IN ASSOCIATION WITH: Cyber innovation for today’s commerce DIGITAL REPORT 2022
commerceforinnovationCybertoday’s 2 www.boozallen.com
4 www.boozallen.com
B ooz Allen Hamilton, a global consulting firm headquartered in Virginia and founded in 1914, has firmly established itself as a leading cybersecurity partner for Fortune 500 corporations, governments, and not-for-profits. We caught up with Tony Gaidhane, Vice President in Booz Allen's Commercial business, to find out just how Booz Allen’s solutions are transforming cybersecurity for businesses worldwide.
Gaidhane, who has 21 years’ industry experience, has been based in the Netherlands for three years – the move marking a considerable change for the US-native. He works with clients across the UK and Europe and has been part of Booz Allen since 2013. Prior to his move to Europe, he worked in Washington DC as a Cyber Security Executive in Booz Allen’s US Commercial Business, where he led Booz Allen's Commercial Cyber Fusion Centre Capability and worked with a number of clients in designing, operating and maturing their cyber defence and operations’ capabilities globally. From the experience gained in his career thus far, Gaidhane believes a major differentiator between newer companies and the offerings provided by Booz Allen lies in the organisation’s experience in the marketplace. “Having founded the management consulting discipline over www.boozallen.com
Booz Allen Hamilton fuses cyber technical expertise with decades of strategic consulting to deliver advanced cyber defence solutions
5 BOOZ ALLEN HAMILTON
a century ago, business, government and military leaders have turned to Booz Allen to solve their most complex problems. We bring a tonne of expertise in analytics, in digital, in engineering and in cybersecurity.”
to strengthen
Gaidhane says part of the company philosophy is to work ‘shoulder to shoulder’ with clients, using a mission first approach to choosing the right strategy and technology to help them realise their visions. He explains: “We're also a key partner on some of the most innovative programmes for governments worldwide and are trusted by some of the most sensitive agencies. We began working with commercial clients over 40 years ago, and we continued to expand our work.”
6 www.boozallen.com BOOZ ALLEN HAMILTON
Advanced solutions for the cyber business community Booz Allen is also unusual because its cyber roots are decades old and include significant milestones in research and security innovations. For the last three decades, Booz TONY GAIDHANE VICE PRESIDENT OF BOOZ ALLEN’S COMMERCIAL BUSINESS, BOOZ ALLEN HAMILTON it's a that one principles
threat intelligence platform or an platformanalytics–using
Innovating in the cyber space
“ Whether
of the key
and isandresponseacceleratingultimatelydetectionmitigation–itkey”
Tony Gaidhane leads Booz Allen’s commercial business for the United Kingdom and Europe. Based in the firm’s Netherlands office in The Hague, Tony leads our market-facing cyber capabilities for commercial clients in the UK and Europe. He delivers solutions in security strategy, security operations, managed services, incident response, cyber analytics, and data protection to solve our clients’ most complex challenges.
BIOEXECUTIVE
In addition to several certifications in the areas of information security, auditing, information privacy, and project management, Tony holds an M.B.A. from Fuqua School of Business at Duke University. He also has a Bachelor of Science and a Master of Science in Computer Science from Nagpur University and Texas Tech University, respectively.
TONY GAIDHANE TITLE: VICE PRESIDENT IN BOOZ ALLEN’S COMMERCIAL BUSINESS INDUSTRY: IT & SERVICES LOCATION: NETHERLANDS
BOOZ ALLEN HAMILTON
Booz Allen in 2013, Tony assisted client organisations in their fight against cyber threats from advanced global adversaries in his work as a senior manager of cybersecurity advisory services at another premier consulting firm. Prior to that role, Tony worked in Industry for a decade, and served as a director with a Fortune 30 health insurance company where he created and managed many leading cybersecurity capabilities.
Tony has more than 20 years of experience providing cybersecurity advisory services in industries such as energy, finance, retail, automotive, healthcare, and technology with a focus on strategy, design, and implementation of cyber threat intelligence, threat defence operations, attack surface reduction, cybersecurity strategy, and supply chain cybersecurity.Beforejoining
8 www.boozallen.com BOOZ ALLEN HAMILTON
TONY GAIDHANE VICE PRESIDENT OF BOOZ ALLEN’S COMMERCIAL BUSINESS, BOOZ ALLEN HAMILTON “ We sectors.”enterprisesandveryexperienceheritageGaidhanetheirdefenceforAllenmissions”existentialandtransformationsexecuteourthatenablingascybersecurityapproachabusiness-functionempowersclientstodigitalfulfiltheirhasbeenacybermissionintegratortheUSgovernment,aswellasfortheUSsectorasawhole.“We'vehelpedthemsolvesomeoftoughestcybersecuritychallenges,”says,“bycombiningourconsultingwithdeepcybersecuritypractitionerthatwe'vegainedfromtacklinghigh-profilecybersecurityincidentsbroad-basedtransformationsacross–bothinthepublicandprivate
Booz Allen has thousands of cyber professionals across the firm, holding more than 10,000 cyber certifications. This number continues to grow. “They bring this deep cyber tradecraft to our clients, whether it's to safeguard life-saving healthcare solutions, to secure the next generation of global manufacturing to protect global financial infrastructure, or to continue to secure energy production. All of which are really key missions for our commercial clients.”
Redefining the future with Cyber Fusion
Booz Allen is a global leader in the war against breaches and hacking, partnering with public and private companies to tackle ther global cybersecurity challenges.
Over a decade ago, the company formed the commercial Cyber Fusion Centre –an operating model evolved from the company’s experiences running fusion centres for some of the largest US agencies.
“Having seen the evolution and sophistication of threat actors in those environments, we also started to see that same evolution in the commercial sector.
Then we started to see the evolution of the various types of threats that our clients were dealing with, along with an increased magnitude and velocity of vulnerability.”
“Their traditional SOC (security operations centre) environments, or cyber operations’ environments, were grinding down and www.boozallen.com
9
The rise in threat actors was so marked that Booz Allen developed proprietary solutions for the commercial market.
10 www.boozallen.com BOOZ ALLEN HAMILTON
“ The digital ecosystem is making everything more connected, which means that, as cyber defenders, we have to look at the broader context”
one, it's threat intelligence-led and driven. It starts with our intelligence, which percolates through the course of the chain centre, focusing primarily on anticipating threats rather than reacting to them. Anticipating those threats is what’s most important to the enterprise, as opposed to getting bogged down by threats that aren't as important or are already mitigated. It also drives the ability to rapidly coordinate at a tactical level because of the fusion between all of these cyber components.”
To continuously test and strengthen detection-response capabilities, Gaidhane says that Booz Allen uses red teaming and purple teaming, which allows the development of those capabilities to continue. The last stage of this process involves response and detection. “Lastly, we use customer technology to their advantage. Whether it's a threat intelligence platform or an analytics platform – using that to strengthen one of the key principles and ultimately accelerating response detection and mitigation – it is key.”
becoming very reactive in dealing with advanced persistent threats,” explains Gaidhane. “The fusion centre model enables clients to possess a holistic and informed view of their environment to focus on key principles and break away from that grind.”
TONY GAIDHANE VICE PRESIDENT OF BOOZ ALLEN’S COMMERCIAL BUSINESS, BOOZ ALLEN HAMILTON
After establishing the comprehensive nature of the fusion centre model to Booz Allen’s solutions, Gaidhane goes on to explain the cyber fusion concept in stages, with anticipation of threats being the first port of “Numbercall.
He continues: “What we've done over the course of the last few years is further advance that model by engaging with our clients' cyber operations’ programmes and helping them solve broader challenges in merging cybersecurity with fraud, with insider threats, with data protection, with the manufacturing side of things, as well as in operational technology and other domains via what we call ‘converged fusion’.”
www.boozallen.com 11 BOOZ ALLEN HAMILTON
The approach is multifaceted and so requires another angle of defence. Booz Allen’s industry experience delivers context about the different types of cyber threats occurring across different industries, and enables better prioritisation to protect the entire
Gaidhane believes Converged Fusion is a proven approach that will continue to develop better cyber fortification within an increasingly connected business environment. It involves using intuitive thinking, which predicts the nature of the attacker.“Essentially, it involves combining cyber domains with other domains,” he explains.
“An example of converge fusion at a bank would be, ‘How do you reduce fraud?’. Fraudsters are using traditional mechanisms and means to trick individuals into paying them money or transferring them money. But there's a pretty big overlap with the cyber techniques that cyber criminals use. If you try to tackle the fraud problem using cyber and fraud techniques separately, you'll never act fast enough to catch the attackers. In this case, it makes more sense to try and think as the attackers do.”
Cybersecurity in a digital ecosystem As the digital ecosystem and IoT result in ever-greater connectivity between industry players, the question of cybersecurity becomes increasingly important and complex. Businesses – both large and small – now work digitally closer than ever before, sharing data streams and information at unprecedented levels. As cyber defenders, the role of Booz Allen is to ensure that its solutions empower businesses to partner and connect without the threat of imminent breaches occurring.
Gaidhane points out that attackers use a combination of human and cyber techniques to gain an advantage. “What you have to do on the defensive side is the same thing. You have to start seeing fraud data within a cyber context and see cyber data within a fraud context, then be able to talk between and merge these two.”
Developing converged fusion
BOOZ ALLEN HAMILTON
The realm of cybersecurity is becoming increasingly complex and fast moving, which means companies must keep up or face the terrible consequences of a potential breach.
“That'senterprise.oneexample of where we've helped financial companies deal with fraud,” asserts Gaidhane. “In other cases, clients are trying to deal with things like insider threats. If you try to tackle that problem by itself, not knowing the cyber context, it’s going to be a difficult problem to solve. But, once you start looking at these problems holistically, trying to merge those domains and see where the overlaps are – just like the adversaries are doing –then it becomes a better way to solve that problem. This approach is essentially being applied to a multitude of domains.”
“We approach cybersecurity as a business-enabling function that empowers our clients to execute digital transformations and fulfil their existential missions,” says Gaidhane. “What we've seen is that, as organisations grow their business and take on large transformations – such as cloud migrations or broadbased operational tech migrations or evolutions – their attack surfaces, and then consequently, their threat numbers, are growing at an unprecedented rate.”
“They are trying to disrupt infrastructure and operations. This is especially true if it's critical to a new generation of threat actors, who are using these vulnerabilities as a way to raise the stakes in ransomware attacks and get paid.”
www.boozallen.com 13 BOOZ ALLEN HAMILTON
He points out that threat actors use this extended business enterprise, such as OT or manufacturing or cloud, to gain access to client systems. Their motivations for these threat actors range from nation state adversaries, access of sensitive information or intellectual property to terrorists.
and off now, because it's a combination of humans potentially using code and other things to do it.”
“The attackers only have to get this right once. But, as defenders, we have to get it right every single time. So, Booz Allen's approach to cybersecurity is honed from decades of serving alongside the most sophisticated global enterprises and government agencies. As we evolve our
As the numbers continue to rise in line with increased connectivity, bleedingedge technology is the only possible solution, says Gaidhane. “In the future, I think we'll see more use of automation, more use of analytics, advanced analytics, more use of machine learning, and even AI by the attackers, which will increase the specification, volume and velocity of these sophisticated attacks. We see them on 14 www.boozallen.com
As industry experts continue to play cat-andmouse games with increasingly sophisticated hackers, the cybersecurity industry has its work cut out. According to Statistica, the number of data breaches in the US alone in 2021 totalled 1001 cases.
The future of cybersecurity
Looking to the future, he says that providers are going to have to continuously raise the bar and enhance defences to allow businesses to focus on their more complex business challenges, rather than being distracted by security issues.
Ultimately, an effective security provider needs to examine a broad picture to assess weaknesses across the extended environment, and then apply the correct solutions, according to Gaidhane. “The digital ecosystem is making everything more connected, which means that as cyber defenders, we have to look at the broader context of being able to connect the dots between all of these business environments to be able to stay ahead. Companies are connected in a variety of ways, but even within companies, their sub-businesses are connected via means that traditionally weren't looked at as being connected.”
BOOZ ALLEN HAMILTON
To put that into perspective, this translates to over 155.8 million individuals being affected by data exposures occurring that year, including accidental revelation of sensitive information due to less-than-adequate information security – amounting to a whopping US$4.2bn in damages. According to reports, between 2015 and 2021, fiscal cost wrought by cyber attacks has also increased from $1bn to $6.9bn in 2021.
The future for Booz Allen
These are the driving forces behind the innovative solutions created by Gaidhane and his teams. The company will continue to develop proactive cybersecurity services and capabilities that stay ahead of the threat actors, as well as the threats, faced by their clients. Automation and AI are key components of these offerings, and have already proven markedly successful in a market beset with cyber issues.
15
clients’ security posture and stay at the front-end of a lot of these types of attacks, we get to see what the future is going to bring and stay ahead.”
Gaidhane concludes: “As our clients evolve to use more automation, more analytics, machine learning, and AI, we'll continue to evolve our leading-edge capability to solve our clients’ challenges in these areas. The other aspect is that assessing the broader business context within a number of threats, as well as its reactors, is really going to be important to stay ahead of the curve.”
“We’ll continue to evolve our capabilities to be able to take the full business view in addition to, I'd say, staying ahead of the curve in automation, analytics, and AI to get there.”
“ As our clients evolve to use more automation, more analytics, machine learning, and AI, we'll continue to evolve our
inourcapabilityleading-edgetosolveclients’challengestheseareas”
TONY GAIDHANE VICE PRESIDENT OF BOOZ ALLEN’S COMMERCIAL BUSINESS, BOOZ ALLEN HAMILTON www.boozallen.com
Headquarters 8283 Greensboro Drive Hamilton Building McLean, VA 22102 www.boozallen.comUSA POWERED BY:
