Ben Owen is a cybersecurity speaker, covert operations expert, and former British intelligence officer, known for his role on Channel 4’s Hunted and Celebrity Hunted. With a career spanning counter-terrorism, surveillance, and cyber risk, he now advises organisations on digital threat resilience and insider risk. In this exclusive interview with Champions Speakers, Ben Owen shares his insights on the evolving landscape of cybercrime, the rise of insider threats, and why businesses must prioritise people-focused security strategies.
Q: With advancements in machine learning and AI reshaping both defensive and offensive cyber capabilities, what role do you see these technologies playing in the evolution of cybercrime?
Ben Owen: I guess I should touch upon it because it’s a hot topic—but artificial intelligence and the use of machine learning technology is, of course, one of the biggest subjects out there. It can be deemed as good and bad—or both. It can help identify patterns and anomalies in large datasets, enabling quicker and more effective responses to cyber threats.
But conversely, it can help attackers understand the exact same large datasets and gather intelligence quicker for nefarious actions.
It’s also allowing attackers to build incredibly complex and believable alias profiles online — fake accounts, so to speak. Once again, this is used for trickery. And I keep using the word “trickery” because that is essentially how we’re being targeted at the moment—we’re being tricked.
Biometric authentication is also advancing really well. Biometrics — fingerprint, facial recognition — offer unique and secure identification methods. Integrating these authentication methods into systems enhances security and reduces the reliance on traditional passwords.
We’re seeing that everyone is susceptible to breaches with passwords—particularly in the personal space, which is often where cybercriminals are going. I feel as though we’re in a strange global lull with cybersecurity at the moment. It’s such a busy period—with good and bad news, worrying news, concerning news, advances in technology — it’s quite a confusing space.
So, I just think it really is the perfect opportunity to take time and focus on the people in the organisation and the staff’s personal digital spaces, whilst technology almost sorts itself out.
Q: As someone operating at the intersection of human intelligence and cybersecurity, where do you believe the most critical vulnerabilities lie for today’s organisations — and how are attackers exploiting them?
Ben Owen: In my opinion, the biggest threat to business is employees’ personal digital space. I sit in that horrible grey area between businesses’ technical infrastructure and physical infrastructure. And I sit somewhere in the middle there, lurking around, finding the vulnerabilities. I’m seeing a huge increase in attackers targeting the people and not the technical infrastructure of the company.
I guess it’s all about the lane of least resistance for an attacker. How can they make the most amount of money—if that’s their motivation—in the easiest way without getting caught?
This is very often targeting the people at the business, and we upload and share an enormous amount of information online every day, even without realising it. For example, leaving a Google review is identifiable by an attacker and provides a really good opportunity to socially engineer you — get you to click on that link, download a voucher onto your system, believe that phone call, or whatever that approach might be from the attacker.
Essentially, the more you post online, the more services you subscribe to, the easier you are to trick. And “trick” being the important word here. This is simply an attacker tricking the human brain. Take all the technical jargon out of the way. You hear all these fancy phrases like “advanced persistent threats” (APT) and other terms like it, but really it boils down to trickery. If an attacker knows you intimately online, they’ll be able to trick you. It’s that simple.
Lastly, I just want to point out the significant increase of the insider threat—that’s a big threat we’re seeing at the moment. This is becoming particularly prevalent in large organisations, where it can be really difficult to identify those red flags. As mentioned previously, attackers go for the lane of least resistance. If an attacker has an easier, quicker, or safer option to recruit from within, they will. How do they do it? Again, it all depends on what they find online. But the main ways they’ll do this — number one is for financial incentive, number two is blackmail.
Again, how? They simply conduct open-source intelligence gathering of a select few people in an organisation and see what they can find lurking around on the web. And once again, you’ll be very surprised at what an attacker can find: dating sites, gambling accounts, and all sorts of personal information they can use against you. So they’re my main threats to organisations.
Q: Many companies focus cybersecurity efforts on senior leadership and infrastructure — what overlooked areas should businesses be prioritising to better defend against modern threats?
Ben Owen: I think first and foremost, the realisation that it is not just the C-suite that are targeted — it’s actually quite the opposite.
If you look back in history and understand how intelligence services have worked for centuries, you understand that they get most value from those that are not actually the people deemed as the most important roles. Why is that? Well, it’s really simple, because naturally their target is down. The target that’s not the person that’s super aware and super vigilant to security. The people in the bigger roles are not as aware as the people in high positions. This is exactly the mentality of the hacker. They’ll target new joiners—people that are easily influenced.
You know, 75 per cent of workforces are still remote. I mean, it’s not an exact statistic, but globally we’re talking around 75% are still remote workforces. This means that some people who have joined your organisation might not have even met a potential line manager. They certainly probably wouldn’t have met people in the Human Resources department.
So this fact, coupled with them being a new joiner and if they’ve got a large digital footprint, equals that person is a huge target.
They will infiltrate their personal environment and then start to pivot and go on to their work networks. And that’s where they’re going to be targeted. I guess recommendations—solutions, really — is understand that grey area and address it. Don’t shy away from it. And by talking about the grey area, that’s the staff member’s personal digital footprints.
You can have those difficult conversations with your staff regarding those digital spaces, and it doesn’t have to be awkward or come across as oppressive and obtrusive — looking into their personal life. You can make it fun and engaging. Ultimately, what you’re teaching them is benefiting their families too. So just getting that message across is really important.
Continuous trainings — but not clicking on buttons to appease the IT department. You know, the generic sort of annual training you get. You click on buttons and you subscribe and you say, “Yeah, I’ve done it,” and it goes off to your line manager. Make them fun, interactive, engaging — with real learning points that they can take away for themselves and their family, and they’ll remember them.
And remember to train those people that are not in leadership and what are deemed as important roles first — then work up. Because 90 per cent of the time this isn’t done. Companies work from the top down, and that’s the wrong way to do it.
This interview with Ben Owen was by Mark Matthews.
