[BreachExchange] Deloitte hack highlights the need for innovation in cyber-security today

Audrey McNeil audrey at riskbasedsecurity.com
Thu Nov 16 19:07:27 EST 2017


https://www.scmagazineuk.com/deloitte-hack-highlights-the-
need-for-innovation-in-cyber-security-today/article/703131/

Deloitte fell victim to a data breach that could have been prevented by
having simple measures that are standard security protocols but businesses
must not only focus on the basics, but also incorporate an innovative
approach.

The spectre of cyber-crime now transcends many other threats, especially
when it comes to the impact on business operations, reputation and
financials. And, while the true extent of cyber-crime is unknown, it's
estimated that there are roughly two major attacks on an organisation each
day, according to experts at the National Cyber Security Centre. Evidence
for this can be seen in the recent Deloitte cyber-attack that compromised
confidential data, including emails from US Government agencies and large
corporations.

The hack has dealt a serious blow to one of the world's Big Four
accountancy and consulting firms – leaving them red-faced, as a substantial
part of Deloitte's business focuses on cyber-security. Initial reports on
the breach revealed that hackers had seized confidential emails and plans
for some of its blue-chip clients. Furthermore, reports state that Deloitte
failed to deploy elementary security measures of two-factor authentication
as it was transitioning its email service.

Unfortunately, Deloitte is just one of many companies to have fallen victim
to a data breach that could have been prevented by having simple measures
that are standard security protocols in place. The bigger question that
needs to be addressed is why so many companies are unable to or are having
a challenge applying standard security measures? While it may seem obvious
in today's data and digital-driven environments that every company must
have adequate industry security standards in place when handling
individuals' data, it is clear companies are challenged with keeping up
with the needed security measures to keep their cloud and digital services
secured.  Most companies today rely on cloud and digital technologies to
enhance their business operations, but there is a clear gap in companies
being able to utilise these services and properly integrate security
protocols that safeguards data being held and transacted across them.

To successfully fend off cyber-attackers, businesses must not only focus on
the basics, but also must incorporate an innovative approach to security.
Below are a couple of suggestions on how companies can change their
approach, whilst still being able to integrate new digital services.

Embracing technologies for an innovative security approach

Finding a cyber-security solution that enhances data privacy will be key
for future success in combatting cyber-attacks effectively. One method to
achieve this is to leverage many of the recent technology advances and
apply them to a security strategy in a new way that looks at securing the
actual tools inside the network, not just monitoring activity in the
network. For instance, the combination of the popular techniques of
encryption and an Artificial Intelligence (AI) has the potential to create
an effective team in today's cyber-threat landscape.

With this approach, encrypting the data helps puts clear focus on securing
the data, while the AI technology helps manage the data transaction process
and cleans any unwanted traffic. In the event of an unauthorised user
accessing data, the encryption and AI security functions would render that
data unusable for that person. This combination is a good example of how
leveraging the capabilities of different security methods can combine to
put more emphasis on securing the data from within and securing all the
activity inside the network, instead of just monitoring for unusual
activity.

Balancing security and innovation

When considering a suitable solution to combat cyber-threats, it is also
important to balance productivity amidst all this innovation. If
well-protected data is inaccessible, then what is the point in storing it?
The ability to access data and content securely from anywhere, whilst still
fully encrypted with document-level encryption at rest and in transit for
storage and sharing any device, is key to maintaining productivity levels
within a business.

Fostering innovation

Another important piece to the puzzle is securely fostering innovation.
Today's organisations require a level of flexibility to meet customers'
mobile demands. As organisations start to rethink the way they secure their
data, they must also take in to consideration how their customers want to
interact with them. For example, many organisations today demand voice
access to their data, rather than simply browsing services, to integrate
with digitally connected lives both at work and home. Unfortunately, an
increased threat of cyber-attacks often accompanies these voice-activated
digital services. Fostering services such as an AI voice and messaging
interface that delivers seamless and secure transaction of all incoming and
outgoing customer data requests, in real-time without compromising
performance, customer experience or customer accessibility is an example of
such innovation. AI such as this allows companies to provide a safe and
secure method to offer digital services to their connected customers and
enable them 24/7 communication regarding their account information from any
device.

As we move deeper into a digitally connected world and it is easier for
hackers to capitalise on our reliance to technology, we see the current
methods failing and so we must focus on basics but also come up with new,
innovative ways to help combat this theft. The development of future
cyber-security solutions must take in to consideration how to help
companies minimise business risk without disruption to workflow or
innovating secure digital products for their customers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171116/d41b67b3/attachment.html>


More information about the BreachExchange mailing list