Cyber heroes become stronger, and so do the villains
Advanced technologies are changing the face of the cyber threat landscape – for better and for worse
Imagine you are the CISO (chief information and security officer) of a consumer technology company having access to a swathe of confidential customer data. You receive a distressing phone call from a hacker group threatening to steal your data, create digital clones of your customers and undertake criminal activities. However, your company’s cybersecurity is now augmented by artificial intelligence, working hand in glove with you. The system automatically trains itself on the known threats and builds stricter access mechanisms for the unknown. It auto-detects anomalies in its system and self-quarantines, thus locking out the hackers and protecting your valuable assets.
Most organizations today depend on data, making it catastrophic if your company’s data lands in the wrong hands. Remember the WannaCry ransomware attack? It compromised more than 230,000 computers, resulting in $4 billion in financial losses globally. The reason it was so destructive was that many enterprises failed to update their systems with the latest security patch which made them vulnerable to hacking. With increasingly advanced, personalized and hard-to-track phishing emails, malware attacks and other threats, unpatched software is the least of your worries.
However, flip the coin, and advanced technologies can be an antidote too. They equip companies with capabilities like proactive threat detection and prevention, and better vulnerability management, thus providing us the hope of a secure future.
Companies and individuals are now vulnerable to advanced social engineering attacks. However, new technology also enables them to manage those threats more smartly than ever before.
Despite the rapidly changing nature and all-pervasiveness of cyber threats, threat intelligence is too often based on lessons learned after the fact. According to a new research by Deloitte, global leaders have insufficient data regarding the most prevalent and emerging global and regional threats, their impacts, and where cyber investments achieve the greatest value.
Given these challenges, this research guides organizations on how to build a tailored and more resilient global cyber strategy for the future.
Building an effective cyber strategy requires understanding your weaknesses and preparing against adversaries who can be hiding both within and outside your organization, ready to attack at the slightest negligence. Organizations can consider the following actions to be future-ready:
Guide your threat response based on unique regional pain points. The first step to solving a problem is knowing you have one. Tailor your strategies based on your region’s most pervasive challenges, lining up with their incident profiles for maximum impact.
You get what you pay for. Organizations with more strategic cyber investments typically emerge as clear winners. Plan your cyber spending by top threat trends and priorities where a particular country may be more at risk than others.
Focus on cyber approaches that provide higher returns. Cybersecurity strategy, cyber cloud, and data protection and privacy seem to be the top value-driving capabilities globally, and therefore, should be a foundation of any cyber program.
Given the new stakes of technology, continuous threat intelligence and vigilant cyber security becomes increasingly important, as it can help minimize the potential harm from future cyber incidents. Look at where the threats are but also plan for where they might be in the future. Use data to help predict the path of potential adversaries and build employee awareness regarding upcoming cyberthreat trends.
Getting to this secure future requires a futuristic mindset – think about new technologies not just as harbingers of threats but as enablers of opportunities for bolstering your cyber strategy. Hyper-automation could bring humans and AI together as “super teams” working together to scenario-test and solve problems even before they occur. Cybersecurity experts responsible for monitoring system health might experience greater flexibility to focus on creating innovative solutions and implementing proactive recommendations, thus building impenetrable cyber defenses.
In short, if cybercrime is inevitable, then make cyber-attacks more expensive and less profitable, thereby taking the power out of criminals’ hands and keeping it in yours.
This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this article.
- Iram Parveen | Researcher and Writer | Deloitte Center for Integrated Research
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
Copyright © 2023 Deloitte Development LLC. All rights reserved.