At supplemental insurance provider Aflac, protecting information collected on behalf of employees and the customers and businesses they serve is a core tenet of the company’s culture, said Tim Callahan, global CISO.
“Cyber criminals are innovative, willing to take risks, and have no regard for the rules,” Callahan said. “Criminals see supplier channels as vulnerable, vulnerable. We have a strong third-party security system, but we have no control [its] nature.”
In addition, given the nature of geopolitics, corporations can be a complementary or complementary goal, Callahan said.
“Although Aflac may not register as a company that the country will target directly, we may still face the consequences of a widespread attack,” he said. “Similarly, supplier channels are affected by software issues, which may impact our company.”
‘Recovery Test Allowed’: Dumping password to get passkeys
To harden defenses and protect critical data, Aflac has launched a multi-year approach to the maturity of its cybersecurity program, Callahan said, adding that collaboration has been key to the strategy.
“We have strengthened our strategic partnerships with providers such as Zscaler and CrowdStrike, enabling us to build deeper connections in our relationships,” he said. “We are also building relationships with companies like WWT that can serve our global needs in the US and Japan.”
One of the most prominent initiatives has been the “Exploratory Delivery,” the ongoing development of Aflac’s Consumer Identity and Access Management (CIAM) framework.
Initially, CIAM created a single, simple, and secure authentication framework for customers, Callahan said. Aflac has partnered with Transmit Security, a provider of identity and access control solutions, to implement advanced authentication options. In that way it is able to address the core challenge of customers who engage with Aflac especially in life events.
“When customers reach out to Aflac for help in their time of need, they don’t always remember their information and are often sidetracked into solving a password problem,” said Callahan.
In response, Aflac offered a solution, called Passkey, that provides customers with a common password-free login experience on their devices, using secure capabilities based on open standards. Passwords are still there for users who aren’t ready to move to a passkey, or an alternative if needed.
“Aflac was one of the first major insurance companies to bring this capability to market,” Callahan said. “Passkey is accepted by leading companies such as Amazon, PayPal, Home Depot,” and others.
Passkeys are said to provide a means for a more secure, user-friendly, robust, phishing-resistant, and device-bound authentication process, as well as eliminating the need for passwords.
Since launching with a limited rollout in November 2023, and a full rollout in May 2024, Aflac has seen tangible business results. For example, Passkey’s adoption rate exceeded initial goals, with 32% compared to an average of 10%. To date, approximately 26,500 Aflac policyholders have chosen to enroll in Passkey, highlighting the importance and appeal of the technology to Aflac customers, the company notes.
For its work on Passkey, Aflac won the 2024 CSO Award, honoring security projects that demonstrate outstanding thought leadership and business value.
With Passkey, Aflac has seen a significant reduction in support calls related to password resets and login issues – one of the main goals of the project. This not only eases the burden on customer support services, but also reflects improved user experience and satisfaction, as there have been no reports of customers needing technical assistance with Passkey.
There was also an improvement in the success rates of entry for Aflac policyholders. By eliminating passwords, Passkey has simplified the login process, reducing login failures caused by forgotten passwords. As a result of Passkey, Aflac saw an 11% reduction in login errors.
In addition, Passkey has been instrumental in increasing the efficiency of Aflac’s digital ecosystem. With fewer support calls and logging errors, customer support teams can focus on high-value tasks, improving productivity and efficiency across the organization.
The implementation of Passkey also helped strengthen Internet security at Aflac, reducing the risk of data breaches, password-related vulnerabilities, and unauthorized access.
“Aflac will continue to promote adoption [of Passkey] through targeted customer communication and deep integration based on data analysis,” said Callahan. “We also expect high customer adoption as the solution becomes ubiquitous in the industry.”
Quackcess Granted and Passkey have received widespread support, as Aflac strives to make authorization and verification more secure and convenient for customers.
“There are only so many ways to improve password information or make standard multifactor authentication better for our customers,” said Virgil Pool, senior consumer assurance leader for Aflac Global Security. “We have taken an important step forward in collaboration with Transmit Security to bring Passkey. As a result, we are achieving our goal of making it easier for our customers to get help in their time of need.”
Cybersecurity culture pays off
As part of its security strategy, Aflac prioritizes its relationships with technology and business partners and is “very intentional” about
explaining the need for safety for partners, employees, and customers.
“Our employees and partners are cyber-conscious and have been supportive of our goals, because of our laser-focused approach to communicating not just technology change, but the cause of change,” Callahan said.
This company has a large and complex technology, and is cautious
in terms of its deployment of IT and security tools, it works to ensure there is plenty of time to test and implement small, incremental steps, he says.
“For example, when we used zero trust, we started small; [we] “We took a customized approach, one door at a time, building by building,” said Callahan. “As we get started, we review any changes before we proceed. This approach has helped us avoid mistakes and pitfalls that could affect our business.”
The increasing speed and complexity of threats requires higher levels of security resilience to maintain business risk tolerance, Callahan said. Aflac remains committed to “pushing the boundaries of cybersecurity,” he said. It does this by placing great importance on information security to protect against external and internal threats.
“Our way of doing things is very much rooted in our culture,” said Callahan. “From the bathroom to the living room, we have a long-term commitment to doing things right.”
The key to getting business buy-in for any cybersecurity initiative is to include business partners and leaders in the decision-making process, Callahan said. “They will also understand the need and be able to provide feedback and support on how to do it.”
Aflac also includes major business partners on its oversight committee, called the Security Oversight Committee. Through this platform, managers can inform the security team about the business impact of policies, standards, and decisions. “We live in a world where there are no surprises, because they are included in the program,” Callahan said.
“Aflac’s mission is to improve its security posture and reduce the impact of a cyberattack, while providing a seamless user experience,” Callahan said. “Passkey’s success has proven to be a better user experience while providing better security.”
Source link