Cybersecurity Sessions Netacea

Netacea CISO Andrew Ash welcomes two special guests to the podcast this month to talk about AI adoption and managing third party risk: Thomas Ballin (CTO, Cytix) and Haydn Brooks (CEO, Risk Ledger).

In 2023 the AI genie is well and truly out of the bottle, gaining mainstream attention and usage across business, academia and in day-to-day life. As a result, AI has become somewhat of a buzzword used to sell solutions or make products appear smart and modern. As mutual advocates of AI to solve problems more efficiently for clients, Andrew and Thomas weigh in on how to define “real AI”, which solutions really benefit from incorporating AI, and how we can validate these claims.

Meanwhile, CISOs are rightly concerned with gaining as much control as possible over internal systems so that they can be secured against known and novel threats. But businesses are also reliant on their supply chain and third-party systems, which have their own potential vulnerabilities. Haydn has a wealth of experience in this area, and sheds light on the potential risks third party relationships expose and how CISOs can manage them whilst maintaining the value of these relationships.

Finally, threat researcher extraordinaire Cyril Noel-Tagoe explains why criminals use bots to mass create fake accounts on web services, the other attacks these accounts facilitate, and how businesses can cut off fake accounts before they do their damage.



Host



Andrew Ash – CISO, Netacea

Andy Ash has worked in IT Services and cyber for 21 years. He has been part of Netacea since its inception and is currently CISO, overseeing the operation and security of the technical platform and Netacea Threat and Bot Expert teams.

https://www.linkedin.com/in/andrew-ash-3963b19/



Panel



Haydn Brooks – CEO & co-founder, Risk Ledger

Originally a big four cyber risk consultant, Haydn found that current supply chain assurance programs were far from frictionless and actively caused clients and their suppliers’ headaches. This led him to found Risk Ledger, a technology platform that combines a security governance platform with a secure social network.

https://www.linkedin.com/in/haydn-brooks/



Thomas Ballin – CTO & co-founder, Cytix

The technical co-founder of Cytix, Thomas is focused on disrupting the UK security testing space. With a background in penetration testing, he has spent the past 10+ years building and innovating service lines to support businesses with their continuous security testing needs.

https://www.linkedin.com/in/thomasjballin/



Cyril Noel-Tagoe – Principal Security Researcher, Netacea

Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.

https://www.linkedin.com/in/cybercyril

https://twitter.com/cyber_cyril


---

Send in a voice message: https://podcasters.spotify.com/pod/show/netacea/message

To start this month’s episode, we once again weigh in on AI – this time considering the privacy implications when feeding prompts into generative AI tools like ChatGPT and Bard. We’ll discuss whether it’s safe to share company IP or your own personal information into such tools, before hearing how we approach this at Netacea from Principal Software Engineer John Beech.

Next, we’ll look to the news of another major data breach, as it was recently revealed that millions of stolen records from genetics testing site 23andMe were available for sale from an underground forum. The attackers even touted that the data identifies those with Jewish genealogy. 23andMe held customers responsible for reusing their passwords on other sites that had been hacked previously, but where does responsibility for protecting this kind of sensitive information lie and what can each party do to keep data safe? Having spent five years of his career in biotech, Engineering Manager Karol Horosin has plenty to add to this story.

Finally, our security researcher extraordinaire Cyril returns to tell us about freebie bots – a type of scalping bot that targets discounted goods to resell in bulk at retail prices. Sounds like a “prime” bot attack type to target recent and upcoming sales events…



Host

Dani Middleton-Wren – Head of Media, Netacea

Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.

https://www.linkedin.com/in/danielle-middleton-wren-95826767/



Panel

Cyril Noel-Tagoe – Principal Security Researcher, Netacea

Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.

https://www.linkedin.com/in/cybercyril

https://twitter.com/cyber_cyril



Karol Horosin – Engineering Manager, Netacea

As well as his role as Engineering Manager at Netacea, Karol is the founder of an AI sentiment analysis product sentimatic.io. He is a frequent conference speaker and writes online about programming, product development and startups on his personal blog.

https://www.linkedin.com/in/horosin/

https://twitter.com/horosin_



John Beech – Principal Software Engineer, Netacea

Currently a team lead for Netacea’s software engineering department, John has been working on highly scalable secure applications platforms over the span of 20 years. He’s enthusiastic about welcoming in a new era of AI and computer intelligence.

https://www.linkedin.com/in/johnbeech/


---

Send in a voice message: https://podcasters.spotify.com/pod/show/netacea/message

This month’s episode takes off with a journey into the controversial world of skiplagging, also known as hidden city flying. Airlines and holiday businesses are taking legal action against passengers and websites like Skiplagged that exploit pricing loopholes, leaving empty seats on the second leg of multi-stop itineraries. But with scraper bots at the root of the issue, is there a technical solution to limit the practice?

On the topic of bots, a recent report from the University of California, Irvine, revealed that bots are now faster and more accurate than humans at solving CAPTCHA challenges. In this episode we discuss whether there is still a place for CAPTCHA in detecting bot traffic, and try to decipher Elon Musk’s comments about the report – Does it spell the end of bot detection, and is his X subscription model the only answer…?

To conclude, we go more in depth on scraper bots – not only do they facilitate skiplagging, but there are endless uses for scrapers, both well meaning and malicious. How concerned should businesses be about scraper bots, and does their presence often indicate more sinister attacks on the horizon?



Host

Dani Middleton-Wren – Head of Media, Netacea

Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.

https://www.linkedin.com/in/danielle-middleton-wren-95826767/



Panel

Matthew Gracey-McMinn – Head of Threat Research, Netacea

Matthew is an experienced Cyber Threat Intelligence professional with an MPhil from the University of Oxford. In his current role at Netacea, he researches and investigates the impact of malicious bots on online businesses and their customers.

https://www.linkedin.com/in/matthewgraceymcminn

https://twitter.com/mgm_cybersec



Chris Collier – Head of Solution Engineering, Netacea

Chris is an experienced technical manager who joined Netacea in 2021. Since this time, he’s helped countless clients onboard with our bot management product, ensuring they get a solution that fits their business needs and integrates with their existing platforms.

https://www.linkedin.com/in/chris-collier-82588859



Gary Clarke – Solutions Engineer, Netacea

Gaz is an experienced Solutions Engineer with 12 years’ experience working in the computer and retail industries. At Netacea Gaz helps businesses implement advanced bot management solutions to work in harmony with their existing systems and prevent automated threats from attacking. Gaz gained his bachelor’s degree focused in Computing; Software and Systems from Edge Hill University.

https://www.linkedin.com/in/clarkegs/


---

Send in a voice message: https://podcasters.spotify.com/pod/show/netacea/message

This month we begin by examining the 2023 National Risk Register, a public version of the National Security Risk Assessment, which assesses the most serious risks to lives, health, society, critical infrastructure, economy and sovereignty. Cyber-attacks on infrastructure are listed as moderate impact – Our panel discusses how businesses can use the information within the report to prepare for attacks and keep our critical infrastructure as secure as possible.

Next, our Principal Security Researcher Cyril Noel-Tagoe sheds some light on the murky underworld of illicit Telegram networks, where criminals plot and discuss their attacks, or sell their ill-gotten gains. Netacea CTO Andy Lole weighs in on the Online Safety Bill and its opposition to encrypted messaging apps having no way of sharing messaged with law enforcement, before Engineering Manager Karol Horosin joins the debate to explain the technical obstacles businesses like Meta face when developing such apps.

Finally, Cyril defines our attack of the month, which is residential proxy networks. He and Karol discuss why residential proxies are becoming such popular tools for criminals, and the difficulties businesses face in blocking malicious traffic that utilizes residential proxy networks to hide behind otherwise trustworthy IP addresses.



Host

Dani Middleton-Wren – Head of Media, Netacea

Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.

https://www.linkedin.com/in/danielle-middleton-wren-95826767/



Panel

Cyril Noel-Tagoe – Principal Security Researcher, Netacea

Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.

https://www.linkedin.com/in/cybercyril

https://twitter.com/cyber_cyril



Andy Lole – CTO, Netacea

An experienced tech and product leader, Andy’s held leadership roles in digital marketplaces across real estate, travel and classifieds marketplaces. He’s developed and operated B2B SaaS tools and services, and core commercial platforms. At Netacea he focuses on expanding product delivery capabilities and customer experience.

https://www.linkedin.com/in/andylole/

https://twitter.com/andylole



Karol Horosin – Engineering Manager, Netacea

As well as his role as Engineering Manager at Netacea, Karol is the founder of an AI sentiment analysis product sentimatic.io. He is a frequent conference speaker and writes online about programming, product development and startups on his personal blog.

https://www.linkedin.com/in/horosin/

https://twitter.com/horosin_


---

Send in a voice message: https://podcasters.spotify.com/pod/show/netacea/message

In this month’s episode, we start by focusing on the real-world impact of bots (scripts used to automate tasks and exploit business logic). In the UK, bots are being used to book up every available driving test before reselling them for profit; meanwhile in the US, gig workers delivering groceries are losing out to bots that hoard the most profitable delivery jobs. Our panel explains how this happens and discusses what can be done to stop it.

Meanwhile, the social media landscape is shifting rapidly. Free, unlimited access to APIs has become a thing of the past for users and businesses reliant on Twitter and Reddit. Fake accounts are still a looming problem across platforms, forcing the much-hyped IRL to close permanently. Are social media businesses taking the right approach to data scraping, fake account creation and access to their services, and will Meta’s Threads disrupt the industry?

Finally, we take a fresh look at ticket scalping considering legislative measures taken by the State of Victoria for Taylor Swift’s tour in Australia. Will it be enough to deter the touts?

Host

Dani Middleton-Wren – Head of Media, Netacea

Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.

Panel

Matthew Gracey-McMinn – Head of Threat Research, Netacea

Matthew is an experienced Cyber Threat Intelligence professional with an MPhil from the University of Oxford. In his current role at Netacea, he researches and investigates the impact of malicious bots on online businesses and their customers.

Chris Collier – Head of Solution Engineering, Netacea

Chris is an experienced technical manager who joined Netacea in 2021. Since this time, he’s helped countless clients onboard with our bot management product, ensuring they get a solution that fits their business needs and integrates with their existing platforms.

Paulina Cakalli – Lead Data Analyst, Netacea

Paulina works closely with Netacea's Data Science and Threat Research teams to develop new models for detecting anomalous web traffic, combining this with machine learning to produce recommendations for clients. She is a rising star in the world of data science, encouraging other women to enter STEM careers via various international speaking opportunities. She is co-founder of BSides Tirana, an international security conference. She received her masters' degree in mathematics and informatics engineering at the University of Tirana, where she was later an assistant lecturer.


---

Send in a voice message: https://podcasters.spotify.com/pod/show/netacea/message

A fresh Netacea panel of cyber experts are on hand once again to discuss the latest developments in security and bot-related news!

This month, in light of OpenAI CEO Sam Altman standing before US senators and requesting regulation of AI businesses, we give our views on whether one body – or even one nation – can or should regulate this rapidly developing industry.

Universal Music Group also instigated the removal of 7% of AI-generated tracks added to the service via Boomy, opening a debate about automated music creation, artistic copyrights and privacy, how AI models learn to make music, and how humans are influenced to create and consume music.

Also, with 69 arrests made by the Spanish police over a scalper bot ring targeting immigration appointments, our panel ponders how the approach to stopping such attacks differs depending on the target and industry.

Finally, credential stuffing is our attack of the month. As long as people reuse passwords across services, credential stuffing will be a viable attack – is it time the industry moved on and found a better way to authenticate users?



Host

Dani Middleton-Wren – Head of Media, Netacea

Dani is a cybersecurity writer and marketing specialist, who strives to decipher the mysteries behind complex cybersecurity subjects and deliver them to a wide audience. Since joining Netacea in 2019, Dani has used her experience in journalism and analyst relations to create compelling external communication strategies that effectively articulate the threat of automated attacks.



Panel

Cyril Noel-Tagoe – Principal Security Researcher, Netacea

Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.



Chris Collier – Solutions Engineering Manager, Netacea

Chris is an experienced technical manager who joined Netacea in 2021. Since this time, he’s helped countless clients onboard with our bot management product, ensuring they get a solution that fits their business needs and integrates with their existing platforms.



Andy Lole – CTO, Netacea

An experienced tech and product leader, Andy’s held leadership roles in digital marketplaces across real estate, travel and classifieds marketplaces. He’s developed and operated B2B SaaS tools and services, and core commercial platforms. At Netacea he focuses on expanding product delivery capabilities and customer experience.


---

Send in a voice message: https://podcasters.spotify.com/pod/show/netacea/message