enterprisesecuritymag

Deloitte: Multi-pronged Approach for Information Security Assurance

CIO VendorChris Ruggeri, Principal with Deloitte Risk and Financial Advisory Organizations suffer tremendously from cyber attacks at multiple levels endangering their reputation, and most importantly, the integrity of their intention of doing business. With the increase in the rise of cybercrimes, they are constantly maneuvering ideas to defend themselves against known and emerging threats. The notion may lead to a perspective that cybercriminals are targeting only big companies for large financial payout or a massive cache of personal data. Though, the reality is that everyone, from small- and medium-size organizations (SMBs) to larger organizations is equally at risk, falling under the radar of potential bad actors. A strong defensive posture could spell the difference between growth and stagnation, and delivering such solutions demand both industry expertise and a keen view of the current security layout, an industry requirement that is Deloitte’s forte. The company assists organizations in making “risk-informed” strategic decisions and choices to expand their businesses while protecting their reputation from security threats. Deloitte understands the importance of delivering correct and prompt information to top-level business executives and boards, and best-in-class corporate governance for a risk-free operational environment.

Anatomization of Cyber Threats

The human element is by far the most crucial aspect of maintaining security and integrity. Today, security is regarded as one of the critical facets of any organization and has been a crucial differentiator in the marketplace. For every TMT (Technology, Media, and Telecommunications) organizations, achieving security at all levels poses a significant issue that needs to be resolved. The booming trend of globalization, digital transformation, and intense competition urge enterprises to continuously adapt to the latest technologies and methods to protect themselves and enhance their competitive advantage. Most importantly, TMT organizations should explore innovative and robust techniques that consider IT as an indispensable factor for tomorrow’s success. Companies must protect their assets via classification, labeling, and access controls to ensure the confidentiality of their business information and to secure competitive advantages in the markets which ultimately prevent unexpected data and information loss. According to the World Economic Forum project, Partnering for Cyber Resilience, “Information security and cyber risk have become boardroom priorities.” Also for TMT CEOs, the concern lies in the changing nature and posture of cyber attacks. For instance, their organizations are most susceptible about Denial of Service (DOS) attacks, which overload the targeted systems and services, making it difficult to access by authorized users.

To answer such issues, Deloitte performs detailed analysis of workflow processes, information content, and references to domestic and foreign laws, regulations and best practices.
They help their clients in developing comprehensive policies to protect and secure their sensitive information effectively. “As we continue to evaluate new demands on our clients, risk profiles are being shaped in unexpected ways and include all risks that can jeopardize long-term sustainable business success and potentially cause brand and reputation damage. This encourages and requires new thinking around leading practices to manage risk,” asserts Chris Ruggeri, principal at Deloitte Risk and Financial Advisory. It is absolutely true that technology alone can’t protect an organization from intrusion and potential capabilities of an ongoing cyberthreat. Considering the imminent threats, Deloitte provides essential resources that enable their customers and organizations to safely enter into new markets across the globe to deliver goods and services through their enhanced information security system.

Deloitte offers a comprehensive security health assessment services right from the network infrastructure design review to penetration testing that eventually helps businesses to identify potential security weaknesses and detect possible malicious attacks


Also, for enterprises, while considering IT investments, they not only have to check the availability of tools but also the compatibility of the business model. Even after say, ERP systems are implemented, there are higher chances of data being incorrect or misplaced, processes turning inefficient, or internal controls becoming deficient. For such scenarios, Deloitte offers assistance to companies in mitigating such challenges and also provides a variety of consulting services to optimize the predefined systems for better management and compatibility.

Varied Spectrum of Security, Vigilance, and Resilience

In an era of digital transformation, application portfolios are exponentially becoming more diverse. They are the lifeline of the business—and need to be on the front line of cyber defense. As they expand their horizon, so does cyber risk. Deloitte’s application security services assist businesses to strategically design and implement security mechanisms across the proprietary system development. They make sure that the desired operational requirements are fulfilled to obtain value through IT while protecting application portfolio against the constantly changing cyber threat landscape.

From the point of infrastructure security; businesses are continually moving forward to digitally transform themselves, modernize the supply chain, enhance customer experience, increase agility, reduce costs to name a few. This sudden paradigm shift is the result of the promising advent of cloud technology, the Internet of Things (IoT), hybrid computing, software-defined networks (SDN), robotic process automation, artificial intelligence and the most recent phenomenon known as the blockchain. To ensure security and deliver agile defense capability, Deloitte helps organizations to adopt the modern and risk-focused approach. The company understands that the basic infrastructure domains—physical facilities, networks, and storage remains constant, the need for protecting them along with the means to secure them must evolve accordingly.
Deloitte’s expertise provides assessments, strategy, architecture, and implementation of security measures along with operational management assistance to guide their clients to prepare for, respond to, and emerge stronger from any major crisis.

Strategically Identifying and Mitigating Risk

The business models of many organizations have become increasingly dependent on the internet due to the dynamic nature of global markets. This causes a severe threat to companies as the awareness for security technologies and information security are not adequate and up to the mark. Today, there are a considerable amount of malicious attacks and cybercrimes taking place across multinational companies and government organizations. The damage ranges from leakage of valuable business trade secrets and consumers’ sensitive information to interruptions in business operation. With all the known and as well as unknown security threats looming across the enterprise sphere, the immense challenge companies face is identifying their security weakness and determining necessary preventive measures to ensure that valuable resources are kept intact. In response to these predicaments, Deloitte offers a comprehensive security health assessment services right from the network infrastructure design review to penetration testing that eventually helps businesses to identify potential security weaknesses and detect possible malicious attacks.

The company also possesses a strong command in providing enterprise-level information security health evaluation to various organizations. Deloitte’s vast experience in providing technical knowledge has eventually expanded their client base across multiple industries including finance, healthcare, technology, and government entities to deliver value right from the start of the engagement. The company’s professional team holds multiple top reputable credentials including Certified Information System Security Professionals (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Ethical Hacker (CEH), Certified Hacking Forensic Investigator (CHFI) to name a few.

"By elevating risk management to a strategic conversation, we aim to help our clients create more resilient and confident businesses that are positioned for growth"

As infrastructure and applications become more virtualized and adaptive, the chances of cybersecurity gaps getting exposed also increases. The proper implementation of preventative and detective defenses around highly sensitive data along with security teams reduce data loss and risk when an intruder gets past a network, application, or infrastructure controls. Leveraging these principles and an understanding of each client’s risk profile, Deloitte helps organizations to design, implement, and manage capabilities so that they can better protect sensitive information across the end-to-end data lifecycle effectively.

Additionally, through a customized combination of service components, the company’s expertise provides on-premise assistance to their clients to help them improve and enrich their current threat intelligence capabilities. Moreover, by utilizing modern and innovative architecture and redesigned governance models, Deloitte’s cyber resilience approach shifts from reactive, static recovery measures to proactive and adaptive methods. “By elevating risk management to a strategic conversation, we aim to help our clients create more resilient and confident businesses that are positioned for growth,” concludes Chris.
- Surajit Narayan Deka
    December 20, 2018