Anthony Lauro
Director, Security Technology and Strategy
Akamai Technologies
PRESENTER
Todd Covert
National General CISO
Allstate
DISCUSSION LEADER
Jeff Deakins
Director, IT Security (CISO) and Infrastructure
The Marmon Group
DISCUSSION LEADER
Nitin Raina
CISO
ThoughtWorks
DISCUSSION LEADER
Elizabeth Ogunti
CISO
JBT Corporation
DISCUSSION LEADER
Paolo Vallotti
CISO & VP of Operations
Tate & Lyle
GOVERNING BODY HOST
MARCH 2023
Cybersecurity threats don't take time off. And with challenges like varying budgets, staffing and technologies, CISOs must react and adapt accordingly to ensure their SOC is performing effectively. This requires that security leaders gain deep visibility into assets, access, and network flows, and have an eye on security policy enforcement down to a granular level.
How can they share information internally about threat intelligence and ransomware attacks in a useful manner? Top CISOs from the Chicago CISO community came together in a recent Town Hall to discuss how to take action with threat intelligence and communicate the risks in an appropriate way to C-suite colleagues and board members.
Anthony Lauro, Director, Security Technology and Strategy at Akamai Technologies, set up the discussion, with Todd Covert, National General CISO at Allstate, Nitin Raina, CISO at ThoughtWorks, Elizabeth Ogunti, CISO at JBT Corporation, Jeff Deakins, Director of IT Security (CISO) and Infrastructure at The Marmom Group, and Paolo Vallotti, CISO and Vice President of Operations at Tate & Lyle, leading the small group breakout discussions.
Providing the Right Level of Visibility on Threats and Risks
Anthony Lauro started the discussion about the challenges to providing internal visibility as it relates to threat intelligence. He noted that the head of a SOC might be very technical, which does not translate as well to those leaders with more business acumen. CISOs have to think about people who can up-level the information to those who need it – or consider providing updates that range from technical to business-oriented.
He also said that in order to protect a modern enterprise from cloud-introduced threats, security leaders should share information in order to create a complete picture of the threats. Finally, CISOs must think in terms of a ‘threat-hunting road map’ to ensure that you are gathering intelligence, building fences, fostering good vendor partnerships, and preparing your team for when an attack takes place.
Key Takeaways from the Discussion on Threat Intelligence
- Share relevant metrics about risk.
One group noted that C-level executives want the security team to quantify the risk so they can make further decisions, such as whether or not to push out a product update or hold off. They want to compare the potential cost of the risk versus the potential cost of missing out on offering something new, so they can be “doubly sure the changes are appropriate,” as one CISO said.
Another group added that metrics need to be provided at the level the board or stakeholder is interested in. One CISO shared that you might put together an intelligence report, and the SOC is ready to close the book, while business leaders think it needs more work and quantification of risks. It’s a challenge to share at the right level in the right format in which all stakeholders can consume it.
Create filters for your threat intelligence
CISOs agreed that they get threat intel from different feeds – but some of it is “noisy data” that they can’t act on. It’s critical to filter out the noise and find the areas that are actionable. As one CISO put it, “What kind of filters can I put into place to get rid of the noise on the internet?”
They noted that if their teams are looking for a needle in the haystack, they need to “filter out the hay” so that their efficacy is increased, and they are enabling their teams to look only at legitimate issues. As another security leader said, “We don’t need to see every single alert unless it is deemed important.”
- Understand your organization’s risks and vulnerabilities.
CISOs discussed how critical it is to know your unique risks so that you prioritize the right security controls. They agreed that it was important to focus on the basics and the biggest risks and not to “lose the context and focus on the wrong controls.” Another executive added, “Before you start searching for more threats, understand your risks and vulnerabilities.”
CISOs also said that as you are building out your threat intelligence capability, there comes a point at which you have to test and evaluate how you are doing. Another security leader added that it’s necessary to conduct continuous assessments of your security posture.
CISOs in the group recommended having champions around your organization – such as your senior counsel or risk management leaders – who will back you up when it comes to reporting on risks. Automation was also a topic that came up, as security leaders are looking to automate certain tasks that will free their team up to focus on more important areas.
To continue the discussion on cybersecurity, threat intelligence and communicating risk, join a CISO community near you, or check out our calendar for opportunities to get together in person and virtually with your CISO peers.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.
