Security Consultant Suffers Cyberattack Deloitte is one of the biggest professional services compa-nies in the world based on both revenue ($38.8 billion in 2017) and number of professionals (over 263,000). It pro-vides audit, tax, management consulting, financial advisory services, and cybersecurity guidance to over 85 percent of the Fortune 500 companies and more than 6,000 private and middle market companies around the world. Its global headquarters is in New York. In April 2017, the company discovered that its global

email server had been hacked starting six months earlier. The hackers gained access to the system through an admin-istrative account that granted them privileged, unrestricted access to all areas. Apparently, the account required just a single password and did not have two-step verification. Deloitte offers its clients advice on how to manage the

risks posed by sophisticated cyberattacks. It also operates a CyberIntelligence Center to provide clients with around-the-clock business focused operational security. In 2012, Deloitte was ranked the best cybersecurity consultant in the world. The firm earns a portion of its $12 billion a year in consulting fees from these services. The breach was a deep embarrassment for the firm. The use of email is interwoven into the operational fab-ric of the modern organization and is used to communicate

all sorts of sensitive informationnew product plans, mar-keting strategies, merger and acquisition tactics, product designs, patent data, copyrighted material, and trade secrets. The server that was breached contained the emails of some 350 clients including the U. S. State Department, Depart-ment of Homeland Security, Department of Defense, Energy Department, and the U. S. Postal Service. Also compromised were the emails of the United Nations, National Institute of Health, and housing giants Fannie Mae and Freddie Mac, plus some of the world's biggest multinationals. In addition to emails, the hackers had potential access to usernames, passwords, and IP addresses. Initially Deloitte kept the breach secret electing to

inform only a handful of senior partners, six clients the firm knew to have been directly impacted by the attack, and lawyers at international law firm Hogan Lovells. The Washington-based firm was retained to provide legal advice and assistance about the potential fallout from the hack. Deloitte formed a team consisting of security ana-lysts and experts from both within and outside the firm to conduct a formal inquiry to the breach. The goals were to understand how this happened, assess the scope of the incident, determine what the attacker targeted, evaluate the potential impact to clients, and determine the appropriate cyber-security response. After six months elapsed time, the team determined that the attacker was no longer in the email system, ascertained that there had been no business disruption to any of its clients, and recommended additional steps to enhance Deloitte's overall security. The team was unable to determine whether a lone wolf, business rivals, or state-sponsored hackers were responsible. The attack illustrates that any organization can fall prey to a cyber attack even those whose specialty is to stop them.

Identify key issues and identify one problem you wish to resolve in your analysis. The problem statement should be clear and concise. A problem statement is typically no more than one sentence in length.

List recommended solutions or strategies to resolve the problem. Be sure to include the who, what, why, when, where and how of each solution or strategy you propose.

Analyze each recommended solution or strategy by linking information from course materials and outside research sources. List the pros and cons of each solution. Choose the best solution or strategy and list an explanation why it is the best choice. The reasons for your choice should be clearly linked to your analysis. Be sure to use APA format to cite your sources.