Deloitte’s 10 tips for better cyber security

fr en de

Addressing the increasing threat of cyber-attacks, several international Deloitte cyber experts have analysed the current situation in the market and presented 10 key recommendations. The main aim of the 10 steps is to ensure that sufficient procedures are in place to react to cyber-attacks, from technical, business and organisational standpoints to frequently testing the ability of the systems to detect intrusions and withstand an attack.

<< Back
07/02/2014 |
  • Roland Bastin - Proposal - High Res

    Roland Bastin, partner at Deloitte Luxembourg.

Cyber security no longer exclusively addresses CIOs and IT departments. The threat has become so pervasive, the points of illegal entry so numerous and the implications of a breach so serious that every member of the organisation has a stake and a role in protecting the company from cyber-attacks

Roland Bastin, partner at Deloitte Luxembourg

The 10 recommendations for combatting unauthorised access to corporate networks and data range from the basic to the advanced:

1) Focus on what matters: identify and document the business-critical functions and information assets that must be safeguarded against cyber-attacks

2) Get real about risk: no matter how strong the current security measures, cyber criminals likely know how to circumvent them. That is why a risk-based approach to cyber security is needed, one that prioritises risks based on their likelihood and impact, in order to effectively manage cyber risk exposure

3) Know your friends: in a recent Deloitte survey of technology, media, and telecom companies, 92% of participants felt an average or high level of threat from third parties. To help combat this, extended relationships should be inventoried: supply chain, outsourcing, clients, vendors, contractors, etc. Anyone who has access to the IT infrastructure needs to be included and assurances from these parties that they are vigilant in addressing cyber security need to be affirmed

4) Become a detective: develop capabilities for detecting threats to business-critical functions, information assets and operational continuity. By centrally monitoring systems, cyber threats can be detected in real time, enabling a quick response to mitigate negative impacts

5) Draw up emergency plans: when it comes to cyber attacks, prevention is only half the battle. Even the best systems and most vigilant organisations can be compromised. That is why procedures to react to cyber attacks need to be established, from legal, technical, business, organisational and branding standpoints

6) Crash your own gates: cyber simulations can help test the effectiveness of emergency responses and the ability of systems to detect intrusions and withstand attacks. This enables the improvement of resiliency plans and defensive strategies to recover quickly

7) Protect what is vulnerable: cyber criminals increasingly evade current security controls to target vulnerable applications. To protect business-critical systems, make sure to apply timely patches and software updates to the most exposed assets

8) Get smart: enhance the organisation’s ability to proactively detect and mitigate imminent and emerging cyber threats by leveraging the knowledge of industry associations, as well as commercial and open source intelligence sources. Whether the skills are built in-house or outsource, the key is to establish proactive cyber threat intelligence capabilities

9) Jealously guard your reputation: companies that suffer a cyber-attack face more than financial loss. They also risk brand damage and the loss of public confidence. To protect its reputation, one needs to know who is talking about the brand and what they are saying. By consistently monitoring its brand on the Internet, trademark, copyright and other intellectual property infringement can often be avoided. More significantly, by improving cyber security stance, corporate assets and sensitive customer and employee data from the outset can be protected

10) Foster cyber awareness: the weakest link in cyber security is not technology; it is people. Social engineering attacks that use targeted phishing emails or other techniques often hoodwink users into revealing confidential information or trick them into downloading malware. This makes it easier for cyber criminals to penetrate networks, without even resorting to more traditional hacking methods. Employees need to be educated to make sure they are aware of these risks and threats

According to Roland Bastin, partner at Deloitte Luxembourg: “Cyber security no longer exclusively addresses CIOs and IT departments. The threat has become so pervasive, the points of illegal entry so numerous and the implications of a breach so serious that every member of the organisation has a stake and a role in protecting the company from cyber-attacks.”

Prior to drawing up the list, Deloitte was named a global leader in cyber security consulting in the Cyber Security Consulting 2013 report released by Kennedy Consulting Research and Advisory, a leading analyst firm.

It is not the first time that Deloitte’s risk services are rewarded for their expertise in cyber security.   In recent months, many analysts have praised the governance, risk and compliance services of the company in the fields of risk management consulting, security consulting; information security consulting, and more. What the Kennedy report emphasises is the effectiveness of the integrated, full-spectrum approach chosen by the company, which led to the most comprehensive set of capabilities on the cyber security market.

“Deloitte brings a strong value proposition to cyber security consulting by melding its industry expertise, its ‘one approach, one model,’ cyber security-specific investments, and C-suite communication capabilities” the Kennedy report notes.

Back to top  | << Back

Communiqués liés

RSA Erik Lindeman

RSA launches technology and management liability insurance s...

RSA Luxembourg, part of Intact Insurance Specialty Solutions, today announces th...

RSA
Terminal Bettembourg-Dudelange Copyright CFL multimodal
10/09/2024

Lancement d'une nouvelle connexion intermodale entre Bettemb...

CFL multimodal a le plaisir d'annoncer le lancement de sa  nouvelle connexion i...

CFL multimodal
 DSC5136 ABI Graduate
09/09/2024

Experts from LUNEX award first micro-credentials in Rwanda o...

The Rwanda Ministry of Education (MINEDUC) formally inaugurated Syllabi, a publi...

Lunex
ERG's logo (002)
09/09/2024

ERG Notes that ENRC Secures Landmark Victory as Court of App...

Eurasian Resources Group (ERG), a leading diversified natural resources group he...

Eurasian Resources Group
Pierre Thomas X Jean-Paul Scheuren
03/09/2024 Partenariat

LetzToken et La Vie est Belle annoncent leur partenariat ouv...

«?LetzToken?», plateforme de tokenisation pionnière basée à Luxembourg, et ...

LetzToken
Metalkol
02/09/2024

ERG announces a Pre-Export Finance Facility Agreement based ...

Eurasian Resources Group (“ERG”, “The Group”), a leading diversified nat...

Eurasian Resources Group

Il n'y a aucun résultat pour votre recherche

We use cookies to ensure the best experience on our website. By accepting you agree the use of cookies. OK Learn more