Speaker 1: Hello and thanks for joining us. I'm Holly Shields for Kalkine Media, welcoming you all to another edition of Executive Corner Expert Talks. In this edition, I'll be shedding light on Summits, which develops algorithms based on data mining, AI and machine learning techniques to offer high value-added technological solutions to their clients. And joining us today to share his insights is the CEO of Summits, Mr. Javi Moncayo. Javi, thanks for joining me today. It's great to have you with us.

Speaker 2: Thank you for inviting me. This is so exciting.

Speaker 1: It's a pleasure to have you on. First of all, what would you say are the optimum ways of securing the web?

Speaker 2: Okay, so cybersecurity presence is increasing in organizations. Lately, awareness of the threat of cybercrime is growing. However, metadata is the forgotten element of companies' information security strategies. As you know, there are many well-known ways to make a website secure. SSL certificates, anti-spam filters, DDoS. However, from our experience at Summits, we have found that companies are not prepared when it comes to managing their metadata and the danger it represents in terms of privacy and security. The massive presence of the metadata on websites generates data leaks. This is a threat for the information security. So, cybercriminals find enough information there to learn about companies' weaknesses, prepare phishing and malware attacks, most of them having serious financial consequences.

Speaker 1: That's interesting. It sounds like the impact can be quite severe, especially with the risks that you just mentioned. Is that something you see often with your clients, that they're exposed to this kind of risk?

Speaker 2: Yes, it is something that happens on a daily basis. We see this type of exposure of private

Speaker 1: information every day. Wow. And how do you mitigate those risks?

Speaker 2: It depends on the type of risk we are talking about. So, if we are talking about metadata leak information, we offer some solutions to companies. If they are exposing, I don't know, open parts of the company to cyberattacks, then the mitigation should be done in a completely different way.

Speaker 1: Can you tell us a bit about those solutions that you mentioned?

Speaker 2: Sure. Depending on what we are talking about, we have different tools. So, in one hand, our first product was Verix, which was a web scanner that analyzes the metadata content of the website's files. So, in this case, it focuses on what the metadata content is and if it represents a breach of the GDPR, which is privacy regulations in Europe, if it reveals personal data. As a solution for that type of data leaks, we have what we have called MetaWash, which is our cloud-based solution to allow companies and users to remove the metadata that might leak relevant information. So, when we are doing a different type of experience for companies, we have recently launched training for companies, which we call our Summons Phishing Experience, which is an immersive training where employees receive phishing attacks to monitor and feel the vulnerability firsthand. With all of that information, there are some other things that we have done, like taking some technologies out of context, like computer vision or natural language processing, apply all of those to the metadata field, and then get some conclusions and some experiments. Some of those cases have led us to super successful cases where the privacy of thousands of people was completely breached and was exposed on the internet completely

Speaker 1: open and with no legit purposes. Wow, that sounds quite extensive.

Speaker 2: It is. Given the size of the internet and given the amount of data that we exchange on a daily basis now, the amount of metadata we share publicly, it is huge. So, all of this data, for example, every time you send a picture to anyone, you do it through a channel, WhatsApp, Telegram, or Instagram, any social platform. In any of those cases, it's up to the platform if they remove the metadata or not. So, what will happen is you might end up exposing where you took a picture, or if you are marking your pictures with watermarks, all of that information can reveal a lot of track where that picture is coming from. And then, if you take all of that info and you use it for a purpose that is not legit, then it's a huge problem for the author of

Speaker 1: that asset. I can imagine, right? I can imagine that's the case there. It sounds like there's a lot of data available and in a way that I think most people wouldn't be aware of, which is probably why it's good that you mentioned they offer educational courses. Yes, we do. So, when we

Speaker 2: started all of this project, we didn't expect the metadata we found being that extensive. So, we didn't expect to have, we have currently identified more than 2 million different types of metadata. But interestingly enough, only 1% represents personal information. So, the challenge there is how do you classify all of that information at scale? So, there is a process that cannot be done manually. So, that pushed us to develop AI classification systems based on what the content is, based on what it represents, and then put it in context of the legislation that applies in the country. This is if we talk about files, traditional files like PDFs, presentations, etc. If we are talking about more modern assets like pictures or videos, even if it is on our day-to-day life, what might happen is you might want to include inside of the file some content to mark those pictures as your property. So, when it happens, even if it is done as a security measure, what can happen is when someone steals this information and uses it for a non-legit purpose, you are exposing who was the original owner of it. What happens is a case where we took part was a well-known dating app. It was stolen like thousands of pictures of the users. All of these pictures were used to set up several fake dating apps to attract naive users. So, as you can imagine, the problem of the privacy there is huge because imagine all of these people, they have developed their lives, those pictures were taken a few years ago, and now they are available on the internet on another fake dating app, which might cause personal problems to all

Speaker 1: of these people. Wow, it sounds like the scam that you're referring to can be quite sophisticated.

Speaker 2: Yes, in this particular case, what we did was to apply computer vision techniques to pictures in order to identify some traces from a particular company. So, it depends on how we define metadata because traditionally it was some labels, texts, and so many things related with classification. But what if nowadays we can include metadata within the content of the asset, like a picture and a watermark? So, in that case, the traditional way to classify metadata doesn't work. You cannot apply a tag in the same way. So, you need something to dynamically identify all of that meta information that is contained within the information of the asset. And that's where your

Speaker 1: AI and machine learning technology comes into play, I believe. Yes, sure. So, all started with

Speaker 2: the amount of data we process. So, given the amount of exposure to information that we have, we collected it. So, we start applying these big data techniques, obviously. And then from that point, we start splitting it and then, okay, this task cannot be done on a manual basis. So, we need to develop something to perform this task. When it comes, for example, if we are talking about computer vision, we have cases also where we have applied natural language processing in all of those cases to identify data leaks. In this case, it was city councils in Spain. Some other of our cases, the vast majority of it is related with classification of data. So, for us, as we manage that amount of information, if we are not able to classify, it's the same as if we don't have – we cannot give value to that information. So, the first thing that we need to do is, okay, this is valuable or this is not. So, we need to trim all of that. So, this

Speaker 1: is where we are at. Right. That's really interesting. It sounds like the technology that you employ makes your home operations a lot more efficient. Yes, yes, of course. So, the way we

Speaker 2: do it is basically we have deployed a botnet that is working with all of these algorithms and depending on what we need to do, where we need to do it, and when different parts of the system will be operating to perform those tasks. Otherwise, given the millions of documents we process on

Speaker 1: a monthly basis, it will be impossible to do it by hand. Right, I can imagine, definitely. And I think you mentioned earlier that you sort of have to, I suppose, categorize these documents by geography to assess the appropriate legislation, I think, for data laws, perhaps. Is that – that sounds rather difficult, perhaps. How large is your market internationally, the different

Speaker 2: geographies, I suppose, that you work with? That's a good question. So, we started in Spain for familiarity. So, then, I live in the UK. So, what we have done is, okay, the legislation is similar in both cases. But recently, we have started working with people in Mexico, Texas, where the legislation that apply coming to privacy are dramatically different. So, for example, in Mexico, it is more related to Europe, somehow. But in this case, in the US, it is completely another new world for us. So, the way we do that is we normally talk with experts from the country, we get their tips, we implement the tips, we work with them hand-by-hand, and then let's see how we can adapt all of this classification depending on where we are to see if it represents a problem or

Speaker 1: not. Well, it definitely sounds like you're doing your due diligence there when it comes to working with several other markets. And it sounds like you are managing that challenge quite well, I must say. And, you know, Javi, one thing I want to ask you, just before we wrap up, is what we can look forward to seeing from Summons in the upcoming year ahead? So, we would like to continue developing

Speaker 2: innovative solutions to protect the privacy of users and organisations. The way we will do that is by making sure all of our algorithms are evolving in the same way as the regulation, depending on the geographies we are working at. And we're making sure that our algorithms are accurate enough to not make any of our customers have any data breach. Right, I think that's very

Speaker 1: important. It sounds like you'll have a lot of growth ahead of you and a lot of improvement in your systems and services, and I definitely look forward to seeing all of that. With that said, thanks very much for joining us on the show today, Javi. It's been really

Speaker 2: great speaking with you. Thank you for your time and I hope to see you soon.

Speaker 1: It's a pleasure to have you on the show. That was Javi Moncayo, the CEO of Summons. And if you missed any part of that chat, you can catch the full interview on our YouTube channel at Kalkine Media. And make sure to subscribe as well. I'm Molly Shields, reminding you to stay prized and investalized with Kalkine.