Tech Chat – June 2025

Who do we think you are?

In a former job, in a former career, my then-colleague Rupert was not a team player. This was in the days of leaving-cards and leaving-gifts, and he always thought it terribly funny to write “F off” in the card, with no signature. The leavers were no longer of interest to him. You can imagine what happened when he resigned: a card pleasingly inscribed by every one of the remaining staff just saying “F off”.

We all know the people in the office who wouldn’t even think to change the bottle on the water cooler, refill the paper in the printer, or find the new box of tea bags themselves. Along with the ignorant, who don’t know better, that cohort of the “entitled” represents the biggest threat to a company’s cybersecurity, believing it be somebody else’s problem: “IT should have it covered”; “surely we’ve got insurance”; “well the email shouldn’t have got through for me to click on it”. Whereas the refilling-the-printer behaviour makes you wonder if anyone ever empties the dishwasher in their house, their cyber risk behaviour puts the whole enterprise at risk.

We published our Tech Sector Report this week, focusing on the cybersecurity ecosystem, and explaining it in context of a walled city: its tower, soldiers, citizens, gates and secret passages. Previous Tech Chats have discussed Managed Detection and Response, which is the outsourcing of shared cyber defences that put cyber services in reach of smaller businesses, previously only available to larger enterprises. Today’s Tech Chat focuses on identity, and behaviour.

Identity is everything in cyber. In our metaphorical walled city, with proper credentials only appropriate people can get into the city; only appropriate people can access the most important areas of the city (the treasury ie where the data is stored); and the identities of citizens in the city can always be routinely and repeatedly authenticated.

I can’t tell if you are the “Rupert” who, every day, puts tissues in the recycling bin that is clearly marked “no tissues”, but I know it’s someone’s typical behaviour. Translating this to the real world, Celebrus, in digital terms, does know your typical behaviour, and monitors it in real time. For instance, while a quick check of your bank account doesn’t appear to be outside your own behaviour patterns, Celebrus’ platform deployed within a bank constantly scans what you’re doing, creating a profile of the “normal” you. If I log in but I apply for a loan, this raises red flags, that’s an easy checkpoint. It’s not just what I’m clicking on – it tracks my mouse movements, pauses, and typing patterns too, assessing all my usual behavioural traits, to accumulate a risk score which will trigger alerts when it exceeds a threshold. When I try and send money to another account for the first time, having been behaving unusually, the digital shutters come down and further checks are initiated.

Where GBG is deployed, when I log onto a website to buy tickets/items, my digital journey and how many personal details I need to share is based on the risk of my digital footprint on the website, accessing over 100 data sources (way beyond just corroborating home address and postcode) to prove that it is me. Location and identity verification are fundamental to straightforward fraud prevention.

Intercede’s Credentials Management System sits at the top of the Identity Pyramid, providing digitally certificated ID to provide/restrict access in the multiple US Federal Agencies – including, we suspect, both the most authoritative, and the most secretive, of them. The quality of Intercede’s MyID CMS is such that in RFPs for secure IT environments in these Agencies, it has been the case where MyID is the Credentials Management platform in each syndicate.

Identity is everything – and combining Rupert’s ID card with Rupert’s facial recognition on a third-party device, to confirm it’s Rupert logging into Rupert’s PC, and watching Rupert continuing to behave as Rupert usually does, we’re more certain it’s definitely Rupert. Once those risks are covered, we’ll have made a lot of progress to securing the cyber environment. We are confident that identity and behavioural analytics are essential, and strong growth, sectors.

Happy Friday