
Deloitte hacked - xenity7
http://fortune.com/2017/09/25/deloitte-hack/
======
j45
Might this be a reason why accounting firms shouldn't be offering
Cybersecurity consulting?

[https://www2.deloitte.com/global/en/pages/risk/solutions/cyb...](https://www2.deloitte.com/global/en/pages/risk/solutions/cyber-
security-services.html)

Background: I've noticed a trend where traditional accounting firms are
advertise "cybersecurity" consulting expertise and services. It is concerning.
Most often they are accountants who have moved into a Cybersecurity consulting
role.

I had a client a few months ago ask me to sit along with them to deal with a
cyber security consultant that was being pushed on them. He didn't know up
from down.

Should someone get accounting advice from a non-accountant?

~~~
xenity7
There are different types of consulting services - you could assess many parts
of someone's cyber security preparedness without knowing technical details
about security, as weird as that sounds.

Does management make it a priority? Is there appropriate funding? Are the
correct policies in place?

And so on.

Of course, if you ignore th and technical details you will have very serious
issues.

That said, you shouldn't send a super technical security expert to interview
executives about their culture around cyber - the expert will find it
boring/beneath them, the execs won't like the expert... etc

~~~
j45
Agreed.. still, assessing security preparedness, risk management is the basis
of drumming up sales.

The blind spot of this type of consulting sales is security is ultimately
relative to a foundation of technical implementation, not just policy or
process alone.

Management who prioritize funding ensuring policies are in place doesn't
guarantee the technical security that is put in place is sound.

It's as much a case of knowing more than your customers, but not enough.

Maybe it's a short coming of technologists to not be more prominently be
providing this more than accounting firms looking to widen their existing
spectrum in the audit/process field.

Still, the question remains, should technical security implementation be
designed, overseen and implemented by accounting firms?

