Tim Callahan, Senior Vice President and Global Chief Security Officer at Aflac, talked about how to build cutting-edge threat intelligence.
“We, as an insurance company, aren’t only dedicated to protecting our clients in a time of need, we’re dedicated to protecting their information,” stated Callahan at the outset of his keynote presentation at the 2016 Chief Information Officer Leadership Forum held on December 15 in Atlanta. “There have been so many breaches. There was a time when these would shock us. We’re not shocked anymore. They’re now the norm,” he noted.
The most popular threat in 2016 is ransomware, said Callahan. Some 40% of all businesses have experienced an attack, according to The Guardian, and the cost could reach $1 billion this year, according to zdnet.com. “The San Francisco Bay Area Rapid Transit System was attacked by ransomware. The attackers requested $73,000, which the Transit System didn’t pay. For a few days, users got to ride for free while the system was shut down. These threats are increasingly more difficult to manage,” he stated.
“The San Francisco Bay Area Rapid Transit System was attacked by ransomware. The attackers requested $73,000, which the Transit System didn’t pay. For a few days, users got to ride for free while the system was shut down. These threats are increasingly more difficult to manage.”
“Threat intelligence is focused on getting actionable information in enough time to do something about it. Weigh your risk, know what you’re doing, and align threat intelligence with your organization and your mission. Be clear about what you’re protecting, and tailor your program to do that. Understand technology, and don’t implement it until you know what you need it to do,” Callahan advised. “The next decision is what will be built in house and what will be outsourced. Lastly, who will staff it? Make investments in your threat intelligence team. It’s not one profession. It’s a series of disciplines that builds this,” he explained.
“Understand your risks,” Callahan emphasized, “and make sure you’re building partnerships with the business. Understand the business’s goals, needs, and risks. Analyze risk exposure and understand how risk aligns with the company goals. Knowing risk appetite can help prioritize actions. It’s valuable, if you can, to get an independent assessment. That can add credibility.”
The next step is investing in services and technology, he said. “Access intelligence sources such as those of the Department of Homeland Security. We have a dark web provider that gives us advance warning regarding threats so we can do something about them,” said Callahan. “Find basic analytics tools with minimum overhead and focus on APTs and forensics. In terms of platforms, assure that incident response, network defense, and threat analysis happens in real time. Utilize data sharing and automation.”
“Find basic analytics tools with minimum overhead and focus on APTs and forensics. In terms of platforms, assure that incident response, network defense, and threat analysis happens in real time. Utilize data sharing and automation.”
In terms of what to insource and what to outsource, Callahan believes the hybrid model is best. “I don’t know of any company right now that can do soup-to-nuts intelligence for you. The most important thing is knowing what you have. You can have the best intel in the world, but if you don’t have a particular vulnerability, having intelligence to detect it doesn’t matter. The hybrid formula is valuable because somebody has to know your environment.”
“I don’t know of any company right now that can do soup-to-nuts intelligence for you. The most important thing is knowing what you have. You can have the best intel in the world, but if you don’t have a particular vulnerability, having intelligence to detect it doesn’t matter.”
Regarding staffing, Callahan noted these required, key skill areas:
• Log management
• Net flow experience
• Willingness to do technical research
• Highly developed analytical skills
At the same time, staff must:
• Be able to make on-the-spot decisions
• Be oriented to business results
• Be able to communicate, engage, and influence
• Have organizational awareness
“I’ve heard that, by 2020, there will be as many as two million unfilled cybersecurity roles in the U.S. It’s difficult to find staff right now, and, in response, we’ve implemented a very flexible staffing model. Good staffing resources include ex-military because, even if they’re not specifically skilled in what you need, they often have security experience and aptitude along with enhanced focus, discipline, and execution. Data scientists are also a good resource.”
In summary, Callahan recommended looking within a company’s IT staff and being aware that years of experience and knowledge of systems can be groomed into a security professional.
ABOUT TIM CALLAHAN:
Tim Callahan is Chief Information Security officer for Aflac. He’s responsible for the Technology Risk Management and Information Security Program, which includes Threat and Vulnerability Management, Cybersecurity Operations and Incident Response, Information Technology Compliance and Risk Management, Security Engineering, Technology Resiliency, and Disaster Recovery.
Prior to joining Aflac in 2014, Tim was Senior Vice President, Business Continuity and Information Assurance, at SunTrust Bank. Previously, he was the first Vice President, Technology Risk Management, and Chief Information Security Officer at Peoples United Bank in Bridgeport, Connecticut. He also served on the State of Connecticut Judicial Committee on Identity Theft to assist in building requirements for protecting sensitive personal information introduced into the judiciary through legal actions.
He was a 23-year career military professional serving in leadership positions of increasing responsibility. In his final assignment, Tim was the program manager for a command risk management function at one of the U.S. Air Force’s Major Command Headquarters.
He holds a bachelor of science degree from the University of the State of New York.