The 10 recommendations for combatting unauthorised access to corporate networks and data range from the basic to the advanced:

1) Focus on what matters: identify and document the business-critical functions and information assets that must be safeguarded against cyber-attacks

2) Get real about risk: no matter how strong the current security measures, cyber criminals likely know how to circumvent them. That is why a risk-based approach to cyber security is needed, one that prioritises risks based on their likelihood and impact, in order to effectively manage cyber risk exposure

3) Know your friends: in a recent Deloitte survey of technology, media, and telecom companies, 92% of participants felt an average or high level of threat from third parties. To help combat this, extended relationships should be inventoried: supply chain, outsourcing, clients, vendors, contractors, etc. Anyone who has access to the IT infrastructure needs to be included and assurances from these parties that they are vigilant in addressing cyber security need to be affirmed

4) Become a detective: develop capabilities for detecting threats to business-critical functions, information assets and operational continuity. By centrally monitoring systems, cyber threats can be detected in real time, enabling a quick response to mitigate negative impacts

5) Draw up emergency plans: when it comes to cyber attacks, prevention is only half the battle. Even the best systems and most vigilant organisations can be compromised. That is why procedures to react to cyber attacks need to be established, from legal, technical, business, organisational and branding standpoints

6) Crash your own gates: cyber simulations can help test the effectiveness of emergency responses and the ability of systems to detect intrusions and withstand attacks. This enables the improvement of resiliency plans and defensive strategies to recover quickly

7) Protect what is vulnerable: cyber criminals increasingly evade current security controls to target vulnerable applications. To protect business-critical systems, make sure to apply timely patches and software updates to the most exposed assets

8) Get smart: enhance the organisation’s ability to proactively detect and mitigate imminent and emerging cyber threats by leveraging the knowledge of industry associations, as well as commercial and open source intelligence sources. Whether the skills are built in-house or outsource, the key is to establish proactive cyber threat intelligence capabilities

9) Jealously guard your reputation: companies that suffer a cyber-attack face more than financial loss. They also risk brand damage and the loss of public confidence. To protect its reputation, one needs to know who is talking about the brand and what they are saying. By consistently monitoring its brand on the Internet, trademark, copyright and other intellectual property infringement can often be avoided. More significantly, by improving cyber security stance, corporate assets and sensitive customer and employee data from the outset can be protected

10) Foster cyber awareness: the weakest link in cyber security is not technology; it is people. Social engineering attacks that use targeted phishing emails or other techniques often hoodwink users into revealing confidential information or trick them into downloading malware. This makes it easier for cyber criminals to penetrate networks, without even resorting to more traditional hacking methods. Employees need to be educated to make sure they are aware of these risks and threats

According to Roland Bastin, partner at Deloitte Luxembourg: “Cyber security no longer exclusively addresses CIOs and IT departments. The threat has become so pervasive, the points of illegal entry so numerous and the implications of a breach so serious that every member of the organisation has a stake and a role in protecting the company from cyber-attacks.”

Prior to drawing up the list, Deloitte was named a global leader in cyber security consulting in the Cyber Security Consulting 2013 report released by Kennedy Consulting Research and Advisory, a leading analyst firm.

It is not the first time that Deloitte’s risk services are rewarded for their expertise in cyber security.   In recent months, many analysts have praised the governance, risk and compliance services of the company in the fields of risk management consulting, security consulting; information security consulting, and more. What the Kennedy report emphasises is the effectiveness of the integrated, full-spectrum approach chosen by the company, which led to the most comprehensive set of capabilities on the cyber security market.

“Deloitte brings a strong value proposition to cyber security consulting by melding its industry expertise, its ‘one approach, one model,’ cyber security-specific investments, and C-suite communication capabilities” the Kennedy report notes.