To find out more about the current cyber threats companies are facing and their responses to such threats, Area Development’s staff writer, Lisa Bastian, interviewed Michael Morris, a managing director in Deloitte’s Cyber Detect & Respond practice.
Morris: Many IIoT devices were built with a specific function in mind at a time when security wasn’t a high priority. As more and more devices connect to the Internet, organizations’ cyber-attack surfaces have grown, and now span all of their critical business areas. As industrial, manufacturing, or other organizations look to defend against cyber threats, they need to begin inventorying and monitoring all of their connected assets, including information technology (IT), operational technology (OT), Internet of things (IoT), and industrial Internet of things (IIoT). Since cyber adversaries will take advantage of any organization’s security blind spots, organizations would be wise to build visibility across all of their tech assets.
AD: What data is most attractive to cyber thieves and why?
Morris: While motives vary by different cyber adversarial groups (e.g., cyber criminals, hacktivists, and nation-states), it’s important to discern those motivations as they highly impact where harmful, disruptive activity will focus. Unfortunately, most organizations need to deal with multiple adversaries at a time, making cybersecurity a difficult job. Cyber criminals typically look for financial gains through intellectual property, personally identifiable information (PII), or business critical data. Hacktivists usually focus on what they can do to disrupt business activities or expose internal organization information. And, nation-states are most likely to target unique intellectual property or access to critical systems
AD: What basic elements make up a great cyber defense plan? What extra services should be added for optimal protection?
Morris: There are several basic elements needed for a cyber defense plan. These include identifying core critical systems that have the biggest impact to business success, enabling the monitoring of those systems, and enabling automation to identify anomalous and malicious behaviors to mitigate threats as quickly as possible. Threat actors often leverage a lot of the same technology that cyber risk management programs do, so enabling and building your organization’s security capabilities to counter them as soon as they’re identified is key in protecting the business.
AD: Which cyber services are best to be outsourced, and why?
Morris: There are many cyber services that managed service providers can provide. For example, we’ve seen an upward trend in organizations hiring managed detection and response (MDR) providers to cost-effectively address increasingly complex threat landscapes employing skilled cyber talent that’s often hard to come by in an incredibly tight job market.
AD: What are some of the most promising new cyber defense tools in the works?
Morris: One new approach we see in the market is the use of proactive cyber defense platforms. These non-persistent agent deployments can enable adversary pursuit — or threat-hunting teams — to leverage cyber threat intelligence and automation to quickly find and mitigate non-signatured attacks. Using new platforms like this allows the defensive cyber team to proactively “flip the script” on the attacker by detecting and mitigating threats before they’ve been able to cause major disruptions.
AD: How can companies do a better job of mitigating damage from “social engineering” fraudsters who trick employees?
Morris: Implementing employee awareness training programs, as well as periodically testing employees, can help mitigate damage from social engineering threats. Enabling reporting protocols also can help by asking employees to report any fraudulent activities (such as spear phishing via email), and then ensuring managers minimize any negative impact that could occur when employees self-report (in a timely manner) being scammed. Additionally, building authentication methods for access to critical business systems and enforcing strong password policies for employees can thwart these threats of deception.
AD: Are we doing a better job identifying, stopping, and/or prosecuting cyber terrorists?
Morris: Unfortunately, adversaries are continuously refining their craft. But the good news is that security teams and products are doing a better job identifying those cyber threats.
Mike Morris, Managing Director, Deloitte Risk & Financial Advisory, Deloitte
Mike Morris is a managing director in Deloitte Risk & Financial Advisory’s Cyber Detect and Respond practice. He has over 19 years of experience in intelligence operations, advanced offensive and defensive cyber operations, and tactics and tool development.