By Rob Starr, Big4.com Content Manager
When you visit the Deloitte webpages that deal with cyber security you’ll notice the company has taken the bold step of summarizing their efforts into a neat, three word package…Secure.Vigilant.Resilent.. It’s an interesting choice of words for the implication that the consulting/accounting firm has been able to grasp the fundamental concepts and grab this tiger by the tail for the betterment of their business clients who need to deal with these threats on a constant basis.
Big4.com spoke with Deloitte Partner Adnan Amjad about the evolving cyber threat landscape and what needs to be done for industry to work in the globally connected online world of modern business. We start our conversation with this leader of Deloitte’s Cyber Threat Risk Management practice, discussing the necessary flexibility in his organization’s approach.
“ Our view, whether the threat actors are going after intellectual property or personal data, is
slightly nuanced compared to what you hear in the news. The most damaging attacks usually aren’t random,” he said adding that Deloitte sees these attacks becoming much more sophisticated with an organized crime element from flashpoints like Eastern Europe, Africa and the United States among others.
He points to the juggernaut of new technologies and business models that don’t always focus on protection as proof.
Creating new business models often involves capturing customer data and new engineering techniques create valuable IP—both scenarios foster the kind of modern competitive advantages that aren’t always fully protected from evolving cyber threats, according to Amjad, whose work with the firm includes cyber risk strategy development, security operations, critical infrastructure protection and vulnerability management.
However, he is also quick to point out that cyber security risk can be found by cutting a much smaller swath.
“While those other factors are true and even the nation states are getting more sophisticated, we create risk ourselves to a certain extent,” he says adding there are specific things that people working in organizations often do to increase the “attack surfaces” that act independently of the macro threats.
“If I’m trying to appeal to a new customer base and I’m building an application, the pressure is to do that quickly and many times these don’t have the same level of security built in as something that was done a while ago.”
Added to that is the fact these applications are available in a wider variety of formats than just a short time ago.
“Basically, we’re opening the doors to the bad guys even though we’re doing it to be viable.”
Another weak point stems from the modern blending of operational and Internet technology.
Look for another installment next week where Amjad outlines more issues and solutions.