3 strategies to avoid being hacked

Featuring Deloitte's Rob Goldberg


Video transcript:

There’s kind of three main new emerging focuses. I would say one is reconnaissance, and this basically means are you familiar with how you look from an adversary’s perspective.

Frankly this is an emerging area that organizations need to take from governments, who’ve been working with this sort of thing for a long time: understand your adversary, know what they see about you, know what makes them attractive or what makes you attractive to them, and use that information to make better decisions about where to invest in security technologies and controls.

The next is simulation. The reality is it’s not a question of if you will be hacked or breached, but when, because every organization is a target, because every organization represents an opportunity for a cybercriminal to achieve their goals. Then every organization needs to practise for that day because that day will come.

How will the board react? Will they come together? What will the CEO say? Do they already have pre-scripted responses to media and to external parties and in order to respond quickly while they’re able to get a sense of what’s happening to them, why it’s happening, and how to limit the effect? The more you practice the better you get, and those organizations that prepare through simulation and simulating the attack on their organization are going to fare well in response and limit the impact. They won’t be able to bring the impact to zero, but they will certainly limit the damage that’s done during a cybersecurity event.

The third general area is digital identity. We’ve heard a lot in the cybersecurity industry and talked a lot about something we call identity management. Effectively can I identify who is accessing my systems, what they have access to, and what they’re doing while they’re on my systems. Now that is shifting to devices with the advent of internet of things and more devices being connected every day, those have an identity and those are often vulnerable points for a cybercriminal. If I can take over a simple device on a network, that might be enough for me to then launch my attack rather than just a user account, your personal account, or your ID and password, for example.

SPONSORED REPORT

Get your clients ready for tax season

These year-end tax planning strategies address recent tax law changes enacted to help taxpayers deal with the pandemic, such as tax credits for sick leave and family leave and new rules for retirement plan distributions, as well as techniques for putting your clients in the best possible tax position.

RESOURCES

Keeping you informed and prepared amid the coronavirus crisis

We’re gathering the latest news stories along with relevant columns, tips, podcasts, and videos on this page, along with curated items from our archives to help with uncertainty and disruption.