Bryce Webster-Jacobsen, GroupSense: it’s not a matter of ‘if’ but ‘when’ businesses will face an attack
Protecting your business from various cyber threats, however likely or not, is crucial. But it’s not always enough to just implement a number of cybersecurity tools and call it a day.
Once a cyberattack happens, the question is – what is the best way to deal with it? There are a lot of misconceptions, especially regarding ransomware, floating around about how to negotiate and respond to cyber threats and demands.
We reached out to Bryce Webster-Jacobsen, the Director of intelligence operations at GroupSense, a cyber reconnaissance and expert ransomware negotiation service provider. Bryce told us more about analyzing potential threats and provided insights about the best cyber protection measures to take, and the most efficient ways to negotiate and mitigate ransomware attacks.
GroupSense has been growing exponentially since your launch in 2014. What was your journey like?
We’re a bootstrapped company, and our co-founder and CEO Kurtis Minder has grown it in a very organic way since its founding in 2014. Our unique offering, which combines the best of human intelligence and automated software technology, helps our customers eliminate unexpected cyber threats from their businesses. It’s the quality and effectiveness of our differentiated solutions and services that have made GroupSense into the successful, fast-growing company it is today, and it is what continues to attract and generate value for top-tier customers from nearly every industry around the world.
For those who might not be familiar, can you briefly explain what cyber reconnaissance is?
Cyber reconnaissance gives customers a holistic view of their threat landscape. How that is done plays a large role in whether it’s successful or not.
At GroupSense, we’ve taken cyber recon to a new level. First, we define each customer’s digital risk footprint, understanding and prioritizing different points of vulnerability. Then, we combine automated and human intelligence gathering and analysis to deliver customized security intelligence to each customer. And when that intelligence arrives at the customer’s site, it is ready to be operationalized. There’s no need for security teams – who are already stretched thin and overworked – to manually analyze or process the information. GroupSense delivers finished intelligence reports, contextualized with analysis, and recommendations the client can implement. This is extremely powerful because cybersecurity threats can be identified, addressed, and mitigated much more quickly. This is cyber reconnaissance at its best.
Besides providing threat intelligence solutions, you also specialize in ransomware negotiation. Can you tell us more about the ins and outs of this practice?
First and foremost, companies shouldn’t try to negotiate directly with ransomware actors. The negotiations are tenuous, requiring a specialized understanding of the ransomware actors on the other end of the negotiation. So, it’s critical to employ expert negotiators backed by analysts and research groups that can help to secure significant reductions in ransomware demands and lower mitigation costs. GroupSense handles negotiations from the very beginning of engaging with the threat actor all the way through to facilitating a cryptocurrency payment. We also offer a comprehensive ransomware readiness plan service called Ransomware Response Readiness Subscription (R3S). It ensures companies know how to prepare for a ransomware attack, and what to do once they’ve already been attacked.
Additionally, what are some of the things that, under any circumstances, shouldn’t be done when dealing with a ransomware attack?
One of the longstanding myths out there is that you shouldn’t ever negotiate. Unfortunately, in many cases, there is no choice but to do exactly that – or risk losing critical data necessary to keep the business running. As mentioned previously, it’s essential to leave negotiating to professionals, but here are just a few of the tips expert negotiators follow:
- Avoid confrontation – it’s pointless and can cause a complete breakdown in discussions
- Understand all of the options – best case, worst case and everything in between
- Offer specific figures and avoid using ranges and round numbers
- Never lie, always be truthful
- Be careful about your word choices and how they may be incorrectly interpreted by others, such as those who speak a different language
Using these and other rules as a guide can go a long way toward achieving the outcome you want.
It seems like the pandemic tested cybersecurity worldwide. What are the main takeaways?
It’s true, the pandemic put a major strain on cybersecurity, which was already generally vulnerable in many organizations. With COVID-19, we saw companies try to rapidly deploy remote, distributed workforces on a scale we’ve never seen before. And with that, ready or not, all company systems, applications, and content had to be moved to distributed platforms. Amid the rush to enable employees to work remotely, security was often just an afterthought. Basic security protocols – like VPNs and multi-factor authentication (MFA) – weren’t employed, and this opened up huge security gaps, particularly with vulnerable remote access tools. Many large ransomware cases and other cyberattacks that have occurred could have been prevented by enabling MFA or other common security practices. As a result, today, there is much greater awareness of the importance of putting basic security hygiene in place before an attack happens. At this point, all businesses should understand, it’s not a matter of if, but when they’ll face an attack, so they need to ask themselves now if they’re prepared.
In your opinion, should small businesses and large companies approach cybersecurity differently?
Basic cybersecurity hygiene needs to be in place regardless of a company’s size. Certain protocols are standard across the board, but there are other things that need to be tailored based on a company’s size. While larger organizations are typically more lucrative targets, smaller businesses need to take preventive measures to stay vigilant now more than ever – with remote working on the rise. Small businesses need to be diligent about things like:
- Regularly updating software, operating systems, and web browsers
- Using quality antivirus software
- Never clicking on unsafe links or opening suspicious email attachments
- Using VPN services on public Wi-Fi networks
- Not disclosing personal information
- Employing two-factor authentication (2FA) or MFA and a password manager
What enterprise security issues are often overlooked but could pose a significant threat to one’s company?
It’s hard to believe, but basic cyber hygiene is routinely overlooked. But these simple tools can make a difference in how an attack impacts your company:
- Ensuring 2FA or MFA is used on everything in the business
- Strong email policy that includes restricting access to personal email on all company devices to minimize phishing attacks
- Publish, and proactively enforce, a password policy and using a credential monitoring service
- Safeguarding remote access and remote employees with VPNs and 2FA or MFA, among other tools
- Ensure you actually have working backups, and that they not only include what your cloud storage provider offers, but also one manual backup of all data that resides offsite. And be sure you’re testing backups regularly!
What kind of cyberattacks can we expect to see in 2022?
In terms of cyber trends, this year, I think we’ll continue to see ransomware groups break up and rebrand – as we saw with BlackMatter in 2021. As I always say to our team, “reinvention is a survival skill” for most cybercriminals, and this practice will carry on for a range of reasons, including increased law enforcement attention.
And as ransomware attacks have increased, so have cyber insurance claims and losses, so I believe requirements or prerequisites for getting cyber insurance coverage will also increase. Companies will rely on this insurance as ransomware attacks keep rising. So, the ability to cover not only the ransom but also all expenses related to recovery is needed. Finally, we may see more threat actors targeting SMBs to stay under the radar and avoid the scrutiny that comes with going after higher-profile organizations.
And finally, what does the future hold for GroupSense?
GroupSense’s mission has, and will always be, to eliminate unexpected cyber threats and risks from our clients’ businesses by utilizing the best intelligence, which we believe is the combination of human intelligence and automated technology. We’ll continue to build on these solutions and services that deliver unmatched value for our world-class customers and partners, fueling the innovation and organic growth that allowed us to launch GroupSense seven years ago.