Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
7 min read

CyberNews: Businesses should understand – it’s not a matter of ‘if’, but ‘when’ they’ll face an attack

Feb 9, 2022 2:42:32 PM

CyberNews interviewed GroupSense's Director of Intelligence Operations, Bryce Webster-Jacobsen, about cyber attack landscape and its business impact. Below is a transcript of Bryce's interview with CyberNews. 


Protecting your business from various cyber threats, however likely or not, is crucial. But it’s not always enough to just implement a number of cybersecurity tools and call it a day.

If a cyber attack happens, the question becomes, what is the best way to deal with it? There are a lot of misconceptions, especially regarding ransomware, floating around about how to negotiate and respond to cyber threats and demands.

We reached out to Bryce Webster-Jacobsen, director of intelligence operations at GroupSense, a cyber reconnaissance and expert ransomware negotiation service provider. Bryce told us more about analyzing potential threats and provided insights about the best cyber protection measures to take, and the most efficient ways to negotiate and mitigate ransomware attacks.

GroupSense has been growing exponentially since your launch in 2014. What was your journey like?

We’re a bootstrapped company, and our co-founder and CEO Kurtis Minder has grown it in a very organic way since its founding in 2014. Our unique offering, which combines the best of human intelligence and automated software technology, helps our customers eliminate unexpected cyber threats from their businesses. It’s the quality and effectiveness of our differentiated solutions and services that have made GroupSense into the successful, fast-growing company it is today, and it is what continues to attract and generate value for top-tier customers from nearly every industry around the world.

For those who might not be familiar, can you briefly explain what cyber reconnaissance is?

Cyber reconnaissance gives customers a holistic view of their threat landscape. How that is done plays a large role in whether it’s successful or not. 

At GroupSense, we’ve taken cyber recon to a new level. First, we define each customer’s digital risk footprint, understanding and prioritizing different points of vulnerability. Then, we combine automated and human intelligence gathering and analysis to deliver customized security intelligence to each customer. And, when that intelligence arrives at the customer’s site, it is ready to be operationalized. There’s no need for security teams – who are already stretched thin and overworked – to manually analyze or process the information. GroupSense delivers finished intelligence reports, contextualized with analysis, and recommendations the client can implement. This is extremely powerful because cybersecurity threats can be identified, addressed, and mitigated much more quickly. This is cyber reconnaissance at its best.

Besides providing threat intelligence solutions, you also specialize in ransomware negotiation. Can you tell us more about the ins and outs of this practice?

First and foremost, companies shouldn’t try to negotiate directly with ransomware actors. The negotiations are tenuous, requiring a specialized understanding of the ransomware actors on the other end of the negotiation. So, it’s critical to employ expert negotiators backed by analysts and research groups that can help to secure significant reductions in ransomware demands and lower mitigation costs. GroupSense handles negotiations from the very beginning of engaging with the threat actor all the way through to facilitating a cryptocurrency payment. We also offer a comprehensive ransomware readiness plan service called Ransomware Response Readiness Subscription (R3S). It ensures companies know how to prepare for a ransomware attack, and what to do once they’ve already been attacked.

Additionally, what are some of the things that, under any circumstances, shouldn’t be done when dealing with a ransomware attack?

One of the longstanding myths out there is that you shouldn’t ever negotiate. Unfortunately, in many cases, there is no choice but to do exactly that – or risk losing critical data necessary to keep the business running. As mentioned previously, it’s essential to leave negotiating to professionals, but here are just a few of the tips expert negotiators follow: 1) avoid confrontation – it’s pointless and can cause a complete breakdown in discussions, 2) understand all of the options – best case, worst case and everything in between, 3) offer specific figures and avoid using ranges and round numbers, 4) never lie, always be truthful, and 5) be careful about your word choices and how they may be incorrectly interpreted by others, such as those who speak a different language. Using these and other rules as a guide can go a long way toward achieving the outcome you want.

It seems like the pandemic tested cybersecurity worldwide. What are the main takeaways?

It’s true, the pandemic put a major strain on cybersecurity, which was already generally vulnerable in many organizations. With COVID-19, we saw companies try to rapidly deploy remote, distributed workforces on a scale we’ve never seen before. And with that, ready or not, all company systems, applications, and content had to be moved to distributed platforms. Amid the rush to enable employees to work remotely, security was often just an afterthought. Basic security protocols – like VPNs and multi-factor authentication (MFA) – weren’t employed, and this opened up huge security gaps, particularly with vulnerable remote access tools. Many large ransomware cases and other cyberattacks that have occurred could have been prevented by enabling MFA or other common security practices. As a result, today, there is much greater awareness of the importance of putting basic security hygiene in place before an attack happens. At this point, all businesses should understand, it’s not a matter of if, but when they’ll face an attack, so they need to ask themselves now if they’re prepared.

In your opinion, should small businesses and large companies approach cybersecurity differently?

Basic cybersecurity hygiene needs to be in place regardless of a company’s size. Certain protocols are standard across the board, but there are other things that need to be tailored based on a company’s size. While larger organizations are typically more lucrative targets, smaller businesses need to take preventive measures to stay vigilant now more than ever – with remote working on the rise. Small businesses need to be diligent about things like 1) regularly updating software, operating systems, and web browsers, 2) using quality antivirus software, 3) never clicking on unsafe links or opening suspicious email attachments, 4) using VPN services on public Wi-Fi networks, 5) not disclosing personal information, and 6) employing two-factor authentication (2FA) or MFA and a password manager.

What enterprise security issues are often overlooked but could pose a significant threat to one’s company?

It’s hard to believe, but basic cyber hygiene is routinely overlooked. But these simple tools can make a difference in how an attack impacts your company: 1) ensuring 2FA or MFA is used on everything in the business, 2) strong email policy that includes restricting access to personal email on all company devices to minimize phishing attacks, 3) publish, and proactively enforce, a password policy and using a credential monitoring service 4) safeguarding remote access and remote employees with VPNs and 2FA or MFA, among other tools, and 5) ensure you actually have working backups, and that they not only include what your cloud storage provider offers, but also one manual backup of all data that resides offsite. And be sure you’re testing backups regularly!

What kind of cyberattacks can we expect to see in 2022?

In terms of cyber trends, this year, I think we’ll continue to see ransomware groups break up and rebrand – as we saw with BlackMatter in 2021. As I always say to our team, “reinvention is a survival skill” for most cybercriminals, and this practice will carry on for a range of reasons, including increased law enforcement attention.

And as ransomware attacks have increased, so have cyber insurance claims and losses, so I believe requirements or prerequisites for getting cyber insurance coverage will also increase. Companies will rely on this insurance as ransomware attacks keep rising. So, the ability to cover not only the ransom but also all expenses related to recovery is needed. Finally, we may see more threat actors targeting SMBs to stay under the radar and avoid the scrutiny that comes with going after higher-profile organizations.

And finally, what does the future hold for GroupSense? 

GroupSense’s mission has, and will always be, to eliminate unexpected cyber threats and risks from our clients’ businesses by utilizing the best intelligence, which we believe is the combination of human intelligence and automated technology. We’ll continue to build on these solutions and services that deliver unmatched value for our world-class customers and partners, fueling the innovation and organic growth that allowed us to launch GroupSense seven years ago.

by Kristina Jarusevičiūtė, CyberNews

Read the original article > 


About Bryce Webster-Jacobsen

IMG_7635 copyBryce is the Director of Intelligence Operations at GroupSense, a leading provider in Digital Risk solutions. Bryce leads the day-to-day intelligence activities of GroupSense's Analyst and Research teams producing finished, tailored intelligence for our diverse clients.

Prior to GroupSense, Bryce worked in strategic international education initiatives while pursuing OSINT training and investigations, primarily focused on studying extremist movements, as a passion project.

Topics: News

Written by Editorial Team

Featured