Hunted’s Ben & Danni On Cybersecurity

Rosalind Madge our consultant managing the role
Posting date: 3/21/2019 9:45 AM
Ben Owen and Danni Brooke are the Co-Directors for the EMEA Practice at Fortalice Solutions, a leading global cyber security and intelligence operations company. 

They travel globally to assist clients with their cyber security requirements, bespoke training needs, intelligence and investigations both online and physical and counter fraud training/consultation. They deliver and manage a portfolio of pro-active intelligence solutions to keep people, nations and businesses safe from threats and head up the EMEA operations. 



Ben and Danni also feature on the hit Channel 4 show, Hunted and Celebrity Hunted which has been airing for over four years with another series set to be filmed this summer. I caught up with them recently to discuss the latest Fraud, tools and challenges for the Cybersecurity industry.


Cybersecurity is an ever-changing landscape. What trends do you anticipate for the next 12 months and beyond?

It is always difficult to pin down what the next real trend is going to be in the Cybersecurity space as adversaries are becoming ever more sophisticated.  What was once a very difficult process for skilled individuals is becoming more readily available to novices with advances in software, particularly those shared on the Dark Web.

What is an inevitable threat trend in the next 12-months and beyond is the exponential rise in the Internet of Things (IoT).  With a world where everything is hooked up to the web, it is apparent that tech companies selling these devices are under immense pressure to get products to market. The need for speed could mean that some security principles and best practices may be overlooked.   As the UK encountered during the Mirai Botnet attack of 2016, a network of electronic devices acting in concert can cripple the internet or, worst case, become a weapon that could cause actual physical damage as well as cyber damage, power stations, hospital networks to name but a few.  

How have Data & Analytics impacted the detection, and prevention, of cyber-crime?

A company will have to protect themselves against an enormous amount of cyber threats every second.  A cyber-criminal will only need one successful attempt. Data & Analytics are proving successful in the fight against cyber-crime and their proactive and holistic approach is at keeping people and businesses safe.  Of course, it is Data that is being stolen, but very often Data can come to the rescue.  It helps in a number of ways, e.g. identifying anomalies in employee and contractor computer usage and patterns, detecting irregularities in networks, identifies irregularities in device behaviour (a huge advantage with the rise of the IoT).

What one must remember, however, is the people behind the Data.  You can’t simply collect Data and assume you will be able to detect and respond with the right actions.  You need the people with the right analytical skills to sift through the Data, find the right signals and then react to the threat with an appropriate and timely response.  

What tools and technologies do you think will become increasingly important in the fraud and cyber-crime landscape?

Here at Fortalice we are investing a lot of time into coverage of the Dark Web.  We live in a rapidly changing digital landscape. Criminals, fraudsters, and others are now operating with more sophistication and anonymity. Where do they go to exchange fraudulent details and ideas about current victims? What medium do they use to discuss organisational targets or new ways of defrauding companies? The answer is the Dark Web. 

Traditionally, companies fight fraud from the inside out. We want to change this landscape by accessing the entirety of the Dark Web, its pages, shady storefronts, and treasure troves of Data, and drawing on monitoring toolsets to give our clients a 360-degree resource for identifying adversarial communications and movements. It’s all about Internet coverage.  Wherever it is difficult to find – that’s where your threat will be.  

A final point to this question is one of sharing tools and techniques.  A collaborative approach is always a good way of making sure the wider audience benefits.  We always work with our clients and offer other services and support outside of our remit to make sure they’re fully protected from a cyber and physical space.  

What are the biggest security threats for businesses?

Security is fundamentally broken because the design of many security solutions does not design for the human psyche.  Security solutions are bolted on, clunky, and hard to use but because security teams prioritise defending against easier cyber threats, they often don’t focus on the hardware side.

The biggest risk to companies and individuals is always defined by the Data that is most important to you or to the business.  For individuals, this might be privacy or identity. For businesses, this could be customer Data, intellectual property, and the company’s money in the bank.

The reality is that business executives can’t outspend the (cybersecurity) issue and they must be prepared. Cybersecurity no longer exists in a vacuum and it must be elevated to the conversations held in the boardroom and with senior leadership as well as entire divisions, departments, and organisations.

For someone trying to get into security analytics, what skills do you think are key to being successful in the industry?

The detail is in the name of the role.  A huge ability to interpret large amounts of technical Data is key to the role, as well as being able to assimilate what it means and how to action it.  Risk management is also key to this role.  Very often you will identify potential risks and you will have to triage those priorities on your own as co-workers won’t have the technical expertise to assist.  You will need to be able to communicate successfully to all levels of a workforce and last but by no means least – a good sense of humour!  When you think you have gotten to understand a new threat or vulnerability a new one will replace it within seconds.  Time to put the kettle on, smile, and get back to work with your analytical prowess.  

Within fraud, it's well known that criminals are sharing their approaches, is this mirrored in cyber-security and if so, how is the industry combating this?

Criminal collaboration is huge on the web.  First of all, there is no talent shortage for fraud rings or cybercriminals. There are no requirements for fancy university degrees or certifications and the crime ring pays for performance.  They don’t care what you look like, how you dress, or if you clock in during normal work hours. They care about getting the job done - hacking into and stealing information from others. Together they are sadly stronger and more effective.  On Dark Web forums, you will see fraudsters sharing and selling their ‘IP’ knowing that others will also contribute. That way they are all winners.  In the private world ideas equal money. That is of course not a bad thing for business, but it is bad for collaboration. Businesses generally don’t like to share ideas with one another because it has taken them lots of time and expense to get to their product or solution. As cliché as this comment sounds - we have to change this landscape for the greater good. 

There are lots of smart government initiatives for national defences in cyber security and fighting high-end cyber-crime but seldom does this have a positive impact locally with smaller businesses.  There is a huge amount of information out there for individuals and advice, but we need to bridge the gap still between criminal collaboration and that of the good guys.

If you could change one thing in the industry, what would it be?

The mind set of security professionals that humans are the weakest link. We’re not! Humans are at risk because technology is by design, open.  I’d also change the mind set of those not in the Cyber Security industry.  All too often the severity of what is being reported is not taken seriously, nor are budgets set aside for cyber security issues.  That said, it is improving but there is a long way to go. 

Ben and Danni spoke to Senior Consultant, Rosalind Madge. Get in touch with Rosalind or take a look at our latest job opportunities here.

Related blog & news

With over 10 years experience working solely in the Data & Analytics sector our consultants are able to offer detailed insights into the industry.

Visit our Blogs & News portal or check out the related posts below.

The Search For Toilet Paper: A Q&A With The Data Society

We recently spoke Nisha Iyer, Head of Data Science, and Nupur Neti, a Data Scientist from Data Society.  Founded in 2014, Data Society consult and offer tailored Data Science training for businesses and organisations across the US. With an adaptable back-end model, they create training programs that are not only tailored when it comes to content, but also incorporate a company’s own Data to create real-life situations to work with.  However, recently they’ve been looking into another area: toilet paper.  Following mass, ill-informed, stock-piling as countries began to go into lockdown, toilet paper became one of a number of items that were suddenly unavailable. And, with a global pandemic declared, Data Society were one of a number of Data Science organisations who were looking to help anyway they could.  “When this Pandemic hit, we began thinking how could we help?” says Iyer. “There’s a lot of ways Data Scientists could get involved with this but our first thought was about how people were freaking out about toilet paper. That was the base of how we started, as kind of a joke. But then we realised we already had an app in place that could help.” The app in question began life as a project for the World Central Kitchen (WCK), a non-profit who help support communities after natural disasters occur.  With the need to go out and get nutritionally viable supplies upon arriving at a new location, WCK teams needed to know which local grocery stores had the most stock available.  “We were working with World Central Kitchen as a side project. What we built was an app that supposed to help locate resources during disasters. So we already had the base done.” The app in question allows the user to select their location and the products they are after. It then provides information on where you can get each item, and what their nutritional values are, with the aim of improving turnaround time for volunteers.  One of the original Data Scientists, Nupur Neti, explained how they built the platform: “We used a combination of R and Python to build the back-end processing and R Shiny to build the web application. We also included Google APIs that took your location and could find the closest store to you. Then, once you have the product and the sizes, we had an internal ranking algorithm which could rank the products selected based on optimisation, originally were based on nutritional value.”  The team figured that the same technology could help in the current situation, ranking based on stock levels rather than nutritional value. With an updated app, Iyer notes “People won’t have to go miles and stand in lines where they are not socially distancing. They’ll know to visit a local grocery store that does have what they need in stock, that they’ve probably not even thought of before.” However, creating an updated version presented its own challenges. Whereas the WCK app utilised static Data, this version has to rely on real-time Data. Unfortunately this isn’t as easy to come by, as Iyer knows too well:  “When we were building this for the nutrition app we reached out to groceries stores and got some responses for static Data. Now, we know there is real-time Data on stock levels because they’re scanning products in and out. Where is that inventory though? We don’t know.” After putting an article out asking for help finding live Data, crowdsourcing app OurStreets got in touch. They, like Data Society, were looking to help people find groceries in short supply. But, with a robust front and back-end in place, the app already live, and submissions flying in across the States, they were looking for a Data Science team who could make something of their findings.  “We have the opportunity,” says Iyer “to take the conceptual ideas behind our app and work with OurStreets robust framework to create a tool that could be used nationwide.” Before visiting a store, app users select what they are looking for. This allows them to check off what the store has against their expectations, as well as uploading a picture of what is available. They can also report on whether the store is effectively practising social distancing. Neti explains, that this Data holds lots of possibilities for their Data Science team: “Once we take their Data, our system will clean any submitted text using NLP and utilise image recognition on submitted pictures using Deep Learning. This quality Data, paired with the Social Distancing information, will allow us to gain better insights into how and what people are shopping for. We’ll then be able to look at trends, see what people are shopping for and where. Ultimately, it will also allow us to make recommendations as to where people should then go if they are looking for a product.”  In addition to crowdsourced information, Data Society are still keen to get their hands on any real-time Data that supermarkets have to offer. If you know where they could get their hands on it, you can get in touch with their team.  Outside of their current projects, Iyer remains optimistic for the world when it emerges from the current situation: “Things will return to normal. As dark a time as this is, I think it’s going to exemplify why people need to use Artificial Intelligence and Data Science more. If this type of app is publicised during the Coronavirus, maybe more people will understand the power of what Data and Data Science can do and more companies that are slow adaptors will see this and see how it could be helpful to their industry.”   If you want to make the world a better place using Data, we may have a role for you, including a number of remote opportunities. Or, if you’re looking to expand and build out your team with the best minds in Data, get in touch with one of expert consultants who will be able to advise on the best remote and long-term processes. 

Why Businesses Need To Put Fraud Prevention Front And Centre

If Fraudsters are anything, they are opportunists. Once the first new stories about COVID-19 started running, it wasn’t long until they were joined by tales of fraudsters selling face masks and hand sanitiser, asking panicked customers to transfer money and then disappearing without a trace.  And it’s not the first time we’ve seen this. Fraudsters are notoriously wise to periods of heightened sensitivity and uncertainty, often preying on the vulnerable. The 2008 financial crisis saw an increase in email-based phishing scams and a decade’s worth of technological advancements means that Fraud remains a many-headed beast.  Add into the mix a change in working styles and environments, and many businesses are more exposed to potential security breaches than they have been in years. Now, more than ever, companies need to make sure their Data is well protected and secure. THE FIRST LINE OF DEFENCE If you’re part of, or leading, a Fraud Prevention team, there are a number of ways you can support your business and keep on top of the situation. Here are just a few: Increase and update your investigation capacity. This team are the front line of your business’ Fraud defence team, interacting with customers daily and spotting new scams. During an uncertain period, retention and team stability is key. These are the people that understand the day-to-day Fraud challenges you face and will be essential in fighting any future challenges.  Sharing Fraud Prevention knowledge is key. Throughout this crisis, trends will be evolving quickly and working collaboratively across teams, and even other businesses, is the best way to combat this. We consistently hear from Fraud Managers that the key to beating Fraud is to share information and knowledge. Despite this, there is always a hesitation amongst companies to admit that they have been a victim to an attack. Perhaps now is the time to change this. Invest in Machine Learning and real time updates for your Fraud defences. Fraud technology has moved on from script writing in SQL and rule changes. Businesses need a real time reactive response and now is an important time to be embracing new technologies. There are a number AI-driven off the shelf packages available or, for a more bespoke solution, a Fraud Data Scientist can create something internally. Educate your team. It may seem simple, but the Fraud team can play a crucial role in minimising any potential risk from human-error. Educating employees on the risks they may face when working remotely, or what scams they need to look out for, is one of the most effective ways of fighting Fraud.  PREPARING YOUR BUSINESS Success in the fight against Fraud isn’t purely down to the group of individuals that make up the Fraud team. As a business, now is the time to be making decisions that can help you stay ahead of the Fraudsters. Here are some considerations: Consider investing in tech as an your immediate response. Not just to bolster your Fraud defences (although there are plenty of vendors offering AI-based solutions), but also technology for your employees to keep work as normal as possible such a sharing platforms, DevOps technology and video calling networks. One of the best ways to block some of the vulnerability loopholes fraudsters are trying to exploit is to keep working habits as close to normal as possible as you move to a remote solution. Be transparent with your customers. Consumers are being incredibly savvy and noting how businesses respond to the pandemic in a way that could have a big impact when normality returns. But they’re also being more empathetic and are willing to understand difficulties. For example, shopping delivery service Ocado were open and transparent when their system could not initially deal with demand. Having communicated the difficulties, worked through their issues and gone the extra mile to let customers know how they can be supported in this time, the received minimal backlash. There is an understanding that we’re all in this together. Finally, if you have the budget, continue to staff up - particularly in competitive fields such as Data Science. A lot of top Data professionals are currently at home and much more accessible than they have been in a long time. With a number of ways to remotely interview and onboard both permanent and contract staff, if you are able to get begin conversations with them now, you’ll have an edge in what will be a very competitive market come later in the year.  If you’re looking to take your next step in the world of Fraud, we may have a role for you, including a number of remote opportunities.  Or, if you’re looking to expand and build out your Fraud team, get in touch with one of expert consultants who will be able to advise on the best remote and long-term processes. 

RELATED Jobs

Salary

1000000kr - 1100000kr per annum + competitive benefits package

Location

Stockholm

Description

An awesome role for a Chief Risk And Analytics Officer to work in a fast paced growing, alternative lender in Stockholm/Helsinki!

Salary

£50000 - £70000 per annum + bonus + benefits

Location

City of London, London

Description

Fast growing tech firm looking to bring on board a successful Data Analyst to apply machine learning techniques to payments fraud detection and prevention.

Salary

£60000 - £70000 per annum + pension, health insurance, bonus

Location

London

Description

A growing forensic data team are looking for an experienced Data Analytics Manager to lead Transaction Monitoring projects.

recently viewed jobs