Cybersecurity has emerged as a crucial aspect of the digital age, and FYEO, a notable player in the industry, aims to make it accessible and efficient for all. In a recent interview with SafetyDetectives, Co-CEO at FYEO, Brian Gale, shared his insights on various aspects of cybersecurity, including the advantages of decentralized password management, the role of AI, and the future of the industry.
Hi Brian, thanks for taking some time to speak with me today. Can you tell me about FYEO?
FYEO, short for “For Your Eyes Only”, is a cybersecurity platform serving both Web3 and Web2 clients. At FYEO, we have created an entire infrastructure for end-to-end security, extending from security audits and services to ongoing threat monitoring and intelligence for both businesses and individuals. Also, FYEO offers a set of free platform agnostic consumer tools that prevent phishing attacks in the browser through our proprietary FISKO AI.
FYEO Agent, powered by our FISKO AI, (the Swedish for fish, a nod to our technical founding team’s Swedish roots), is an in-browser anti-phishing extension that also integrates FYEO’s leaked credential monitoring capabilities supported by the FYEO Breach Database that holds more than 25 billion credentials. Beyond showing where your email is leaked, FYEO also gives users insight into what was leaked. To do this, we’ve cracked almost 19.5 billion passwords and have matched about a billion phone numbers to credentials, which highlights the risk of smishing, or SMS-based phishing, a growing cyberattack vector given the increased reliance globally on mobile handsets for digital access.
Our focus and longstanding expertise in Web3 stems from our noticing many developers in the Web3 ecosystem were creating blockchain applications without adequately considering security. With many auditors in this space, FYEO takes a more robust approach to security audits by integrating ourselves with development teams and guiding them through not only code-related issues but also logic-based ones, helping the development teams to understand potential security issues in their code development and how best to ensure these cybersecurity-first considerations into account for future code development cycles.
While security audits are essential, especially when millions of dollars in crypto are at stake, audits alone are not sufficient to make Web3 cybersecure. Issues like social engineering attacks, which account for over 43% of attacks, demonstrate that measures going beyond the audit are necessary to deliver ongoing threat monitoring as part of platform security. This is where our FYEO Domain Intelligence SaaS solution comes into play. FYEO Domain Intelligence provides, I addition to a number of incident alerts, real-time monitoring for Dark Web monitoring using our proprietary ML, notifications of leaked credentials exposure, and tracks and reports if your employees click on phishing links. Essentially, it provides the tools to better protect yourself and your business.
The vision guiding our journey is all about securing Web3, the new digital frontier, and simplifying often complicated processes like threat intelligence and monitoring. This has now extended into the SMB market segment where threat intelligence can be hard to manage and understand – a critical activity our platform simplifies for all businesses. We’ve taken a strong user experience approach to our technology with the aim of making this emerging technology mainstream while ensuring proper security is in place.
Could you elaborate on your FISKO AI a bit more?
With FISKO AI we’ve implemented several features. One is as a useful AI tool for streamlining an audit to allow our human auditors to focus on identifying significant issues, in the process reducing the time required to complete the audit. Another key component of our FISKO AI is real-time phishing protection. FISKO AI determines whether a newly launched website is a phishing site or a legitimate site and, if malicious, blocks it within the browser. It has become increasingly apparent that phishing is no longer confined to emails – people are now receiving phishing links via platforms like Telegram, LinkedIn, Twitter, and beyond. FYEO Agent stands out from other phishing protection solutions through its continuous learning and self-correcting capabilities as the FISKO AI model is continuously retrained with new data, allowing it to stay up-to-date and adapt to the latest threats. This ensures that the system remains effective against evolving phishing attacks and malicious websites
What are some other services that FYEO offers its clients?
FYEO delivers an array of services for its clients such as conducting security audits and threat modeling, along with providing comprehensive guidance on how organizations should think about security. Our suite of products includes our Software as a Service (SaaS) solution, FYEO Domain Intelligence, which offers real-time threat monitoring, FYEO Agent (both our free and enterprise version) as well as our API services, which allow organizations to integrate both our Breach Credentials API as well as our phishing API into their products and services.
Through FYEO Agent, we also provide endpoint or end user protection. This tool uses our proprietary AI to monitor and protect against real-time phishing attacks and is available free as a community version as well as our enterprise version that interacts with the FYEO Domain Intelligence portal.
Currently, we’re beta testing a product called FYEO Identity. This is our patented decentralized identity management solution or password manager, which relies on public-private key cryptography. This is one of the first daily uses of blockchain and puts users data, namely their credentials today, into the hands of users without relying on a centralized authority.
Can you explain the concept of decentralized password management and what are its advantages over the traditional password management systems.
Decentralized password management is essentially about enhanced security and superior privacy. There have been multiple database breaches in the traditional password management sphere. If the FYEO Identity system were to be compromised, the intruders wouldn’t be able to access our users’ private keys, which means their data would remain inaccessible. In distinct contrast to a conventional centralized password manager, FYEO Identity does not centrally store any user data or credentials; everything resides with the user, who holds the keys to their own identity. In my view, one of the principal values of blockchain is enabling users to have ownership and control over their own data.
Our approach also mitigates insider threats, as even our own employees don’t have access to any user keys, data, or credentials. The distributed nature of the system also dilutes the target for potential DDoS attacks, as there’s no central authority or database to target. Our approach to credential management essentially introduces a paradigm shift in privacy controls, empowering users with their own data.
How is artificial intelligence being integrated into cybersecurity practices and what are the benefits that it’s bringing?
Artificial Intelligence (AI) is becoming a critical part of our cybersecurity practices and it brings numerous benefits to the table.
From an auditing perspective, AI helps us refine our data models, accelerating the detection of potential logic or code flaws in our systems. This efficiency allows our senior cryptographers to devote their time to investigating larger issues. Ultimately, the speed enhancement achieved through AI enables us to pass the productivity savings on to our clients.
AI also plays a vital role in our FYEO Agent solution. By training our model with vast amounts of data, we’re able to efficiently identify and blacklist phishing sites in real-time. Numerous public repositories contribute to this data pool, but our AI-driven approach allows us to detect new phishing sites even before they are publicly reported. The model looks for certain markers indicative of phishing sites, pattern recognition that enables real-time blocking of potential threats.
Essentially, AI provides FYEO with scalable threat detection capabilities as its computational power allows us to analyze vast amounts of data at incredible speeds, thereby enhancing our ability to detect and mitigate potential threats before they even materialize. The predictive abilities of AI, based on identified patterns, allow FYEO to implement preventative measures, leading to a more proactive approach to cybersecurity.
What are some of the upcoming technologies or how do you see the industry evolving in the next couple of years?
Artificial Intelligence (AI) will undoubtedly play a significant role in the evolution of the industry. While FYEO leverages AI to enhance its protective measures for users and clients, it is crucial to acknowledge that AI can also be employed for malicious purposes. There are numerous reports of AI being utilized to craft more advanced phishing sites or conduct sophisticated social engineering attacks. When a bot can convincingly mimic a human, it opens up new avenues for complex cyberattacks.
In a recent conversation, our CFO and Head of Innovation highlighted the growing threat of deepfakes, a phenomenon facilitated by AI. While one may be inclined to dismiss deepfakes as a harmless novelty, they have the potential to disseminate misinformation rapidly. Even if a deepfake is eventually recognized as false, the damage may already be done if it has been shared extensively. Many people do not take the time to verify the information, so I anticipate that countering deepfakes and misinformation will become a significant challenge that we need to address before they can cause considerable harm.
We’ve already seen amusing applications of deepfakes, such as inserting Arnold Schwarzenegger’s face into scenes from “Dances with Wolves.” As noted, however, this technology also has the potential to be put to detrimental uses, something that will make authentication increasingly necessary going forward.
Is your anti-phishing solution able to catch these deepfakes?
FYEO Agent, our AI-powered anti-phishing solution, does have capabilities to combat deceptive sites, including those that may be posting deepfakes which are in the process of being enhanced but currently we are not catching the actual deepfake video or image. FYEO Agent operates in real-time, analyzing links in emails and other platforms like Twitter and other social media sites to identify and block suspected phishing sites.
The solution is backed by AI and machine learning algorithms, and its efficiency improves as it continues to learn from the data it processes. This means our tool is constantly evolving and adapting to new threats as they emerge, without the need for manual updates. It provides real-time protection against malicious sites, making it faster than weekly, monthly, or even daily updates.
In addition, our Software as a Service (SaaS) solution, FYEO Domain Intelligence, constantly scans the internet for the creation of similar or deceptive domains. When we detect a phishing site, we alert our users and/or companies we are monitoring for and take action to have the fraudulent site taken down. This proactive approach helps us prevent potential harm to our user community.
The threat landscape is changing rapidly, with phishing attacks increasing significantly. In the web3 sector alone, phishing attacks rose by 482% last year. Therefore, effective, real-time anti-phishing solutions like FYEO Agent are becoming increasingly vital in the fight against cybercrime.