Hunted’s Ben & Danni On Cybersecurity

Rosalind Madge our consultant managing the role
Posting date: 3/21/2019 9:45 AM
Ben Owen and Danni Brooke are the Co-Directors for the EMEA Practice at Fortalice Solutions, a leading global cyber security and intelligence operations company. 

They travel globally to assist clients with their cyber security requirements, bespoke training needs, intelligence and investigations both online and physical and counter fraud training/consultation. They deliver and manage a portfolio of pro-active intelligence solutions to keep people, nations and businesses safe from threats and head up the EMEA operations. 



Ben and Danni also feature on the hit Channel 4 show, Hunted and Celebrity Hunted which has been airing for over four years with another series set to be filmed this summer. I caught up with them recently to discuss the latest Fraud, tools and challenges for the Cybersecurity industry.


Cybersecurity is an ever-changing landscape. What trends do you anticipate for the next 12 months and beyond?

It is always difficult to pin down what the next real trend is going to be in the Cybersecurity space as adversaries are becoming ever more sophisticated.  What was once a very difficult process for skilled individuals is becoming more readily available to novices with advances in software, particularly those shared on the Dark Web.

What is an inevitable threat trend in the next 12-months and beyond is the exponential rise in the Internet of Things (IoT).  With a world where everything is hooked up to the web, it is apparent that tech companies selling these devices are under immense pressure to get products to market. The need for speed could mean that some security principles and best practices may be overlooked.   As the UK encountered during the Mirai Botnet attack of 2016, a network of electronic devices acting in concert can cripple the internet or, worst case, become a weapon that could cause actual physical damage as well as cyber damage, power stations, hospital networks to name but a few.  

How have Data & Analytics impacted the detection, and prevention, of cyber-crime?

A company will have to protect themselves against an enormous amount of cyber threats every second.  A cyber-criminal will only need one successful attempt. Data & Analytics are proving successful in the fight against cyber-crime and their proactive and holistic approach is at keeping people and businesses safe.  Of course, it is Data that is being stolen, but very often Data can come to the rescue.  It helps in a number of ways, e.g. identifying anomalies in employee and contractor computer usage and patterns, detecting irregularities in networks, identifies irregularities in device behaviour (a huge advantage with the rise of the IoT).

What one must remember, however, is the people behind the Data.  You can’t simply collect Data and assume you will be able to detect and respond with the right actions.  You need the people with the right analytical skills to sift through the Data, find the right signals and then react to the threat with an appropriate and timely response.  

What tools and technologies do you think will become increasingly important in the fraud and cyber-crime landscape?

Here at Fortalice we are investing a lot of time into coverage of the Dark Web.  We live in a rapidly changing digital landscape. Criminals, fraudsters, and others are now operating with more sophistication and anonymity. Where do they go to exchange fraudulent details and ideas about current victims? What medium do they use to discuss organisational targets or new ways of defrauding companies? The answer is the Dark Web. 

Traditionally, companies fight fraud from the inside out. We want to change this landscape by accessing the entirety of the Dark Web, its pages, shady storefronts, and treasure troves of Data, and drawing on monitoring toolsets to give our clients a 360-degree resource for identifying adversarial communications and movements. It’s all about Internet coverage.  Wherever it is difficult to find – that’s where your threat will be.  

A final point to this question is one of sharing tools and techniques.  A collaborative approach is always a good way of making sure the wider audience benefits.  We always work with our clients and offer other services and support outside of our remit to make sure they’re fully protected from a cyber and physical space.  

What are the biggest security threats for businesses?

Security is fundamentally broken because the design of many security solutions does not design for the human psyche.  Security solutions are bolted on, clunky, and hard to use but because security teams prioritise defending against easier cyber threats, they often don’t focus on the hardware side.

The biggest risk to companies and individuals is always defined by the Data that is most important to you or to the business.  For individuals, this might be privacy or identity. For businesses, this could be customer Data, intellectual property, and the company’s money in the bank.

The reality is that business executives can’t outspend the (cybersecurity) issue and they must be prepared. Cybersecurity no longer exists in a vacuum and it must be elevated to the conversations held in the boardroom and with senior leadership as well as entire divisions, departments, and organisations.

For someone trying to get into security analytics, what skills do you think are key to being successful in the industry?

The detail is in the name of the role.  A huge ability to interpret large amounts of technical Data is key to the role, as well as being able to assimilate what it means and how to action it.  Risk management is also key to this role.  Very often you will identify potential risks and you will have to triage those priorities on your own as co-workers won’t have the technical expertise to assist.  You will need to be able to communicate successfully to all levels of a workforce and last but by no means least – a good sense of humour!  When you think you have gotten to understand a new threat or vulnerability a new one will replace it within seconds.  Time to put the kettle on, smile, and get back to work with your analytical prowess.  

Within fraud, it's well known that criminals are sharing their approaches, is this mirrored in cyber-security and if so, how is the industry combating this?

Criminal collaboration is huge on the web.  First of all, there is no talent shortage for fraud rings or cybercriminals. There are no requirements for fancy university degrees or certifications and the crime ring pays for performance.  They don’t care what you look like, how you dress, or if you clock in during normal work hours. They care about getting the job done - hacking into and stealing information from others. Together they are sadly stronger and more effective.  On Dark Web forums, you will see fraudsters sharing and selling their ‘IP’ knowing that others will also contribute. That way they are all winners.  In the private world ideas equal money. That is of course not a bad thing for business, but it is bad for collaboration. Businesses generally don’t like to share ideas with one another because it has taken them lots of time and expense to get to their product or solution. As cliché as this comment sounds - we have to change this landscape for the greater good. 

There are lots of smart government initiatives for national defences in cyber security and fighting high-end cyber-crime but seldom does this have a positive impact locally with smaller businesses.  There is a huge amount of information out there for individuals and advice, but we need to bridge the gap still between criminal collaboration and that of the good guys.

If you could change one thing in the industry, what would it be?

The mind set of security professionals that humans are the weakest link. We’re not! Humans are at risk because technology is by design, open.  I’d also change the mind set of those not in the Cyber Security industry.  All too often the severity of what is being reported is not taken seriously, nor are budgets set aside for cyber security issues.  That said, it is improving but there is a long way to go. 

Ben and Danni spoke to Senior Consultant, Rosalind Madge. Get in touch with Rosalind or take a look at our latest job opportunities here.

Related blog & news

With over 10 years experience working solely in the Data & Analytics sector our consultants are able to offer detailed insights into the industry.

Visit our Blogs & News portal or check out the related posts below.

How Can Your Career In Big Data Help You To Accelerate Change?

Data & Analytics is fast becoming a core business function across a range of different industries. 2.5 quintillion bytes of data are produced by humans every day, and it has been predicted that 463 exabytes of data will be generated each day by humans as of 2025. That’s quite a lot of data for organisations to break down. Within Gartner’s top 10 Data & Analytics trends for 2021, there is a specific focus on using data to drive change. In fact, business leaders are beginning to understand the importance of using data and analytics to accelerate digital business initiatives. Instead of being a secondary focus — completed by a separate team — Data & Analytics is shifting to a core function. Yet, due to the complexities of data sets, business leaders could end up missing opportunities to benefit from the wealth of information they have at their fingertips. The opportunity to make such an impact across the discipline is increasingly appealing for Data Engineers and Architects. Here are a just a selection of the benefits that your role in accelerating organisational change could create. Noting the impact In a business world that has (particularly in recent times) experienced continued disruption, creating impact in your industry has never been more important. Leaders of organisations of a range of sizes are looking to data specialists to help them make that long-lasting impression. What is significant here is that organisations need to build-up and make use of their teams to better position them to gather, collate, present and share information – and it needs to be achieved seamlessly too. Business leaders, therefore, need to express the specific aim and objective they are using data for within the organisation and how it’s intended to relate to the broader overarching business plans. Building resilience Key learnings from the past year have taught senior leaders around the globe that being prepared for any potential future disruption is a critical part of an organisation’s strategic plans. Data Engineers play a core role here. Using data to build resilience, instead of just reducing resistance or limiting the challenges it presents, will ensure organisations are well-placed to move into a post-pandemic world that makes use of the abundance of data available to them. Big Data and pulling apart and understanding these large scale and complex data sets will offer a new angle with which to inform resilience-building processes.  Alignment matters An organisation’s ability to collect, organise, analyse and react to data will be the thing that sets them apart from their competitors, in what we expect to become an increasingly competitive market. Business leaders must ensure that their teams are part of the data-driven culture and mindset that an organisation adopts. As this data is used to inform how an organisation interacts with its consumers, operates its processes or reaches new markets, it is incredibly important to ensure that your Data Engineers (and citizen developers) are equipped and aligned with the organisation’s visions. Change is a continuous process, particularly for the business community. Yet, there are some changes that are unpredictable, disruptive and mean that many pre-prepared plans may face a quick exit from discussions. Data professionals have an opportunity to drive the need for change, brought about by the impacts of the pandemic, in a positive and forward-thinking way. In understanding impact, resilience and alignment, this can be truly achieved. Data is an incredibly important tool, so using this in the right way is absolutely critical. If you’re in the world of Data & Analytics and looking to take a step up or find the next member of your team, we can help. Take a look at our latest opportunities or get in touch with one of our expert consultants to find out more.

Mitigating Risk In The Financial Services Sector With Machine Learning

Data & Analytics is an industry that is constantly evolving and is always using the latest technology to innovate its services and capabilities. More recently, these advancements have moved in areas such as Artificial Intelligence (AI) and Machine Learning (ML). Machine Learning is a method of data analysis, under the branch of Artificial Intelligence, that allows systems to learn from data, identify patterns and ultimately make decisions with little to no human intervention. Used across a vast range of sectors, this arm of Data & Analytics has become widely popular, especially within highly-advanced industries such as Finance.  Since the 2008 financial crash, at the top of the agenda for many Financial Institutions (FIs) was, and still is, the need to protect business, increase profitability and, possibly most importantly, address the abundant inadequacies of risk management. This includes risks posed by consumers such as liquidity, insolvency, model and sovereign, as well as any internal process and operational risk the FIs may also be facing through any failures or glitches.   Machine Learning has played a crucial role in improving the quality and precision of FIs risk management abilities. In HPC Wire, it has been reported that the use of AI and ML within the financial sphere to mitigate risk, improve insights and develop new offerings may generate more than $250 billion for the banking industry.  How does ML work? By using incredibly large data sets, drawn (with consent) from consumers, ML can learn, and predict, patterns in consumer behaviour. This can be done in one of two ways: through supervised learning tools, or unsupervised learning tools.  Explained by Aziz and Dowling; “In supervised learning you have input data that you wish to test to determine an output. In unsupervised learning, you only have input data and wish to learn more about the structure of the data.” How do banks use ML to mitigate risk? In FIs, a mix of the two ML tools are used. Most commonly, we can expect to see learning systems such as data mining, neural networks and business rules management systems in play across a lot of banks. These models work in tandem to identify relationships between the data given from the FIs and their consumers – from their profiles to their spending habits, credit card applications to recorded phone calls – which then build ‘character profiles’ of each individual customer. The process can then begin, spotting signs of potential risk factors. This may include debt, fraud and/or money laundering.  Here we break down two key examples.  Fraud Thanks to ML, customers have become accustomed to incredibly quick and effective notification of fraudulent activity from their banks. This ability from FIs comes from large and historical datasets of credit card transactions and machines which have been algorithmically trained to understand and spot problematic activity. As stated by Bart van Liebergen; “The historical transaction datasets showcase a wide variety of pre-determined features of fraud, which distinguish normal card usage from fraudulent card usage, ranging from features from transactions, the card holder, or from transaction history.”  For example, if your usual ‘character profile’ is known by ML tools to spend between £500 - £1000 per month on your credit card, and suddenly this limit is overtly exceeded, fraudulent activity tags will be alerted, and the freezing of your account can be done in real-time.  Credit applications When borrowing from a bank or any other FI, consumers must undertake a credit risk assessment to ensure that they have a record of paying back debt on time, and therefore not adding greater cost, and risk, to the lender.  Traditionally, FIs have approached credit risk with linear, logit and probit regressions but, serious flaws were found in these methods, with many applications being left incomplete. In this space, the evidence for the effectiveness of ML is overwhelming. Khandani et al. found that FIs using ML to analyse and review credit risk can lead to a 25 per cent cost saving for the FI involved.   These ML models come in various shapes and sizes, with the most common being instantaneous apps or websites which allow users and their banks to have access to real-time scoring, data visualisation tools and business intelligence tools.  The risk of risk management with ML Like with any AI or ML application or tool, there will always be cause for concern and real need to always remain vigilant. While ML has shown to be an invaluable tool across lower risk areas, the complexity of more statistical areas of banking, such as loans, has proven to be an Achilles heel for the technology. This usually stems from bias, a perpetual problem for AI and ML across all industries.  Technology Review notes that “There are two main ways that bias shows up in training data: either the data you collect is unrepresentative of reality, or it reflects existing prejudices.”  Data, analytics, AI and ML are notoriously non-diverse working sectors. The person behind the screen creating learning algorithms tends to be white and male, and very unrepresentative of the whole society that the machine learning tool will serve. Over the years, we have heard numerous accounts of unfair and unjust machines, which have learned from a very narrow and unrepresentative dataset, which stems from the lack of diversity amongst the employees within the Data & Analytics industry. For example, Microsoft’s racist bot and Amazon’s sexist recruitment tool, both clear examples that ML and AI are not ready to be used on their own, and humans still need to play an integral part in decision making.  Banks and FIs must be aware of the, potentially lethal, consequences that bias in ML may present. Lenders must be careful to ensure they are working within the guidelines of fair lending laws and that no one group of people are being penalised for no reason other than issues within the technology and its algorithms. It is vital that the humans behind the technology don’t rely on ML to provide them with an answer 100 per cent of the time but, instead, use it to aid them in their decision making when it comes to risk mitigation.  If you’re looking for a role in Data & Analytics or are interested in finance or Risk Analytics, we may have a role for you. Take a look at our latest opportunities or get in touch with one of our expert consultants to learn more.  

RELATED Jobs

recently viewed jobs