CNME Editor Mark Forker managed to secure an exclusive interview with Dr. Mohammad Reza Beheshti, Founder and CTO at CyberSiara, and Neil Shah, CEO at CyberSiara, to find out how their incredible solution based on the unique characteristics of the human eye is leading the fight against cybercriminals targeting online forms and captcha technology.
We began our conversation by discussing how the ongoing COVID-19 pandemic had reshaped the cybersecurity ecosystem.
It has caused huge disruption to our day-to-day lives, but it has yielded some huge positives in the form of our new-found flexibility in the way we work. The ‘work-from-anywhere’ model has been adopted on a global scale, out of necessity it must be said, but nevertheless the realisation that employees can work just as effectively and efficiently anywhere has completely transformed the way we think and how we define the workplace – and it has ultimately empowered the global workforce.
However, as a direct consequence of that seismic shift, many businesses were simply not equipped with the cybersecurity acumen to keep their employees protected as they transitioned from the compounds of a physical environment to a virtual one.
According to Neil Shah, Head of Marketing at CyberSiara, cybercriminals are always opportunistic in nature, and agile enough to adapt their attacks according to changing market and industry norms and dynamics. They have exploited businesses through botnets and as a result we have seen a proliferation in phishing and ransomware attacks.
“When you examine the COVID-19 crisis, there was an evident acceleration of certain trends across multiple industries, and whilst the world was already moving online, cybercriminals are always looking at ways to exploit anything that they can, and the COVID-19 pandemic presented them with a new opportunity to target businesses and end-users”, said Shah.
Shah added that he believes businesses need to focus on providing its workforce with the solutions required to better protect themselves – and said that emotion played a factor in so many attacks becoming successful.
“Businesses need to continue to train their employees and equip them with better tools to combat cyberattacks like phishing. There is also a lot more emotion in the world, and when there is more emotion in the world then those phishing e-mails tend to work better. When businesses moved online there were so many websites that were just simply not prepared for providing access through their online forms, whether that be contact us forms, or having different forms of conversation instead of meeting people in person. In addition to this, e-commerce went through the roof, so there was a lot of credit card and financial information out there that had been stolen previously but needed verification – and people were using this as a pathway to get through”, said Shah.
Shah also highlighted that technology is always evolving in this digital economy, and that when it comes to security you simply cannot afford to rest on your laurels and become complacent.
“Technology progresses, so what protected you yesterday won’t necessarily protect you tomorrow. You really do have to be on that cutting-edge with your security experts to make sure you have the best tools to if not stop a bot, then at least apply the forces that will make them uneconomical, so people will stop using them, or choose something else”, said Shah.
Online forms have become an easy gateway for cybercriminals to exploit and target, and prior to the emergence of CyberSiara’s unique solution SiaraShield none available on the market were effective at combating the problem.
SiaraShield is the brainchild of Dr. Mohammad Reza Beheshti, and he explained in candid detail why it was easy for cybercriminals to be able to penetrate businesses through its online forms.
“We have two major solutions to recognise and detect bots online, and one is through the application of AI by analysing traffic behaviour – and all the elements within machine learning can allow it to determine whether the traffic is legitimate or not. However, the problem with this type of solution is that it is extremely easy to create a bot that can mimic human behaviour, so they can copy and replicate your behaviour, so when it comes to machine learning, the machine does not know if this behaviour is from a legitimate user, or a bot, because the output result looks the same”, said Beheshti.
Dr. Beheshti added that the problem with current captcha technology is that they are all based on a single static image.
“Whether it is distorted text, or traffic lights you need to select, it is easy for machines to capture these single images and pass it to the machine learning algorithm. It then deciphers the image and returns the answer back to the form and submits it. The accuracy of machine learning in terms of recognising these images is far more accurate and faster than real human users. The current human recognition success rate is maximum up to 65-70% for the first attempt, but the success rate of machine learning is over 99.95%”, said Beheshti.
Dr. Beheshti was able to identify that there was a major flow in this type of security, and he spent 6 years researching the topic as part of his PhD. The role AI and machine learning has been well-documented in terms of the impact they are having in our lives and on major industries, with many tech skeptics saying the machines are going to take over!
However, refreshingly during his research Dr. Beheshti decided to study the differences between machines and humans and he concentrated on the abilities that only humans possess.
“One of the abilities that only we possess is our visual system, and it is far more advanced than computer vision, and despite the advancements in computer processing power and all the mechanisms we have in image processing, our visual system is still far more advanced than any computer program. When you go into the science behind it you discover it is the way our neural network and brain is created – and in our memory system there is a specific tiny memory called transsaccadic memory”, said Beheshti.
The CEO and Founder of CyberSiara, forensically explained how transsaccadic memory was completely unique to humans – and that after studying the mechanism he applied the algorithm into cybersecurity.
“The human eye has got a small movement called saccade. These saccades are separated by fixations and during each fixation our visual system and neural network receives the visual information from the outside world. During each fixation, our visual system will perceive these analog signals through the photonic energy, which comes into the retina and it will translate it into the back of my eyes and send a signal back into my brain and into the transsaccadic memory. That is the place where your brain will automatically superimpose all the frames that is captured during each fixation”, said Beheshti.
However, what makes his solution utterly unique and why it has been described a ‘gamechanger’ of a solution by cybersecurity peers is that it can’t be replicated by computers.
“This mechanism does not exist in computers. For two reasons, computers only operate in numbers and can only process things mathematically, they can’t see things. Our visual system can receive the analog signal and we see things, we don’t calculate things. I basically converted and reversed engineered this mechanism into a mathematical algorithm that produces images that once you look at these images it will trigger your transsaccadic memory unconsciously. However, if you play the same sequence of images for computers’ they just see pure random noise and this is the beauty behind the mechanism”, said Beheshti.
He also stressed that no OCR’s regardless of how advanced they may be cannot physically decipher the information from these images despite any way they attempt to calculate it, which only serves to reinforce how advanced and unique the mechanism is that has been created by CyberSiara.
Incredibly, one of the most difficult challenges for Shah in terms of a marketing perspective is to get people to fully understand and appreciate the power of this SiaraShield security solution.
“When you look at the solution it looks extremely simple – and so we explain it to people sometimes they don’t believe the complexities behind it. We have continually faced this this problem when we explain it to people, they see the product and they say it is just an image, how can a bot not see this? But that is the beauty of the product. The product is so simple, you can use it, but a bot can’t see it. However, some people are like bots and computers are so smart they will be able to figure this out, but the reality is they can’t! It is a real challenge to get people to believe how powerful a security tool this is, but because it is so simple it is very counter-intuitive to people”, said Shah.
Believe the hype! CyberSiara is authentic, and so is the SiaraShield solution, and I have got a funny feeling we are going to be hearing a lot more from CyberSiara in the cybersecurity industry here in the Middle East over the next few years.