Interview with Steve Thomas - CEO at HackNotice

Shauli Zacks Shauli Zacks

SafetyDetectives spoke with HackNotice CEO Steve Thomas about how to protect your online privacy, the latest cybersecurity threats, how AI and ML can mitigate security breaches and data leaks, and more.

Can you talk about your journey and what motivated you to establish HackNotice?

Around 15 years ago, I took my first steps into the cybersecurity sector. Then, a decade ago, I made the bold move of leaving a fantastic job to create a cybersecurity startup from scratch. This startup became the first of its kind to offer a compromised credential monitoring service. I nurtured its growth and subsequently sold it. Though we provided an excellent service, we didn’t effectively address the human side of threat intelligence.

A few years back, I found myself at the receiving end of a severe data breach. The company responsible for the breach inadvertently exposed all my private, sensitive data. Initially, they assured me that my data wasn’t compromised in the breach. But, to my dismay, they later informed me that it indeed was. This marked the seventh time in that year alone that I was caught up in a data breach. Despite my expertise in security, I was struggling to keep track of all the ways hackers were targeting me and my data. I then realized the need for a comprehensive, real-time threat alert system that could keep me informed about when and where my data was at risk. This realization prompted the inception of HackNotice.

What are the main services offered by HackNotice?

In general, HackNotice provides security teams with the ability to monitor and understand one of their hardest attack surfaces to monitor, the human attack surface. Our clients can keep track of their third-party vendors, employee identities and websites employees use, end-user clients, and any of their critical human resources. From there, we provide details about the threats to those resources, how hackers are gathering information about their business, and what attacks they are likely planning. With us, businesses identify and stop attacks before they occur, on both a company and human level.

Our services include: corporate domain threat intelligence monitoring, third-party data breach monitoring, end-user account takeover monitoring, real-time research on over 40 billion hacker-stolen records, and our Teams platform, which gives a digital identity protection service to every employee, helping them identify their threats and protect themselves from fraud.

It seems like personal data is constantly being targeted, and hacks and leaks are always in the news. What key steps can individuals take to enhance their online privacy and safeguard their sensitive information?

Absolutely, the web’s a wild place and personal data is a hot commodity! Here’s how you can stay safe:

  • Tighten those privacy controls on social media platforms; we’re looking for Fort Knox, not an open house party.
  • Be picky with websites – if it looks sketchy, it probably is.
  • Don’t give out your info like Halloween candy. If a site doesn’t need it, don’t hand it over. In some cases, you could even give fake info.
  • Double up your protection! Turn on multi-factor authentication and make every password unique like a snowflake.
  • Keep an eagle eye on your financial and medical reports – quick responses to discrepancies can save you big time.
  • Put a password manager to work – it’s like a digital vault for your codes. And, sign up for free credit monitoring and identity theft services – think of it as your online bodyguard.
  • And, of course, get yourself on board with free services like HackNotice. It keeps you in the loop on how your info’s being trafficked and helps you stop hackers in their tracks.

So, keep it tight, keep it right, and let’s keep those hackers out of sight!

What are some of the most prevalent cybersecurity threats that individuals and businesses face today, and how has the threat landscape evolved in recent years?

The king of threats has always been social engineering – old-fashioned trickery to get people to do stuff or give up access. The aim hasn’t changed much: wire fraud, financial fraud, identity theft, account takeover, or, sometimes, just messing with lives. Nowadays, it’s more common to see data breaches and ransomware attacks, with bad guys holding businesses to ransom.

Things get extra spicy when you add in all the data stolen through breaches, leaks, and ransomware attacks.

We’ve seen a shift in how these threats play out, too. What used to go down in emails is now happening via social media DMs, SMS smishing, voice vishing, and a bunch of other communication routes. Usually, it all leads back to the same nasty outcomes: wire fraud, financial fraud, identity theft, or account takeover.

Businesses, in particular, are grappling with the growing threat of ransomware, data incidents via third-party vendors, and operational disruptions due to their infrastructure (or their vendors’ infrastructure) getting hit with ransomware.

And let’s not forget, what used to be a steady stream of shared intel among hackers has turned into a deluge. These guys know a scary amount about everyone and, with the aid of AI, their attacks are becoming more potent and more successful than ever before. So, the stakes have definitely ramped up!

How does HackNotice leverage artificial intelligence and machine learning to detect and mitigate security breaches and data leaks?

You bet, we’re big on using AI and ML to get the skinny on security events. Each data breach gets a once-over by our AI to understand what kinds of data got breached and how hackers might leverage it against future victims.

Our AI is also a pro at dissecting and classifying each record from data leaks and trying to suss out what kind of data is in there. This helps folks understand the kinds of attacks and fraud going on.

But we don’t stop there. We’re using AI to whip up new training videos faster than you can say “data breach”. We’re all about keeping folks up-to-date on emerging threats and attacks.

And speaking of staying fresh, we’re using AI to create phish testing campaigns for our clients, so they never have to settle for stale, outdated phishing templates. So, yeah, AI and ML are our trusty sidekicks in the fight against data leaks and breaches!

Could you share some insights into the types of data that are commonly found on the dark web and why this information is valuable to cybercriminals?

Hackers are like the gossip mongers of the cyber world, always keen on sharing your info to help each other craft their sneaky attacks. They used to get a kick out of sharing stolen emails and passwords. Even nabbing accounts at places like Chipotle and Domino’s to score free meals off your reward points!

But over the last five years, they’ve upped their game. They’re sharing more personal stuff about you, like where you live, who pays your paycheck, even your hobbies. All this intel helps them with social engineering attacks like phishing, vishing, smishing, you name it.

Ransomware victims aren’t safe either. Hackers steal all their info and, if they don’t pay up, the hackers air their dirty laundry: confidential files and trade secrets galore!

And the cherry on top? Hackers just can’t resist bragging. They’ll announce data breaches they’ve pulled off months or even years before the companies get around to making it official. The dark web’s a wild place, for sure!

About the Author

About the Author

Shauli Zacks is a tech enthusiast who has reviewed and compared hundreds of programs in multiple niches, including cybersecurity, office and productivity tools, and parental control apps. He enjoys researching and understanding what features are important to the people using these tools.