Booz Allen Hamilton, a global consulting firm headquartered in Virginia and founded in 1914, has firmly established itself as a leading cybersecurity partner for Fortune 500 corporations, governments, and not-for-profits. We caught up with Tony Gaidhane, Vice President in Booz Allen's Commercial business, to find out just how Booz Allen’s solutions are transforming cybersecurity for businesses worldwide.
Gaidhane, who has 21 years’ industry experience, has been based in the Netherlands for three years – the move marking a considerable change for the US-native. He works with clients across the UK and Europe and has been part of Booz Allen since 2013. Prior to his move to Europe, he worked in Washington DC as a Cyber Security Executive in Booz Allen’s US Commercial Business, where he led Booz Allen's Commercial Cyber Fusion Centre Capability and worked with a number of clients in designing, operating and maturing their cyber defence and operations’ capabilities globally.
From the experience gained in his career thus far, Gaidhane believes a major differentiator between newer companies and the offerings provided by Booz Allen lies in the organisation’s experience in the marketplace. “Having founded the management consulting discipline over a century ago, business, government and military leaders have turned to Booz Allen to solve their most complex problems. We bring a tonne of expertise in analytics, in digital, in engineering and in cybersecurity.”
Gaidhane says part of the company philosophy is to work ‘shoulder to shoulder’ with clients, using a mission first approach to choosing the right strategy and technology to help them realise their visions. He explains, “We're also a key partner on some of the most innovative programmes for governments worldwide and are trusted by some of the most sensitive agencies. We began working with commercial clients over 40 years ago, and we continued to expand our work.”
Advanced solutions for the cyber business community
Booz Allen is also unusual because its cyber roots are decades old and include significant milestones in research and security innovations. For the last three decades, Booz Allen has been a cyber mission integrator for the US government, as well as for the US defence sector as a whole.
“We've helped them solve some of their toughest cyber security challenges,” Gaidhane says, “by combining our consulting heritage with deep cybersecurity practitioner experience that we've gained from tackling very high-profile cybersecurity incidents and broad-based transformations across enterprises – both in the public and private sectors.”
Booz Allen has thousands of cyber professionals across the firm, holding more than 10,000 cyber certifications. This number continues to grow. “They bring this deep cyber tradecraft to our clients, whether it's to safeguard life-saving healthcare solutions, to secure the next generation of global manufacturing to protect global financial infrastructure, or to continue to secure energy production. All of which are really key missions for our commercial clients.”
Redefining the future with Cyber Fusion
Booz Allen is a global leader in the war against breaches and hacking, partnering with public and private companies to tackle ther global cybersecurity challenges. Over a decade ago, the company formed the commercial Cyber Fusion Centre – an operating model evolved from the company’s experiences running fusion centres for some of the largest US agencies.
“Having seen the evolution and sophistication of threat actors in those environments, we also started to see that same evolution in the commercial sector. Then we started to see the evolution of the various types of threats that our clients were dealing with, along with an increased magnitude and velocity of vulnerability.”
The rise in threat actors was so marked that Booz Allen developed proprietary solutions for the commercial market. “Their traditional SOC (security operations centre) environments, or cyber operations’ environments, were grinding down and becoming very reactive in dealing with advanced persistent threats,” explains Gaidhane. “The fusion centre model enables clients to possess a holistic and informed view of their environment to focus on key principles and break away from that grind.”
After establishing the comprehensive nature of the fusion centre model to Booz Allen’s solutions, Gaidhane goes on to explain the cyber fusion concept in stages, with anticipation of threats being the first port of call.
“Number one, it's threat intelligence-led and driven. It starts with our intelligence, which percolates through the course of the chain centre, focusing primarily on anticipating threats rather than reacting to them. Anticipating those threats is what’s most important to the enterprise, as opposed to getting bogged down by threats that aren't as important or are already mitigated. It also drives the ability to rapidly coordinate at a tactical level because of the fusion between all of these cyber components.”
To continuously test and strengthen detection-response capabilities, Gaidhane says that Booz Allen uses red teaming and purple teaming, which allows the development of those capabilities to continue. The last stage of this process involves response and detection. “Lastly, we use customer technology to their advantage. Whether it's a threat intelligence platform or an analytics platform – using that to strengthen one of the key principles and ultimately accelerating response detection and mitigation – it is key.”
He continues: “What we've done over the course of the last few years is further advance that model by engaging with our clients' cyber operations’ programmes and helping them solve broader challenges in merging cybersecurity with fraud, with insider threats, with data protection, with the manufacturing side of things, as well as in operational technology and other domains via what we call ‘converged fusion’.”
Developing converged fusion
The realm of cybersecurity is becoming increasingly complex and fast moving, which means companies must keep up or face the terrible consequences of a potential breach. Gaidhane believes Converged Fusion is a proven approach that will continue to develop better cyber fortification within an increasingly connected business environment. It involves using intuitive thinking, which predicts the nature of the attacker.
“Essentially, it involves combining cyber domains with other domains,” he explains. “An example of converge fusion at a bank would be, ‘How do you reduce fraud?’. Fraudsters are using traditional mechanisms and means to trick individuals into paying them money or transferring them money. But there's a pretty big overlap with the cyber techniques that cyber criminals use. If you try to tackle the fraud problem using cyber and fraud techniques separately, you'll never be act fast enough to catch the attackers. In this case, it makes more sense to try and think as the attackers do.”
Gaidhane points out that attackers use a combination of human and cyber techniques to gain an advantage. “What you have to do on the defensive side is the same thing. You have to start seeing fraud data within a cyber context and see cyber data within a fraud context, then be able to talk between and merge these two.”
The approach is multifaceted and so requires another angle of defence. Booz Allen’s industry experience delivers context about the different types of cyber threats occurring across different industries, and enables better prioritization to protect the entire enterprise.
“That's one example of where we've helped financial companies deal with fraud,” asserts Gaidhane. “In other cases, clients are trying to deal with things like insider threats. If you try to tackle that problem by itself, not knowing the cyber context, it’s going to be a difficult problem to solve. But, once you start looking at these problems holistically, trying to merge those domains and see where the overlaps are – just like the adversaries are doing – then it becomes a better way to solve that problem. This approach is essentially being applied to a multitude of domains.”
Cybersecurity in a digital ecosystem
As the digital ecosystem and IoT result in ever-greater connectivity between industry players, the question of cybersecurity becomes increasingly important and complex. Businesses – both large and small – now work digitally closer than ever before, sharing data streams and information at unprecedented levels. As cyber defenders, the role of Booz Allen is to ensure that its solutions empower businesses to partner and connect without the threat of imminent breaches occurring.
“We approach cybersecurity as a business-enabling function that empowers our clients to execute digital transformations and fulfil their existential missions,” says Gaidhane. “What we've seen is that, as organisations grow their business and take on large transformations – such as cloud migrations or broad-based operational tech migrations or evolutions – their attack surfaces, and then consequently, their threat numbers, are growing at an unprecedented rate.”
He points out that threat actors use this extended business enterprise, such as OT or manufacturing or Cloud, to gain access to client systems. Their motivations for these threat actors range from nation state adversaries, access of sensitive information or intellectual property to terrorists.
“They are trying to disrupt infrastructure and operations. This is especially true if it's critical to a new generation of threat actors, who are using these vulnerabilities as a way to raise the stakes in ransomware attacks and get paid.”
Ultimately, an effective security provider needs to examine a broad picture to assess weaknesses across the extended environment, and then applying the correct solutions, according to Gaidhane. “The digital ecosystem is making everything more connected, which means that as cyber defenders, we have to look at the broader context of being able to connect the dots between all of these business environments to be able to stay ahead. Companies are connected in a variety of ways, but even within companies, their sub-businesses are connected via means that traditionally weren't looked at as being connected.”
The future of cybersecurity
As industry experts continue to play cat-and-mouse games with increasingly sophisticated hackers, the cybersecurity industry has its work cut out. According to Statistica, the number of data breaches in the US alone in 2021 totalled 1001 cases.
To put that into perspective, this translates to over 155.8 million individuals being affected by data exposures occurring that year, including accidental revelation of sensitive information due to less-than-adequate information security – amounting to a whopping US$4.2bn in damages. According to reports, between 2015 and 2021, fiscal cost wrought by cyber attacks has also increased from $1bn to $6.9bn in 2021.
As the numbers continue to rise in line with increased connectivity, bleeding-edge technology is the only possible solution, says Gaidhane. “In the future, I think we'll see more use of automation, more use of analytics, advanced analytics, more use of machine learning, and even AI by the attackers, which will increase the specification, volume and velocity of these sophisticated attacks. We see them on and off now, because it's a combination of humans potentially using code and other things to do it.”
Looking to the future, he says that providers are going to have to continuously raise the bar and enhance defences to allow businesses to focus on their more complex business challenges, rather than being distracted by security issues.
“The attackers only have to get this right once. But, as defenders, we have to get it right every single time. So, Booz Allen's approach to cybersecurity is honed from decades of serving alongside the most sophisticated global enterprises and government agencies. As we evolve our clients’ security posture and stay at the front-end of a lot of these types of attacks, we get to see what the future is going to bring and stay ahead.”
The future for Booz Allen
These are the driving forces behind the innovative solutions created by Gaidhane and his teams. The company will continue to develop proactive cybersecurity services and capabilities that stay ahead of the threat actors, as well as the threats, faced by their clients. Automation and AI are key components of these offerings, and have already proven markedly successful in a market beset with cyber issues.
Gaidhane concludes: “As our clients evolve to use more automation, more analytics, machine learning, and AI, we'll continue to evolve our leading-edge capability to solve our clients’ challenges in these areas. The other aspect is that assessing the broader business context within a number of threats, as well as its reactors, is really going to be important to stay ahead of the curve.”
“We’ll continue to evolve our capabilities to be able to take the full business view in addition to, I'd say, staying ahead of the curve in automation, analytics, and AI to get there.”