Another day another major cyber security story. This time it is ‘big four’ accountancy and consultancy firm Deloitte that has been affected. All the more embarrassing for them because Deloitte provides high-end cyber security advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
A story in the Guardian newspaper this week reveals details of an internal investigation into the hack, which is believed to have taken place in October or November 2016, although it was not discovered until March 2017.
The hack is believed to have come about through access gained to the firm’s global email server through an administrator account, using only a single password. Likely the result of a phishing e-mail sent to an employee. In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.
The internal investigation has been attempting to reverse engineer the hackers movements through its e-mail network, to discover which client’s details may have been compromised. This is a painstaking and difficult process done retrospectively.
Deloitte claims that only a very few client accounts have been compromised. This may well be true, but they are facing an uphill battle to preserve their reputation given the length of time it has taken to discover and trace the hackers’ activities.
A leading edge behavioural monitoring solution, such as ThreatSpike, would have allowed Deloitte network security managers to build up a picture of normal activity across their e-mail and other networks. When the hack occurred they would have been notified immediately of any suspicious activity and the solution would also have allowed them to easily build up a comprehensive retrospective picture of what the hackers had been up to.
The extent of the damage would have been largely mitigated and a full picture would have been immediately available to investigators, allowing them to say quickly and with confidence exactly which, if any, client accounts had been affected.
Transputec can provide Cyber-Security-as-a-Service to any business facilitating the quicker discovery of security breaches and a much faster forensic investigation. No system can guarantee again human error allowing hackers access to a network, but breaches can be spotted in minutes or hours rather than weeks or months and the damage to reputation can be contained.
Head of Cyber Security