It is significant to note that cyber dangers are growing in importance as a result of technical improvements and the reliance of contemporary firms, like Deloitte, on hackable and exposed communication tools. Since the company’s primary source of income is cybersecurity consultancy, its reputation will suffer the most. In other words, even though the hacking may directly affect operations and cause disruptions to the business as well as the recovery of stolen data, all of these effects are ultimately repairable and reversible, while the reputational damage will not only have a short-term impact but will also be reflected in future deals.
Deloitte’s response to the situation can be considered to be reasonable and effective because it was able to prevent reputational damage by keeping the breach of the attack a secret. The business succeeded well in that it avoided adopting collective crisis accommodating measures and instead concentrated on non-expositional ways of data containment. To reduce the likelihood of reputational harm, Deloitte only informed top and senior managers and promptly got in touch with them directly informed affected clients.
In other words, the reputational damage is greater when a company in crisis employs accommodating strategies, such as exposing itself to the public and being excessively transparent about the specifics of the issue, than it would be if it stuck to defensive strategies and limited forms of communication. The business should have instead strengthened its internal security analyst’s team by extending the relevant department to assure future preparation instead of recruiting external specialists, which has the potential to cause information breaches.
The first top priority is the urgent inclusion of a multistep verification mechanism for administrative emails and other communication channels. The lack of serious security measures for the internal communication channels was the primary cause of the attack. It is significant to highlight that the hacker or hackers did not cause the significant losses and damages that they could have. Second, the company’s internal communication network must be completely redesigned. One communication channel, corporate email, was used to convey all sensitive information. This weakness must be fixed by establishing some highly secure communication channels that are distinct from one another and utilized for various reasons. The third priority should be investing in and expanding the security analyst and expert team for the company lives up to its supposed expert position in the security
Reference
Krebs, B. (2017). Source: Deloitte breach affected all company email, and admin accounts.