Deloitte Tohmatsu’s Emphasis on “Business Compatibility” The Importance of Cybersecurity Strategy

Kenichi Inoue, also of Deloitte Tohmatsu Cyber, added, “Given the increasing severity of the damage caused by ransomware attacks in Japan, companies need to take a resilient approach that is capable of dealing with crises when they arise. In recent years, there has been a sharp rise in ransom demands, as well as double-extortion attacks that threaten to disclose stolen information if a ransom is not paid. Inoue warned, “Making a mistake in your incident response can end up multiplying the damage.”

In fact, cases in which a failure to identify attack vectors, attack methods, and the scope of damage has made it difficult to prevent repeated breaches and secondary damage, as well as cases in which a lack of information coordination led to business partners and stakeholders receiving inconsistent responses, resulting in loss of trust, have occurred frequently.

Until now, Japanese companies have focused on “prevention” to stave off attacks. However, as attack methods become more and more sophisticated and ingenious, companies need to establish a system that enables them to control all aspects of incident response, incorporating intrusion detection and resilience.

For this purpose, a mechanism for collecting and conserving data so that incidents can be promptly and appropriately investigated when they occur is indispensable. Inoue pointed out, “It is important to have governance in place at normal (non-emergency) times, including task planning and management, information collection from relevant parties, reporting to senior management, and internal and external information control.”

Iwamoto explained, “To improve its security governance, management needs to see things from two perspectives: ‘protecting the business’ and ‘contributing to the business.’ The idea of applying a standard solution to security governance is no longer valid. It is necessary to shift to a more ‘business-compatible’ approach to security governance that stimulates digital transformation and contributes to innovation, based on a clear assessment of the company’s business characteristics and corporate culture. Security should never be an impediment to business.”

Business activities in cyberspace are extending to supply chains, which means that cybersecurity incidents are no longer the problem of just one company. In concluding the presentation, Iwamoto stressed, “Recognizing that the value and positioning of cybersecurity are undergoing a major transformation, companies need to take appropriate action in each of three phases: ‘prevention,’ ‘discovery,’ and ‘recovery.’ This will help them to increase their corporate value and trust.”

• Deloitte Tohmatsu Group Deloitte Tohmatsu’s Emphasis on “Business Compatibility”
  The Importance of Cybersecurity Strategy
• IBM Japan Attackers Target the Weakest Link, So Build an Optimal Security System Through “Selection” and “Concentration”
• Trend Micro “Know the Enemy”: The First Step in Protecting Your Organization
  Understanding the Intention of Attacks for Effective Defense
• NTT Security Holdings Organizational Strength of Research Teams Help Protect Japanese Companies from Targeted Attacks
• BlackBerry Japan AI Mathematical Models for Better Detection and Protection than Existing EPPs
• Secureworks A New XDR Method to Protect Organizations from Evolving Ransomware Threats
• Sateraito Office Offering Versatile Security Products and Know-How Cultivated from Working with Over 60,000 Companies
• ZenmuTech Two Technologies for Digital Transformation: “Secret Sharing” and “Secure Computation”
• ServiceNow Japan Visualizing IT Systems Using a Configuration Management Database: Asset Management is the First Step to Security
• Darktrace Japan Visualizing Vulnerabilities and Risks with AI to “Autonomously Prevent” Attacks