Hi Harrison. It’s a privilege talking to you today at AiThority.com. Could you tell us about your journey in technology and how you started at Digital Shadows?
I’ve been into technology since I was a kid, playing video games till the early hours of the morning. That’s how I started learning about computer hardware, software compatibility and some basic networking. In college, I decided to focus on Criminal Justice for my Undergraduate degree which showed me how prevalent online criminal activity is in the modern era. My degree helped introduce me to the traditional frameworks used to study illegal activity from a law enforcement perspective, which applies well to the cybercriminal landscape once you add a technical layer. I decided to continue my education into graduate school, earning a M.S. in Information Technology and Management, focusing on Cybersecurity.
What is Digital Shadows and how does it empower businesses with Threat Intelligence?
Digital Shadows provides Digital Risk Protection to our clients across multiple sectors, helping them to reduce their overall digital risk online. That includes protecting you from external threats, continually identifying where your assets are exposed, providing sufficient context to understand the risk, and options for remediation. Threat Intelligence runs across all of those areas, as it provides the context for those risks and a foundation for our client alerts.
Tell us about Dark Web Monitoring and the risky operations that jeopardize enterprises. How can Cloud vendors leverage your Predictive Intelligence?
The most difficult part of the Dark Web, which is composed of a couple of different networks that overlay the traditional clear web that most people know, is finding your way around it. In order to access Tor, one of those overlay networks, you have to download a specific browser. Once you do, you can access domains that aren’t normally accessible in a regular browser. However, everything operates peer-to-peer and independently, so there’s no centralized regulations or policies, making it difficult to find the actual resources. Those resources could be discussion forums, political activism sites from around the world, or more malicious cybercrime resources.
Digital Shadows provides the expertise required to navigate into these spaces, knowing the intricacies of the cybercriminal landscape operating on the Dark Web, as well as criminal operations that occur on clear web sites. We take that inherent risk of existing in those spaces off the plates of our customers and give them peace of mind that we will operate legally, ethically, and efficiently.
What is the most contemporary definition of Threat Intelligence? Could you tell us about the tools and technologies that form Threat Intelligence stack for modern businesses?
There are a lot of different definitions of what threat intelligence actually is, especially when it comes to cybersecurity, but the analyst firm Gartner defines it as:
Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.
Digital Shadows breaks it down like this:
- Threat Intelligence is focused on informing decision-makers and improving their decisions. The Threat Intelligence function within a business can be a standalone function, particularly within more mature organizations or sector with a lower risk tolerance, but more often it is a function of an individual within a security team. This function can serve multiple stakeholders within the business, including incident responders, threat hunters, and management.
- Focuses on the threat, not risk. “Threat” is just one component of “Risk”. Some frameworks, such as FAIR (Factor Analysis of Information Risk), help to bring this all together into a richer framework.
How can businesses leverage Digital Risk Protection Software to prepare for the future with “Digital Forensics and Cyber Security”?
Digital Shadows provides a wholly inclusive delivery model that highlights our expertise in the field of Digital Risk throughout every step of the way. In our collective mind, it isn’t just about one specific tool, but how we stay connected with our clients throughout the entire process. From our initial calls establishing what the client’s team(s) are most concerned with to the delivery of our risk alerts, Digital Shadows experts whether they be Engineers, Analysts, or Client Success Managers are there every step of the way. Competitors tend to either focus on a specific area of coverage or overwhelm you with data. We take an approach that gives you broad coverage without alert fatigue.
I think this is what makes Digital Shadows stand out among the pack of other options, and I’m not alone: In 2018, Forrester Research published the Digital Risk Protection New Wave for Q3 2018, in which Digital Shadows was named a “Leader” in the Digital Risk Protection space.
What are the modern Cyberthreats that can take any business down? What are the ‘surface attack’ points that most companies are vulnerable to and what kind of readiness do you provide to such businesses?
The threats are incredibly varied, however, I think one of the biggest threats that companies face today is Business Email Compromise (BEC). I wrote a blog in April summarizing the FBI’s annual Internet Crimes Complaints Center (IC3), and out of the $2.7 billion lost over 2018 alone, $1.2 billion of that was due to BEC.
This threat has existed for a number of years now, but when we start to quantify just how much money businesses are losing because of BEC alone, it really does become staggering and forces you to rethink your approach to specific processes and systems. We’ve focused so heavily on the internal protections that network security and hardware security bring, but we need to look at more external threats overall to gain full visibility into our risks. Within BEC attacks, you’ve got techniques like spear phishing, social engineering, typosquatting domains – things that more traditional network security don’t wholly mitigate.
Would you agree that AI-enabled Automation can successfully fill in for the “IT Ops and Networking” gaps in the industry? How do you leverage AI ML at Digital Shadows?
At Digital Shadows, we apply Machine Learning algorithms to support parts of our effort in managing the vast amounts of information that we collect on a daily basis. Leveraging this and other Data Science techniques allows us to provide our clients with contextualized alerts specific to them gathered from the ocean of information available online.
What digital technology start-ups and labs are you keenly following?
Immersive Labs is a company that Digital Shadows has been able to partner with for a long time now that is doing a lot of really cool things. They’re a cybersecurity training platform that gives users hands-on experience instead of having to read through a bunch of theory and text. This is something that I craved during my college education and would have loved to have it around back then.
What technologies within your industry are you interested in?
I like to follow various open-source tools and research projects that are centered around collecting publicly available information online and turning that into actionable intelligence that people can use to defend their networks.
What’s your smartest work-related shortcut or productivity hack?
I might be cheating a little bit, but I have a work-related item that helps me focus: noise-canceling headphones. Combine those with some EDM and you’ll be unstoppable for hours at a time.
Tag the one person in the industry whose answers to these questions you would love to read-
A previous Digital Shadows employee (and good friend) Christian Rencken would have some really interesting answers to these questions. Christian works at CrowdStrike now but I would definitely try to get him to answer some of these if you can!
Thank you, Harrison! That was fun and hope to see you back on AiThority soon.
Harrison Van Riper is a Strategy and Research Analyst at Digital Shadows. He earned his Bachelor’s degree in Criminal Justice and Master’s degree in Information Technology and Management. Van Riper is fascinated in the crossover between technology and crime and provides Digital Shadows’ clients with up-to-date threat intelligence.
Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface.