The Deloitte Cyberattack – When Cobbler’s Kids Have No Shoes

The world woke up to yet another cyberattack news on September 23, 2017.  Nothing surprising there, news of cyberattacks has become so common lately, after all, we had just recovered from hearing about the Equifax cyberattack.  What set the latest cyberattack apart is that its victim was Deloitte, which, aside from being a “big four” accounting firm, is also the world’s largest purveyor of cybersecurity services.

So, how could a company that sells cybersecurity services to other multinationals fall prey to a cyberattack?  It’s pretty simple, think of the saying that “cobbler’s kids have no shoes.”  Deloitte failed at using a very basic approach, such as a two-factor authentication.  There are also reports that they protected large amounts of data with just a single password.

Now, when we say, “Deloitte failed,” it’s not as if the from Chairman of the Board and the CEO down to rank and file employees there was a directive to fail.  Definitely, that would not be the case.  Most likely, the usual checkmark about their cybersecurity protection was ticked off.  Most likely, they had even provided training to their employees.  However, a recent UMass Dartmouth study has revealed that over 50% of employees are not properly trained where cybersecurity is concerned.

And it is the human factor that led to this cyberattack at Deloitte.  According to reports, one of the system administrators used a password without two-factor authentication.

This administrator must have had all the right training.  But then people do not learn in the same way and at the same pace.  Above all, not all training is effective when it comes to cybersecurity.  And not all training will necessarily translate to internalizing and behavior change.  Not all training is equally effective, which is likely what happened at Deloitte, and the consequences to Deloitte’s reputation will be grave.

Cyberattacks and threats are a part of modern-day reality the same way drinking water is ubiquitous in the Western world.  In fact, the likelihood of cyberattacks abating is nil.  The only way organizations can protect themselves is by using the type of training that will actually result in abiding behavior change.  Anything less than that will surely expose any organization to a cyberattack.

To learn more about effective cybersecurity training that sticks and results in lasting effective employee behavior change, check out what sets the GetThreatReady training apart.