Season 3, Episode 10: Elliot chat’s with Vivek Ramachandran of SquareX about his approach to tackling the impossible: Social engineering.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

For nearly three decades, social engineering, particularly phishing, has been one of the most impactful and financially draining cyber threats. Between security awareness training, email security gateways, generative AI, enterprise browsers, and a slew of other tech like EDRs and XDRs, social engineering has yet to be thoroughly thwarted. The reason for that is straightforward enough: social engineering is a psychological threat, not just a technological one.

In our last round of interviews from RSA, we chatted with Vivek Ramachandran, the founder of SquareX, who is attempting to tackle the challenge. Vivek also walks us through a more realistic perspective of how threat actors use generative AI today, which goes beyond the more unique what-if scenarios we’ve seen in headlines in the past two years.

• Social engineering and phishing attacks remain a significant threat, and everyone can be a target. The sophistication of these attacks has increased due to advances in AI.
• AI can craft messages that sound remarkably like someone the recipient knows, enabling rapid scalability.
• Social media platforms are becoming common channels for launching phishing attacks. Attackers exploit the trust that users place in these platforms and their contacts.
• Vivek Ramachandran's company, SquareX, deploys a browser extension that can attribute attacks and detect and block them in real-time, providing valuable information to the enterprise.
• Traditional technologies like Secure Web Gateways (SWG) have matured, and attackers can easily bypass them.
• Enterprise browsers solve the problem for a small niche group of websites but have adoption friction due to the inconvenience of having a dedicated browser.