"Cyber threat intelligence is vital in order to maintain a strong security posture," says Ryan Aniol, Deputy CISO for the State of Minnesota.
"Putting tools in place isn’t enough, you have to be able to leverage intel from the criminal underground."
We spoke to Aniol at SecureWorld and did a Q&A session with him on cybersecurity threat intelligence benefits. He knows a lot about this topic because he has worked in threat intel roles at companies like US Bank, Target, and Deloitte.
Watch the video for our complete interview, or read excerpts below:
Interview: threat intelligence benefits
[SW] Why do you believe threat intelligence is so important?
[Aniol] “You have to be able to leverage intel from the criminal underground. Be able to gather more information which will help you to be more proactive against threats. Understand new threats that may be created or are being talked about, or if you’re the next target. An appliance won’t tell you if you’re the next target. Cyber threat intelligence can give you that information, and that’s why it’s very important to have."
[SW] Can you paint a specific picture of how cyber threat intelligence can give an organization insights into threats?
[Aniol] "For example, you have access to a cybercriminal forum, and in one of the forum threads one of the threat actors is talking about a healthcare company that they think they may be able to gain access to get PHI [protected health information] records. And you can start to see and go through some of that intelligence, and somebody may say, 'Oh, it’s this particular healthcare company.' Now, you already know you’re on the list as being a possible target, so you would monitor that more closely. What methods are they going to use?"
[SW] Would cyber bad actors actually share that kind of information?
[Aniol] "Cybercriminals talk, they talk amongst themselves. And being in those forums, you just sit and listen. You don’t even have to contribute sometimes. You would be amazed at what comes out of it. By taking that information, you’re able to be proactive and prepared."
Why collaborate with peers at SecureWorld?
As you can imagine, our final question for Minnesota's Deputy CISO was about his leadership role on the SecureWorld Twin Cities Advisory Council. Why does he believe in it?
“It may sound trite, but it is like one big happy family, right? We’re in it for the same thing and that’s to protect our organizations and to help protect other organizations. By coming to an event like this, speaking and collaborating, you come away with better insight into how you can protect your organization."
[RELATED: 2019 SecureWorld regional cybersecurity conference calendar]
