Specialty Podcast: Cyber Threat Considerations from Former FBI Agent

Intro (00:00):
You are listening to the Alliant Specialty Podcast, dedicated to insurance and risk management solutions and trends shaping the market today.

CJ Dietzman (00:08):
Welcome everybody to another episode of the Alliant Specialty Podcast. CJ Dietzman here from Alliant Cyber. Thrilled to be with you today. We've got someone really special, a friend of mine, a colleague from the industry I've known for several years. I met Tim Stranahan when he was still working for the FBI as Assistant Special Agent in Charge for the Carolinas. This man has been a cyber warrior working in law enforcement on behalf of the cyber interests of our country and our businesses and our citizens. He's retired, a distinguished career. This man has done a lot. It's just incredible. I love talking to Tim. He's now the Chief Operating Officer at Tekniam. Welcome, Tim Stranahan. Tell us a little bit about you and then we'll get right into it.

Tim Stranahan (00:54):
CJ, I really appreciate the opportunity and the glowing endorsements. I don't know if they're all worthy, but I appreciate it. I came into the FBI in 1996. FBI headquarters in 2004 and then made my way to Charlotte in 2006 and I took over the counterintelligence program for North Carolina and then was promoted up, as you said, to the Assistant Special Agent in Charge in 2014. And that's really where I started to cut my cyber teeth, took over the national security programs, which were international and domestic terrorism, counterintelligence and cyber. And I started really understanding what the threats were then. And made my way up to headquarters again, in 2016. And I was in a key position during the 2016 elections, which as you know, were rife with all kinds of cyber issues. The hack on Yahoo, the 2016 election, and all the problems that were associated there. I did retire in 2020 after 23 years in the FBI and went to work for Charter Communications for a brief moment before I got recruited to be the Chief Operating Officer at Tekniam, where I proudly serve now for the past three years and still keep my fingers on the pulse of what's going on in the cyber world, because as you know, it affects everybody and anybody.

CJ Dietzman (02:07):
Absolutely incredible. Thank you so much for that, Tim, and really, as I said, sincerely thrilled and grateful that you joined us today. Let's get right into it. Tim, a couple of things. Blink your eyes, can you believe it? Here we are. We're looking at 2024, and our listeners are concerned and interested in cyber risk management trends, cyber threats, and where they should be focusing right now. Tim, first things first, give us your perspective on what we saw in 2023 from cyber threat actor activity to trends, some of the cyber incidents. What were your thoughts looking back at 2023, Tim?

Tim Stranahan (02:43):
Yeah, amazingly, I drove the parallels back to 2016 and what I was seeing then, and I wonder, have things changed so drastically? And I think what really has changed is the “why.” Why are we seeing what we're seeing? It's still the same actors; we're still seeing China, Russia, Iran, North Korea. We're still seeing the same actors, but I think the “why” is a little bit different. Back in the day, it was more about espionage and data theft. They were stealing intellectual property. Companies were getting crushed, losing a lot of money and a lot of their intellectual property to China, especially. Now we're seeing this mix, there's the reconnaissance. So, they're sitting on the networks for a period of time until they're discovered or not discovered and kind of prepping the battlefield.

And that was something that was a term that we used back in the day as well, but for different reasons. They were stealing our intellectual property, trying to prep that battlefield, but now they're sitting on the networks in this volt typhoon. This was a pretty scary and a kind of a wake up for the industry right now. This past year, the cyber campaign that targeted the water utility out in Hawaii, the West Coast port and the oil gas pipeline, and a scary proposition for what they're trying to do with the Texas power grid. So, the question is were they trying to stop the U.S. from projecting power into Asia? Was this saber rattling, or were they really just trying to cause chaos? And I think they succeeded in a little bit of both. So, I look at it, and I don't want to say it's more of the same. I think the “why” has changed CJ, quite honestly.

CJ Dietzman (04:13):
Wow. Great points, interesting points. Let's pivot, Tim, looking ahead, what's on the 2024 horizon from a cyber threat standpoint? What should organizations, private sector, public sector, public entities, municipalities as well as commercial businesses, really be on the lookout for?

Tim Stranahan (04:32):
For the horizon, it's going to be more of the same for sure. But hearkening back to what I did in 2016 with the elections, here we are coming to 2024, another election, another opportunity for not just Russia, but for China, for disinformation campaigns. They're going to certainly promote a preferred candidate. There's going to be online campaigns that are going to be a wakeup call for America, especially if you're not paying attention to what's going on. You're going to see these things subtly in the backgrounds, but there's going to be the continuing targeting of our infrastructure. And really no one's exempt. This is going to be all the critical infrastructure, but practically anybody out there that if you have a company, you really should be paying attention to where your crown jewels are. If you're in IT or you're an NGO, a think tank, healthcare; healthcare is getting crushed right now with ransomware.

But anybody who's out there who makes anything of value should be paying attention to what China is doing in particular. If you haven't had a chance to sit down with your board and really discuss where your crown jewels are, you're late to the game. But it's never too late to start. You got to get in, you got to whiteboard and figure out what are you trying to protect, build a wall, a wall around your crown jewels to protect them. And really think that there is an army, the PLA, there are hundreds of thousands of people that are trying to steal your information, your technology every day. I know it's difficult to protect everything, but that's why you got to have some partnerships. You have to have some friends to help you secure what's most important on your network.

CJ Dietzman (06:04):
Fantastic points. And actually a nice natural segue. You must have read my mind as usual, but in all seriousness, the role of law enforcement, I talk to a lot of clients in a lot of organizations. There's a general nervousness and sometimes an apprehension, not all the time to involve, that three letter acronym, FBI. What are the implications of that? Folks tend to get nervous to think about law enforcement, federal agencies, do I lose control? What happens? So my question for you, Tim, give it to us straight and candidly, I know you always do. What should the role of law enforcement be to me as a potential risk manager or as a CISO, when do I involve law enforcement and how?

Tim Stranahan (06:45):
My vote is to involve law enforcement early and often and well before there's a problem. The FBI, Secret Service, other federal agencies, we have great resources at our disposal. So, I talk about identifying those crown jewels and building the wall. A lot of companies just don't have an idea how to get that done. There are a ton of resources out there that can show you how to build the program, how to build a successful program so that when something does happen, you're not scrambling at the last minute. I've been in those rooms and had those conversations with leaders who had the relationships with us, preexisting relationships. It just goes a lot smoother for you as opposed to running around for the first four or five days. You're focused on things that are most critical to keep your core business functions going.

So, I say get educated and get involved sooner than later. There are programs out there, the DSAC program, that's the Domestic Security Alliance Council. If you're a $1 billion in revenue company, 650 companies that are part of that right now, you can get information on how to protect your asset. There's great indicators of compromise that are shared by the FBI and the Secret Service. You can start learning about the TTPs of our adversaries. Again, you got to get educated and get involved. Complacency is not going to win here. If you are a company that is sitting back waiting for something to happen, it will unfortunately, and it will happen bad. I say if you can't reach out or if you're hesitant to reach out to the FBI, imagine how you'll be on the day when you get infiltrated and you're crown jewels are being stolen and you're scrambling at the last minutes. I'd say get involved early. Stay involved, talk with the Secret Service, talk with CISA. They have great resources they can share with you, bad practices as well as the best practices. And you'll see that best practices are coming from the partners who engage with law enforcement sooner than later.

CJ Dietzman (08:48):
Amazing. And Tim, I would imagine, I don't want to put words in your mouth, but working in law enforcement and specifically in cybersecurity and investigations, it's got to be a bit disheartening at times when you see organizations, to your point, who you know are late, they're three steps behind where the threat actor was. Not only did they not contact law enforcement and have a relationship with Secret Service, with FBI, with local municipalities, they didn't have the right resources. Digital forensics and IR specialists, incident response specialists, they did or didn't have the right cyber insurance coverage. If they did, maybe they didn't know how to use it and how to avoid pitfalls. What are your thoughts on when it all goes wrong? And the lack of readiness?

Tim Stranahan (09:32):
There was a time going back maybe in the early 2000’s where companies, the security part of it, the cybersecurity would be something they would cut first from budgeting. Nowadays, that's unheard of. You wouldn't think about cutting back your cybersecurity team because you know, they're on the front lines protecting you when you walk into your company. You don't see the thousands of people that are trying to get into your company each and every night. But this is a 24/7, 365-day operation for cybersecurity. You have to be on your toes every single day. You have to trust your network, but you have to be able to verify that it's secure. And that's not something that you can do on a whim. You have to have dedicated resources in place in order to do that. So, you have to protect your business like someone's going to break in every night. And you can't do that with part-time help. You have to have dedicated resources, and you have to have the ability to call on experts like the FBI, like Homeland Security, like CISA, like the Secret Service. You have to have that ability at your hand. And your cybersecurity professionals have those kind of relationships, and they should. If they don't, they should make those as soon as possible.

CJ Dietzman (10:41):
Tim Stranahan, what an incredible and important message and impactful. Thank you for all of that. And Tim, just let me say personally and professionally, I'm so happy to see you doing well as Chief Operating Officer now with Tekniam and all the incredible things you folks are doing there. Looking forward to continuing to work with you and to watch you in 2024. Folks, thank you so much for tuning into another episode of Alliant Specialty Podcast. Thank you, Tim Stranahan, for sharing your incredibly important and fulsome perspective on the state and what to expect in the cybersecurity realm for 2024. Thank you, Tim.