Ben Owen and Danni Brooke are the Co-Directors for the EMEA Practice at Fortalice Solutions, a leading global cyber security and intelligence operations company.
They travel globally to assist clients with their cyber security requirements, bespoke training needs, intelligence and investigations both online and physical and counter fraud training/consultation. They deliver and manage a portfolio of pro-active intelligence solutions to keep people, nations and businesses safe from threats and head up the EMEA operations.
Ben and Danni also feature on the hit Channel 4 show, Hunted and Celebrity Hunted which has been airing for over four years with another series set to be filmed this summer. I caught up with them recently to discuss the latest Fraud, tools and challenges for the Cybersecurity industry.
Cybersecurity is an ever-changing landscape. What trends do you anticipate for the next 12 months and beyond?It is always difficult to pin down what the next real trend is going to be in the Cybersecurity space as adversaries are becoming ever more sophisticated. What was once a very difficult process for skilled individuals is becoming more readily available to novices with advances in software, particularly those shared on the Dark Web.What is an inevitable threat trend in the next 12-months and beyond is the exponential rise in the Internet of Things (IoT). With a world where everything is hooked up to the web, it is apparent that tech companies selling these devices are under immense pressure to get products to market. The need for speed could mean that some security principles and best practices may be overlooked. As the UK encountered during the Mirai Botnet attack of 2016, a network of electronic devices acting in concert can cripple the internet or, worst case, become a weapon that could cause actual physical damage as well as cyber damage, power stations, hospital networks to name but a few. How have Data & Analytics impacted the detection, and prevention, of cyber-crime?A company will have to protect themselves against an enormous amount of cyber threats every second. A cyber-criminal will only need one successful attempt. Data & Analytics are proving successful in the fight against cyber-crime and their proactive and holistic approach is at keeping people and businesses safe. Of course, it is Data that is being stolen, but very often Data can come to the rescue. It helps in a number of ways, e.g. identifying anomalies in employee and contractor computer usage and patterns, detecting irregularities in networks, identifies irregularities in device behaviour (a huge advantage with the rise of the IoT).What one must remember, however, is the people behind the Data. You can’t simply collect Data and assume you will be able to detect and respond with the right actions. You need the people with the right analytical skills to sift through the Data, find the right signals and then react to the threat with an appropriate and timely response. What tools and technologies do you think will become increasingly important in the fraud and cyber-crime landscape?Here at Fortalice we are investing a lot of time into coverage of the Dark Web. We live in a rapidly changing digital landscape. Criminals, fraudsters, and others are now operating with more sophistication and anonymity. Where do they go to exchange fraudulent details and ideas about current victims? What medium do they use to discuss organisational targets or new ways of defrauding companies? The answer is the Dark Web. Traditionally, companies fight fraud from the inside out. We want to change this landscape by accessing the entirety of the Dark Web, its pages, shady storefronts, and treasure troves of Data, and drawing on monitoring toolsets to give our clients a 360-degree resource for identifying adversarial communications and movements. It’s all about Internet coverage. Wherever it is difficult to find – that’s where your threat will be. A final point to this question is one of sharing tools and techniques. A collaborative approach is always a good way of making sure the wider audience benefits. We always work with our clients and offer other services and support outside of our remit to make sure they’re fully protected from a cyber and physical space. What are the biggest security threats for businesses?Security is fundamentally broken because the design of many security solutions does not design for the human psyche. Security solutions are bolted on, clunky, and hard to use but because security teams prioritise defending against easier cyber threats, they often don’t focus on the hardware side.The biggest risk to companies and individuals is always defined by the Data that is most important to you or to the business. For individuals, this might be privacy or identity. For businesses, this could be customer Data, intellectual property, and the company’s money in the bank.The reality is that business executives can’t outspend the (cybersecurity) issue and they must be prepared. Cybersecurity no longer exists in a vacuum and it must be elevated to the conversations held in the boardroom and with senior leadership as well as entire divisions, departments, and organisations.For someone trying to get into security analytics, what skills do you think are key to being successful in the industry?The detail is in the name of the role. A huge ability to interpret large amounts of technical Data is key to the role, as well as being able to assimilate what it means and how to action it. Risk management is also key to this role. Very often you will identify potential risks and you will have to triage those priorities on your own as co-workers won’t have the technical expertise to assist. You will need to be able to communicate successfully to all levels of a workforce and last but by no means least – a good sense of humour! When you think you have gotten to understand a new threat or vulnerability a new one will replace it within seconds. Time to put the kettle on, smile, and get back to work with your analytical prowess. Within fraud, it’s well known that criminals are sharing their approaches, is this mirrored in cyber-security and if so, how is the industry combating this?Criminal collaboration is huge on the web. First of all, there is no talent shortage for fraud rings or cybercriminals. There are no requirements for fancy university degrees or certifications and the crime ring pays for performance. They don’t care what you look like, how you dress, or if you clock in during normal work hours. They care about getting the job done – hacking into and stealing information from others. Together they are sadly stronger and more effective. On Dark Web forums, you will see fraudsters sharing and selling their ‘IP’ knowing that others will also contribute. That way they are all winners. In the private world ideas equal money. That is of course not a bad thing for business, but it is bad for collaboration. Businesses generally don’t like to share ideas with one another because it has taken them lots of time and expense to get to their product or solution. As cliché as this comment sounds – we have to change this landscape for the greater good. There are lots of smart government initiatives for national defences in cyber security and fighting high-end cyber-crime but seldom does this have a positive impact locally with smaller businesses. There is a huge amount of information out there for individuals and advice, but we need to bridge the gap still between criminal collaboration and that of the good guys.If you could change one thing in the industry, what would it be?The mind set of security professionals that humans are the weakest link. We’re not! Humans are at risk because technology is by design, open. I’d also change the mind set of those not in the Cyber Security industry. All too often the severity of what is being reported is not taken seriously, nor are budgets set aside for cyber security issues. That said, it is improving but there is a long way to go. Ben and Danni spoke to Senior Consultant, Rosalind Madge. Get in touch with Rosalind or take a look at our latest job opportunities here.