cybersécurité IT cybersecurity

Deloitte Luxembourg and EBRC look into the Cyber Security journey - Think early, act effectively and react promptly. Most security breaches are still perpetrated by external attackers and the financial services industry is particularly exposed to security incidents with confirmed data loss.

Most security breaches are still perpetrated by external attackers and the financial services industry is particularly exposed to security incidents with confirmed data loss. This was one of the findings of the Verizon 2014 Data Breach Investigations Report (DBIR), presented at the Cyber Security conference, organised by Deloitte Luxembourg and EBRC.

Attracting close to 50 Security and IT professionals, risk managers, internal auditors, among others, the conference aimed to provide the latest updates on the cyber threat landscape and focus on the typical approaches, standards, regulations and capabilities to protect organisations from cyber threats.

The digital revolution is driving business innovation and growth, yet also exposing all organisations to new and emerging threats. Indeed, organisations must face a myriad of threat agents, whose determination and attacking resources may greatly vary from one to another.

Stéphane Hurtaud, Partner at Deloitte Luxembourg explained The threat landscape has changed, and the need for more mature Cyber Security is higher than before. In today’s world, addressing Cyber Security Risks with point solutions is clearly unrealistic. Given the complexity of the Cyber Risk landscape, one must adopt a much more cohesive and structured approach for managing your Cyber Risks effectively .

Moving from information security to risk intelligent security

The 2014 DBIR provides information on attackers, their motivation, demography and methods that can help companies to protect their most valuable assets. The latest edition of this report confirms that, whilst most security breaches come from the outside, the main motive of the threat remains financial gain, even if industrial espionage has been rising over the last few years.

Sebastien Besson, Cyber Security specialist at Deloitte, also emphasised that  It takes less and less time for an attacker to compromise his/her target. Some 60% of security incidents occur within a couple of hours, whereas 62% of incidents are discovered months later.

During the conference, speakers discussed this complex and ever-evolving threat landscape, concluding that organisations need to adopt a cohesive approach to protection from Cyber threats, underpinned by 5 key principles:

  • Understand risk exposition and defining the risk appetite
  • Ensure close alignment with business goals
  • Prepare for the worst
  • Share intelligence
  • Instil a broad awareness of Cyber Security

The prevalence and sophistication of recent Cyber Attacks on public and private organisations highlight a number of capabilities that are essential to Cyber Security (from prevention to detection).

Leveraging the National Institute of Standards and Technology (NIST) cybersecurity framework

The speakers also addressed the question of how a company should react towards constant reports of Cyber Security breaches.

Régis Jeandin (EBRC, Head of Security Services) confirmed that: Too often, a pragmatic and structured approach towards Cyber Security could save time and be cost effective, however, taking the time to step aside and initiate a true reflexion is lacking in many organisations.

The conference was an opportunity for the audience to review one of the most recent frameworks in Cyber Security and its three corner stones:

  1. Definition of the core functions (identification, protection, detection, response, recovery)
  2. Definition of the current situation (e.g. profile) and target. This profiling allows companies to identify the gaps and initiate the relevant action plans
  3. Definition of the ‘Tiers’ (Tier IV being most secure and Tier I being least secure),  through which the characteristics of the organisation’s approach to risk is evaluated

Cyber incident response: challenges and solutions

To become more efficient and to better protect valuable IT assets against the continuously evolving Cyber Threats, information security should adopt a new form, moving from traditional perimeter protection to rapid and advanced detection and response capabilities to a Cyber Security incident.  

Matthijs van der Wel, Director of the Incident Response department at DataExpert, explained that often, it takes 2 weeks for an organisation to perform computer forensics analysis of one single compromised system in its environment. He further added that companies often lack strong incident response capabilities, enabling them to timely react to an adverse security event. Most of the efforts spent on information security today still focus mainly on preventive measures. Through examples, he showed that latest cyber-attacks demonstrate that prevention is not sufficient anymore to ensure the adequate protection of systems and networks.

During his presentation, Matthijs provided an overview of new existing incident response solutions, using specific software agent deployed on corporate computer systems. Such solutions enable organisations to react faster to a security incident, by:

  1. Performing computer forensics analysis from a remote location
  2. Analysing the state of multiple systems across the company, using a set of various data sources (e.g. network, operating system, application information) to detect any anomaly which could be a potential indicator of a successful security breach
  3. Restoring previous states of a given system back in time, to better pinpoint the timeframe and the source of a security incident

Press Release communicated by Deloitte and EBRC