if the system pinpoints a user as being in Los Angeles and then is told the user is in North Korea, a few minutes later “I’m going to stop it.”
Younger Generation
The company, founded in 2005, is among Orange County’s more prominent cybersecurity firms. Its main investor is K1 Investment Management of Manhattan Beach. SecureAuth has about 150 employees and 50 contractors.
It ranks No. 27 on the Business Journal’s annual list of software companies (see list, page 19). SecureAuth has more than 300 customers.
Dhanapal emphasizes the expectations of a new and younger generation of workers and computer users with identity security a “key deterrent” against fraudsters and hackers.
“People expect a workforce experience to be as easy as they expect a consumer experience to be,” he says. “They want to be simple, fast easy” but with the same level of security.
“We need to figure out how do those additional security mechanisms without decreasing the useability of the offering itself.”
Identity Critical
“Our challenge in the identity security space is to make sure that the right people have access to the right things at the right time.”
In 2022, SecureAuth introduced the Arculix passwordless authentication tool “to continuously validate one’s identity prior to, during and post-authentication.”
Its offerings also include multi-factor authentication and the means to handle 100,000 authorizations per second, he said.
Dhanapal took over the SecureAuth CEO post in April, succeeding Paul Trulove. Dhanapal had been serving as vice president in a unit of Ping Identity, an identity security software company in Denver.
‘Sleeper Cell Equivalents’ Dangerous in Cybersecurity
Joseph Dhanapal says one of the biggest challenges is the cybersecurity equivalent of the spy world’s “sleeper cells” that invade a host, lay dormant for a while and then attack. In the words of the SecureAuth CEO:
“The bad actors don’t usually come in day one and just dump data from your environment.
They usually are coming in from the weakest link that you have. They are hovering in your environment for a duration of time when everything looks like settled. Then boom, they start downloading or exfiltrating data. Being vigilant all around and being able to correlate all of those signals to be able to take action on the one needle in the haystack that needs to be addressed — that is going to be our important challenge that we continue to fight.”