SD: Please share your company background, how you got started, and your mission.
GroupSense: GroupSense was founded in June of 2014 and was co-founded by me and Tom Richards. At the time we first met, Tom was consulting for a large, global financial services company where he was doing penetration testing. He noticed credit card number information was being sold and traded right out in the open on the internet, so he worked to collect and remove that card information, which ended up saving the company millions of dollars in associated fraud costs. Tom wanted to be able to help more companies in this way and knew that a combination of human intelligence and a software solution would make for a successful venture, and thus, the idea for GroupSense was born.
From that concept, we worked closely together in the early years of the company developing TraceLight, which is our automated, cloud-based platform that performs advanced, real-time data collection. The solution centralizes deep and dark web data, threat actor tracking, attribution, and much more. Today, it stands as the world’s largest breach database. Then, we worked together to pitch new clients and completed several proofs of concept for some large enterprises, and from there, the company took off. We hired the best cybersecurity talent available and built out our threat intelligence analyst team to help support our growing customer base.
GroupSense’s mission has, and will always be, to eliminate unexpected cyberthreats and risks from our clients’ businesses by utilizing the best intelligence, which we believe is the combination of human intelligence and automated technology.
SD: What is the main service your company offers?
GroupSense: GroupSense understands the pressures that enterprise security teams face today. Chief among those is infrastructure overload—security pros simply don’t need “yet another product to manage,” adding yet another layer of complexity to the ever-present tool fatigue problem. Because of this, at GroupSense, our specialty is delivering finished intelligence (intelligence as a service) to our customers—on intellectual property, brand assets, data, and more—that is ready to be fed into systems and incident response processes, while also providing mitigation services where possible.
As mentioned above, GroupSense combines big data technology with a world-class threat intelligence analyst team that provides the human intelligence necessary to get the job done. The company uses “undercover” techniques used by law enforcement and national security organizations, so threat actors gain trust in the company’s analysts and provide them with the information they need to protect our clients.
SD: What is something unique that helps you stay ahead of your competition?
GroupSense: Enterprises rely on cyber intelligence to inform them on how to allocate their cybersecurity budgets, which is why they subscribe to an average of four security intelligence feeds. However, because these feeds provide “one size fits all” intelligence, they must be manually analyzed and processed by security teams before they can operationalize the useful intelligence in each feed. And, with security teams stretched incredibly thin, this analysis typically does not occur.
GroupSense has taken security intelligence to a new level, making us very competitive in the marketplace. First, the company defines each customer’s digital risk footprint, understanding and prioritizing different points of vulnerability. Then, GroupSense combines automated and human intelligence gathering and analysis to deliver customized security intelligence to each customer. And when that intelligence arrives at the customer’s site, it is ready to be operationalized – there’s no need for further analysis or processing. This is extremely powerful to our clients because cybersecurity threats can be identified, addressed, and mitigated much more quickly.
SD: What do you think are the worst cyberthreats today?
GroupSense: Since the start of the pandemic, the U.S. Federal Bureau of Investigation (FBI) has reported a 400 percent increase in cyberattacks. And, since the end of July this year, the FBI also reported a 62 percent increase in reported ransomware incidents since the beginning of the year compared to the same time frame last year. The sad part is, this is only what’s documented. There are many more incidents that don’t get reported.
Ransomware attacks, by far, have become one of the most pervasive threats to enterprises of all sizes. Even though customized threat intelligence is our main service offering, ransomware preparedness, negotiations, and mitigation services have also consumed much of our time over the last 18 months since the pandemic began. To date, we’ve done hundreds of negotiations for clients – many of them being small- to medium-sized businesses where a ransomware attack can mean a business-ending event if they can’t get access to their data to get operations up and running in a timely fashion.
What’s most frustrating about this wave of attacks is how preventable they are. Based on our response to many ransomware attacks for our clients, we record the ways that threat actors gain access to these companies. In most cases, it’s a very short list of basic cyber hygiene practices that have not been implemented at all or not implemented properly. Companies need to ensure that they enable technology such as multi-factor authentication and backups, have a strict password policy in place, secure remote access as well as carefully review email policy. Many companies tend to take a “we won’t be next” approach, which can end up being their downfall. However, implementing these strategies is easy and cost-effective, so my hope is that by continuing to educate companies about the ways they can reduce their risk, we can help make even a small dent in reducing the number of ransomware cases that occur.