Despite heightened attention to cyber security and unprecedented levels of security investment, the number of cyber incidents — and their associated costs — continues to rise1 and adversaries continue to evolve their attack techniques. As the challenges to secure complex enterprise and public sector environments continue to mount, Deloitte, an acknowledged market leader in security, privacy and resilience solutions, today announced its new Secure.Vigilant.Resilient. approach to help organizations maximize business performance through a cyber risk management program that extends beyond traditional information security practices.
Deloitte’s Secure.Vigilant.Resilient. approach acknowledges that with perpetual change and increasing complexity, it is economically infeasible for organizations to be 100 percent secure. It remains critical to invest in cost-justified and risk-prioritized security controls, but it is equally important – if not more important – to focus effort on improving threat visibility and detection, and responding more rapidly and effectively to reduce the impact of cyber incidents.Secure.Vigilant.Resilient. efforts require strong executive guidance and governance processes and the creation of an active defense culture throughout the organization.
Simultaneously, Deloitte announced it has changed the name of its Security, Privacy, and Resilience practice to Cyber Risk Services, reflecting awareness that gaining ground in the battle against cyber threats is fundamentally a risk management challenge.
Cyber Risk Services is an integral component of Deloitte’s Risk Advisory Services business, the market leader in providing end-to-end risk advisory services. Deloitte’s Risk Advisory Services business helps organizations build value by taking a risk intelligent approach to managing financial, technology and business risks. This approach helps organizations focus on areas of increased risk, bridge silos to effectively manage risk across organizational boundaries and pursue not only risk mitigation but also intelligent risk taking as a means to value creation.
“Senior executives are flooded with news and information about the damages that cyber incidents can inflict, but this in itself doesn’t help them move forward,” said Ed Powers, the national managing principal for Deloitte’s Cyber Risk Services practice. “The fact is that innovation and cyber risk are inextricably linked; cyber risk is an inherent byproduct of virtually every growth and efficiency effort. The recent spate of attacks waged through point-of-sale systems is a case in point. Electronic payments processing has heralded new levels of efficiency for retailers and their customers — but the attendant risks can exact significant costs, both direct and indirect.”
“Our approach helps organizations gain confidence in their ability to innovate by helping them be better prepared for potential cyber incidents. Through a Secure.Vigilant.Resilient. program, they can embrace cyber risk management not as a necessary evil, but as a positive and an integral component of strategic planning that supports the achievement of their core mission and strategic objectives,” Powers added.
The underpinning concepts for the framework are spelled out in a new point of view paper entitled, “Changing the game on cyber risk: the imperative to be secure, vigilant, and resilient”.
To get started, leaders of the organization need to understand the key threats prevalent in their industry and specific to their organization. By reviewing potential actors and their motives, they can establish program components that better prevent impact by known threats and also be better equipped to anticipate what might happen in the future and respond more nimbly when incidents occur.
Deloitte Cyber Risk Services — Leading From the Front
Deloitte’s Cyber Risk Services comprises more than 1,500 professionals focused in cyber risk, information security, privacy and business resilience. Deloitte is recognized by Forrester Research, Inc. as a leader in information security consulting services2 and ranked No. 1 globally and in North America in security consulting, based on revenue by Gartner.3, 4
Today’s announcement follows a series of aggressive activities Deloitte initiated in 2013 to build upon its position as the clear market leader. Deloitte acquired the assets of Vigilant, Inc.last spring. Renamed Vigilant by Deloitte, this segment of the practice specializes in cyber risk detection, situational awareness and cyber threat intelligence, providing consulting, managed services, and information services that help organizations detect and respond to emerging cyber threats.
Former senior-ranking Federal Bureau of Investigation (FBI) Special Agent in Charge Mary E. Galligan, who supervised some of the FBI’s largest and most high profile investigations — including the September 11th terrorist attacks, joined Deloitte’s Cyber Risk Services practice last fall. The addition of Galligan, who retired from the FBI after more than 25 years’ service, brought a national security and law enforcement leadership to the incident response portion of the cyber security equation.
Deloitte served as the objective observer of the Securities Industry and Financial Markets Association Quantum Dawn 2 simulated systemic cyber attack on the U.S. financial system and co-authored the after action report that identifies ways to improve the industry’s responses to cyber events.
Most recently, Deloitte helped the National Institute of Standards and Technology (NIST) to develop a Cybersecurity Framework to reduce cyber security risks for critical infrastructure. The NIST Framework, mandated by an Executive Order signed by President Obama one year ago, is based on five core functions: identify, protect, detect, respond and recover, which is consistent with Deloitte’s Secure.Vigilant.Resilient. cyber risk management approach.