Scribd Logo
Upload

Welcome to Scribd!

  • CS 2

    Uploaded by

    jeffcipriano3
    3 views2 pages
    Deloitte, a major cybersecurity consulting firm, suffered a hack of its global email server that lasted 6 months and compromised emails from 350 clients, including several US government agencies and large companies, illustrating that even cybersecurity experts can fall victim to sophisticated cyberattacks. An internal investigation found the hack was possible due to a single password protecting an administrative account without two-step verification, embarrassing the firm known for advising clients on managing cyber risks.

    Original Description:

    Is

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Deloitte, a major cybersecurity consulting firm, suffered a hack of its global email server that lasted 6 months and compromised emails from 350 clients, including several US government agencies and large companies, illustrating that even cybersecurity experts can fall victim to sophisticated cyberattacks. An internal investigation found the hack was possible due to a single password protecting an administrative account without two-step verification, embarrassing the firm known for advising clients on managing cyber risks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views2 pages

    CS 2

    Uploaded by

    jeffcipriano3
    Deloitte, a major cybersecurity consulting firm, suffered a hack of its global email server that lasted 6 months and compromised emails from 350 clients, including several US government agencies and large companies, illustrating that even cybersecurity experts can fall victim to sophisticated cyberattacks. An internal investigation found the hack was possible due to a single password protecting an administrative account without two-step verification, embarrassing the firm known for advising clients on managing cyber risks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Security Consultant Suffers Cyberattack

    Security Consultant Suffers Cyberattack Deloitte is one of the biggest


    professional services companies in the world based on both revenue ($38.8
    billion in 2017) and number of professionals (over 263,000). It provides audit,
    tax, management consulting, financial advisory services, and cybersecurity
    guidance to over 85 percent of the Fortune 500 companies and more than
    6,000 private and middle market companies around the world. Its global
    headquarters is in New York.

    In April 2017, the company discovered that its global email server had been
    hacked starting six months earlier. The hackers gained access to the system
    through an administrative account that granted them privileged, unrestricted
    access to all areas. Apparently, the account required just asingle password and
    did not have two-step verification.

    Deloitte offers its clients advice on how to manage the risks posed by
    sophisticated cyberattacks. It also operates a Cyber Intelligence Center to
    provide clients with around the-clock business focused operational security. In
    2012, Deloitte was ranked the best cybersecurity consultant in the world. The
    firm earns a portion of its $12 billion a year in consulting fees from these
    services. The breach was a deep embarrassment for the firm.

    The use of email is interwoven into the operational fabric of the modern
    organization and is used to communicate all sorts of sensitive information—
    new product plans, marketing strategies, merger and acquisition tactics,
    product designs, patent data, copyrighted material, and trade secrets. The
    server that was breached contained the emails of some 350 clients including
    the U. S. State Department, Department of Homeland Security, Department of
    Defense, Energy Department, and the U. S. Postal Service. Also compromised
    were the emails of the United Nations, National Institute of Health, and
    housing giants Fannie Mae and Freddie Mac, plus some of the world’s biggest
    multinationals. In addition to emails, the hackers had potential access to
    usernames, passwords, and IP addresses.

    Initially Deloitte kept the breach secret electing to inform only a handful of
    senior partners, six clients the firm knew to have been directly impacted by the
    attack, and lawyers at international law firm Hogan Lovells. The Washington-
    based firm was retained to provide legal advice and assistance about the
    potential fallout from the hack.

    Deloitte formed a team consisting of security analysts and experts from both
    within and outside the firm to conduct a formal inquiry to the breach. The
    goals were to understand how this happened, assess the scope of the
    incident, determine what the attacker targeted, evaluate the potential impact
    to clients, and determine the appropriate cyber-security response. After six
    months elapsed time, the team determined that the attacker was no longer in
    the email system, ascertained that there had been no business disruption to
    any of its clients, and recommended additional steps to enhance Deloitte’s
    overall security. The team was unable to determine whether a lone wolf,
    business rivals, or state-sponsored hackers were responsible.

    The attack illustrates that any organization can fall prey to a cyberattack—
    even those whose specialty is to stop them.

    A. INTRODUCTION
    1. Identify the key problems and issues in the case study
    2. Formulate and include a thesis statement, summarizing the outcome
    of your analysis in one or two sentences

    B. CONTEXT
    3. Provide background information, relevant facts and the most
    important issues.
    4. Demonstrate that you have researched the problems in this case
    study.

    C. Alternatives
    5. Outline possible alternatives (not necessarily all of them).
    6. Explain why alternatives were rejected

    D. Proposed Solution
    7. Provide one specific and realistic solution
    8. Explain why this solution was chosen
    9. Support the solution with solid evidence
     Concepts from class (text readings, discussion, lectures)
     Outside Research

    E. Recommendations
    10. Determine and discuss specific strategies for implementing the
    proposed solution
    11. If applicable, recommend further action to resolve some of the issues

    You might also like