Startup Trustmi is adding to its AI-powered payment security program to better address the growing threat of social engineering cyberattacks on companies’ financial teams, systems, and suppliers.
The New York City-based company, which was founded in 2021, integrated a behavioral AI engine that comes with three layers – vendor, employee or user, and payment fingerprint – to create comprehensive risk scores tailored to roles within an organization that have access to funds, such as finance teams and executives.
Organizations can use the instant risk scores from the company’s Trustmi Behavioral AI Platform to rank cases by risk and address those high-risk situations immediately. The platform is integrated with various customer systems to evaluate threats and, with its AI capabilities, can adapt to complex situations and pull in data specific to financial transactions.
Social engineering attacks – like phishing, spearphishing, pretexting, and smishing – all have the same goal of exploiting human nature, and almost exclusively have a financial motive behind them, according to Trustmi co-founder and CEO Shai Gabay.
AI Enters the Scene
The rise of generative AI over the past couple of years has only made such attacks easier to run, with the emerging technology allowing threat actors to create more convincing messages and to run more attacks more quickly. It’s also allowed less-skilled hackers to launch sophisticated attacks.
“Social engineering is among the most serious and expensive attack types faced by enterprises today,” Gabay told MSSP Alert. “With the introduction of GenAI, social engineering attacks have reached unprecedented levels of frequency and sophistication.”
Bad actors also understand that “finance departments manage payment flows, handle sensitive data, and often possess direct access to high-value funds or financial accounts, making finance employees prime targets,” he added.
Through its platform, Trustmi is looking to give organizations as well as MSSPs and MSPs the AI-based layer of protection by combining continuous monitoring, anomaly detection, automated risk scoring, and behavioral AI to directly address those human and psychological elements that are the foundation of social engineering incidents, the CEO said.
Payment Fraud on the Rise
This comes amid a rise in payment fraud against organizations, particularly with the increasing digitization of B2B payments, according to Eli Chachak, founder of CyberDB, an information source about cybersecurity companies, products and services.
“Over the last two decades, B2B transactions have largely moved online, with companies adopting digital payment methods, automated invoicing systems, and e-commerce platforms to make their sales,” Chachak wrote in a blog post. “The methods for fraudsters have evolved along with the B2B landscape, with the online space making it easier to exploit vulnerabilities with sophisticated tools and techniques.”
He pointed to a report by the Association for Financial Professionals that said that in 2023, 80% of B2B organizations were victims of payment fraud attacks or attempts, year-to-year 15% increase.
CyberDB’s view dovetail with those of the World Economic Forum, which in a report last year about the likelihood of AI fueling more social engineering attacks.
“With an ever-growing online footprint of personal data and the increasing sophistication of AI-based attacks, threat actors are now capable of developing attacks that are more personalized and deceitful,” the organization wrote. “The availability of powerful AI models, particularly LLMs, makes the development of social engineering attacks accessible for historically less capable threat actors.”
Reports about the threat tend to point to a high-profile incident a year ago, when a finance worker at a multinational company inadvertently sent $25 million to hackers who used deepfake technology to pose the company’s CFO and other AI-created employees in a video conference.
Organizations Turn to MSSPs
Many organizations are deciding to outsource some or all of their security operations to MSSPs as cyberthreats become more complex and costly to defend against.
“They grapple with staffing and budget constraints while threats continue to escalate,” Trustmi’s Gabay said. “MSSPs play a critical role, often serving as the foundation for a security program. Social engineering attacks increasingly target businesses, so they turn to their MSSPs for support.”
Partners – MSSPs as well as the likes of systems integrators (SIs), value-added resellers (VARs), and consultants – are critical to Trustmi’s strategy to expand the reach of its platform and stem the rising tide of social engineering fraud, he said.
