Deloitte Tohmatsu Group
Presentation Title The Essence of Cyber Security’s Trend and Strategy in The New Era
Deloitte Tohmatsu’s Emphasis on “Business Compatibility” The Importance of Cybersecurity Strategy
Takaaki Iwamoto
Partner
Deloitte Tohmatsu Cyber
Kenichi Inoue
Managing Director
Deloitte Tohmatsu Cyber
“As the digital transformation progresses, the domain of cybersecurity to consider is expanding. Corporate managers now need to position cybersecurity as a part of their management strategy and tackle it using a top-down approach.” Starting the presentation with these words, Takaaki Iwamoto of Deloitte Tohmatsu Cyber stressed that since cybersecurity is now a key management challenge for companies, it is vital that they take a company-wide and strategic approach to it.
Deloitte Tohmatsu has 26 years of experience in the field of cybersecurity consulting services. It operates a total of 31 Cyber Intelligence Centers (CICs) worldwide, employing 21,000 risk management and cybersecurity professionals, along with a further 7,000 full-time cybersecurity service staff.
Advances in globalization and digitalization have fueled continued growth in the volume of information flows in cyberspace. In recent years, the whole social environment has also changed dramatically, in terms of work styles, lifestyles, legal and regulatory environments, and capital market expectations. As Iwamoto noted, “Corporate managers need to watch these changes closely.”
“As data is linked to IT systems, OT systems, IoT devices, and all kinds of other things, cyber risk scenarios are getting increasingly complex,” he noted. “And as attack vectors become more complex and the number of attack targets increases, cyber risks are emerging in every space within value chains. It is therefore important for companies to establish a cybersecurity strategy based on a clear view of the cyber threats that surround them and the assets they need to protect.”
Anticipating incidents in normal times Establishing governance to deal with crises
Kenichi Inoue, also of Deloitte Tohmatsu Cyber, added, “Given the increasing severity of the damage caused by ransomware attacks in Japan, companies need to take a resilient approach that is capable of dealing with crises when they arise. In recent years, there has been a sharp rise in ransom demands, as well as double-extortion attacks that threaten to disclose stolen information if a ransom is not paid. Inoue warned, “Making a mistake in your incident response can end up multiplying the damage.”
In fact, cases in which a failure to identify attack vectors, attack methods, and the scope of damage has made it difficult to prevent repeated breaches and secondary damage, as well as cases in which a lack of information coordination led to business partners and stakeholders receiving inconsistent responses, resulting in loss of trust, have occurred frequently.
Until now, Japanese companies have focused on “prevention” to stave off attacks. However, as attack methods become more and more sophisticated and ingenious, companies need to establish a system that enables them to control all aspects of incident response, incorporating intrusion detection and resilience.
For this purpose, a mechanism for collecting and conserving data so that incidents can be promptly and appropriately investigated when they occur is indispensable. Inoue pointed out, “It is important to have governance in place at normal (non-emergency) times, including task planning and management, information collection from relevant parties, reporting to senior management, and internal and external information control.”
Security governance for business compatibility
Iwamoto explained, “To improve its security governance, management needs to see things from two perspectives: ‘protecting the business’ and ‘contributing to the business.’ The idea of applying a standard solution to security governance is no longer valid. It is necessary to shift to a more ‘business-compatible’ approach to security governance that stimulates digital transformation and contributes to innovation, based on a clear assessment of the company’s business characteristics and corporate culture. Security should never be an impediment to business.”
Business activities in cyberspace are extending to supply chains, which means that cybersecurity incidents are no longer the problem of just one company. In concluding the presentation, Iwamoto stressed, “Recognizing that the value and positioning of cybersecurity are undergoing a major transformation, companies need to take appropriate action in each of three phases: ‘prevention,’ ‘discovery,’ and ‘recovery.’ This will help them to increase their corporate value and trust.”
Related Links
Deloitte Tohmatsu Group
-
Deloitte Tohmatsu Group
Deloitte Tohmatsu’s Emphasis on “Business Compatibility”
The Importance of Cybersecurity Strategy - IBM Japan Attackers Target the Weakest Link, So Build an Optimal Security System Through “Selection” and “Concentration”
-
Trend Micro
“Know the Enemy”: The First Step in Protecting Your Organization
Understanding the Intention of Attacks for Effective Defense - NTT Security Holdings Organizational Strength of Research Teams Help Protect Japanese Companies from Targeted Attacks
- BlackBerry Japan AI Mathematical Models for Better Detection and Protection than Existing EPPs
- Secureworks A New XDR Method to Protect Organizations from Evolving Ransomware Threats
- Sateraito Office Offering Versatile Security Products and Know-How Cultivated from Working with Over 60,000 Companies
- ZenmuTech Two Technologies for Digital Transformation: “Secret Sharing” and “Secure Computation”
- ServiceNow Japan Visualizing IT Systems Using a Configuration Management Database: Asset Management is the First Step to Security
- Darktrace Japan Visualizing Vulnerabilities and Risks with AI to “Autonomously Prevent” Attacks