Nick Ritter, CISO at Worldpay, speaks with Todd Foley, Chief Digital Officer and CISO at Lydonia, in a video interview about his role, the impact of AI in cybersecurity, the use of AI, protection against AI attacks, and persistent challenges that require acing the basics.
Worldpay is an industry-leading payments technology and solutions company with unique capabilities to power omni-commerce across the globe.
With a background in incident response, Ritter mentions having the opportunity to work on some fascinating and widely recognized cases. Sharing further, he confirms having had certain career accelerators tied to those high-profile incidents.
These experiences put Ritter in front of key audiences who recognized his skills, which helped propel his career. Referring to the concept of a “coaching tree” from the National Football League (NFL), he mentions legendary coaches like Bill Walsh, Vince Lombardi, or Bill Belichick, whose former coordinators went on to become successful coaches themselves.
A strong believer in that philosophy, Ritter shares that one of his greatest professional achievements is seeing the people who were once on his team become leaders themselves. Today, eight individuals who were his teammates have now become CISOs, product security officers, or heads of internal audit at major companies.
“My job in this industry is to build a coaching tree and to develop talent, put great people with great executive skills in the marketplace, and watch them succeed,” says Ritter. Watching them succeed brings him an immense sense of pride and fulfillment.
When asked about AI’s impact on cybersecurity and how to be secure against AI attacks, Ritter states, “I want to separate the hyperbole from the real.”
Elaborating, he says that information security has been using unsupervised machine learning for over a decade, which would theoretically translate to AI. He also holds a couple of patents for unsupervised machine-learning algorithms focused on anomaly detection.
The use of AI in cybersecurity is nothing groundbreaking, says Ritter. The significant change, however, has been brought about by the advancement of large language processing models, making generative AI (GenAI) more interesting, he adds.
“GenAI used to look like the little paperclip icon on Word, and now it passes a Turing test,” says Ritter. As executives and companies, the key focus now should be on identifying where AI is truly creating value versus where it is generating buzzwords or hype, he notes.
Speaking of protection against AI attacks, Ritter takes up the example of how AWS has seen a 700% increase in cyber attacks over the last six months, with much of it attributed to GenAI. He maintains that AI is democratizing cyber threats, making it convenient for attackers to launch campaigns without needing to code or access tools like rootkits, ransomware-as-a-service, or zero-day elements.
Delving further, Ritter states that today, an attacker just needs an AI engine that can integrate with existing tools and a space to test the results. This has democratized who can attack and has made low-sophistication attacks more sophisticated with an added AI layer.
“What we are going to see is an acceleration at a pace that we are going to have to defend ourselves against,” says Ritter.
Shedding light on cyber hygiene, he takes note of Verizon’s latest data breach investigations report (DBIR). Ritter states that strikingly, about 85% of the security incidents have the same root causes as they did when the report was first published 15-16 years ago.
The underlying issue boils down to cyber hygiene, and while not every incident stems from it, the majority do. The fundamental challenges that persist are configuration drift, vulnerability management, data security, and tightening identity management. These areas make up the unexciting but essential side of security, which amounts to acing the basics.
Concluding, Ritter states, “If your program did nothing other than just the basics, you would protect yourself from a huge majority of the attacks that are out there.”
