Gabriel Hopkins, Ripjar: “security professionals can never be complacent”
With the pandemic forcing employees to switch to remote work, cybercriminals found more opportunities to take advantage of digital vulnerabilities across governmental and privately-owned organizations. This resulted in an increased number of cyberattacks.
The ongoing pandemic revealed that many organizations are still not aware of the consequences of cybercrime. In reality, being under attack can result in major financial losses, data breaches, or a destroyed brand reputation.
Cybernews recommends that companies should attempt to prevent attacks from happening in the first place by implementing proper cybersecurity measures. Whether it’s investing in antivirus software with fraud prevention features or risk-screening solutions – institutions should always be prepared in advance.
To discuss the cyber environment, existing risks for organizations, and their prevention methods, we invited Gabriel Hopkins, the Chief Product Officer of Ripjar – a company that designs products for detecting and preventing cybercriminal activity.
Let’s go back to the very beginning of Ripjar. How did this project come about, and what has your journey been like since?
The five founders of Ripjar met while working at the United Kingdom’s Government Communications Headquarters – the intelligence and security organization which is almost always referred to as GCHQ. Collectively they spent many decades in that environment and built up a huge amount of technical expertise in the process, including exposure to a wide range of technologies that can be used to make sense of structured and unstructured data.
Initially, Ripjar helped private and public organizations make sense of social media data, understanding political, intelligence, and commercial signals in vast quantities of data. Over time, the company diversified and started supporting many types of clients. Today Ripjar helps banks and other large enterprises around the world leverage complex data to understand risk and identify crime.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
Our mission is to help governments and organizations automate the detection, investigation, and monitoring of criminal activity. We have two main products – Labyrinth Screening and Labyrinth Intelligence.
With Screening, we absorb structured watchlists and sanctions data alongside large quantities of unstructured news and media data – generally over 3 million articles every day. We use advanced analytic and machine learning techniques to make sense of all the data.
Our clients want to know when their customers match against a watchlist or when there is media that highlights criminal or other problematic activity. For example, when onboarding a new customer – either an individual or a company – there might be found that there is a report of bribery.
Labyrinth Intelligence is our solution for data fusion and analysis, and it gets used for a huge variety of applications – from law enforcement to cyber security investigations. There are several key capabilities that make the solution powerful. Our clients often have data in 10s or even 100s of different systems. We’re able to help them pull data in or access it in a place with all those sources. Then, a range of analytics, tools, and flexible workflows are available to explore, investigate patterns in the data, and provide meaningful outputs.
Our Labyrinth Intelligence clients are searching for patterns and connections in their data. Using powerful search techniques, entity link charts, maps, and other visualizations, they can surface the pertinent facts about suspects in a criminal investigation, transactions related to money laundering, or data compromises after a cyber incident. Clients working with the system supplement the inferences and knowledge from their investigations which are then encoded within the system’s object store to support further investigations.
The system can deal with different classifications of data and air-gapped low and high-side systems, which is essential for many of our customers.
What technology do you use to detect and analyze criminal activity?
There is a range of tools and technologies within the product to address different requirements. To make sense of unstructured data, we utilize machine learning classifiers trained on data from over 20 different languages.
Our entity and identity resolution are critical across all our solutions. Having reviewed the available tools, we determined that we needed to build out our technology which avoids a lot of the pitfalls of legacy approaches and enables us to match across scripts and colloquial name variations, such as Robert, Rob & Bob, in a wide range of languages.
Similarly, Ripjar has created proprietary object linking and graphing technology used to discover and encode knowledge within the system. The technology is used to automatically derive summaries of people and entities within the latest version of our screening solution, which massively simplifies the task of analysts reviewing matches.
Have you noticed cybercriminals using any new tactics during the pandemic?
Cybercriminals and other fraudsters are worryingly opportunistic and inventive. Before the pandemic, there was a rapid rise in scam activity. In the face of some pretty sophisticated technological controls, fraudsters took advantage of the vulnerable or simply those not paying enough attention.
With forced remote working during the pandemic, work devices are being used more extensively from home and by a much broader community of users, resulting in cybercriminals having a new attack plan. Rather than bypassing a corporate firewall, criminals may now only need to compromise a £50 home router to be on the same network as a device with access to customer accounts.
Inevitably, the two practices go together. With many users using their work devices for personal activity, targeted social compromises provide a way to infiltrate home networks and onwards to sensitive customer and account information.
Would you like to share some of the key takeaways from your recently published guide on adverse media?
The guide is intended to fill in the gaps for those interested in Adverse Media but would like to know more. Companies everywhere are trying to figure out how to use modern technology and massive quantities of data to understand business risks as they emerge. The guide explains exactly how to do that.
We’ve partnered with Ray Blake from the Dark Money Files – an organization dedicated to fighting against money laundering and financial crime through education, awareness, and frequent enthralling storytelling.
The result is a simple-to-read, comprehensive overview of everything you need to know – why you should screen against adverse media, which media to use, how to interpret the results, how to use automation, and much more.
What are the most common problems companies can run into if appropriate data intelligence solutions are not in place?
Amazingly, we often find ourselves using the common Donald Rumsfeld phrase “Unknown unknowns” to talk about those things which an organization doesn't know but could be critical for them. In practice, there are many missed opportunities to detect, disrupt, and respond to criminal and national security threats.
The equation can be complex, but what we’ve seen over the last ten years is organizations accumulating large quantities of often siloed data that go unused because of inadequate technology and a related loss of corporate knowledge through failing to capture and share information in a structured way.
From a banking perspective, we see “unknown unknowns” surfacing regularly, often accompanied by weighty fines. In the UK, the fines amounted to about £500M in 2021. In many of the fines, the organizations had the information they needed, but they were not seeing it clearly. By identifying risky counterparties early – both with new and existing customers – and by pulling together data from across a bank, screening, and intelligence tools turn “unknown unknowns” to “known knowns” and making it simpler for them to do good business.
Outside of banking, the risks can be even more severe, and again, the ability to connect existing data together in the right way shines a light on where policing and governmental organizations should focus their attention.
Besides threat data intelligence solutions, what other security practices do you think are a must for organizations nowadays?
In the last few months, there have been multiple articles highlighting security professionals being duped by sophisticated compromises, and it is clear that no one is immune to the potential risks. The Log4j vulnerability has also highlighted how impactful even a simple compromise can be in terms of remediation.
Certainly, security professionals can never be complacent. On top of standard best practices, such as software updates, staff education, defense-in-depth, network & endpoint security, and static & dynamic application security testing, firms can benefit from structured security reviews with visibility and reporting at the executive or board level. They should also implement an ISMS (information security management system).
Talking about average internet users, what security measures are essential for them to stay safe online?
I think sometimes it can be as simple as a few common-sense precautions. First and foremost, take a moment to be suspicious. Think whether there is something about your interaction – online or on the phone – that just doesn’t feel right. We’re all busy and being barraged by information, and it’s often easy to follow prompts without thinking. However, taking a little extra time, particularly when it’s related to transactions or account activity, can make all the difference. If a process is new or weird, then avoid the knee-jerk reaction. Stop and consider if it’s legitimate.
Another golden rule is if something appears too good to be true, then it almost certainly is. That goes for online offers, emails, and even phone calls. However tempting, never click on links in inbound messages.
The same goes when you are contacted about something going wrong. Our reaction is often to try to resolve problems as soon as possible, but it is vanishingly unlikely that the government is going to contact you to pay an urgent tax bill or Amazon is going to ask you to pay some fees through an urgent phone call from a weird number.
Remember that criminals are often trying to steal your identity for use later, so it may not be immediately apparent what they want other than a few personal details.
And, of course, keep your phone, computer, and all your web browsers up to date.
And finally, what’s next for Ripjar?
Nothing quite beats in-person meetings, and we’re very excited to see the world opening up again. We were able to see some of our mainland Europe clients face-to-face late last year, and we are looking forward to visiting with clients further afield.
Ripjar’s history so far has been built on innovation, and we know that we need to continue to innovate to provide next-generation capabilities to clients. We are working on some exciting new developments in both our Screening and Intelligence products which will super-charge both solutions and empower the analysts that use them.
As the pandemic hopefully ends, we’re looking forward to the chance to help clients across all sectors – and particularly in banking – to combine and make sense of their own data and other data sources to control risk and fight criminal activity.
In the immediate term, look out for some additional guides on Adverse Media trends and Financial Investigations coming in the next few weeks.