IT Security, Florian Scheriau, Grant Thornton

Florian Scheriau, Partner and Head of Cyber Security Grant Thornton Germany, about IT security

We spoke to Dr Florian Scheriau about IT security.

Dear Florian, how would you describe Grant Thornton in 3 quick-witted words?

Quality provider, client-orientated, efficient.

Please introduce yourself briefly and tell us something about your background.

Thank you for the opportunity to introduce myself. My name is Florian Scheriau, I have a PhD in physics and have been working in IT security for more than 10 years now. As a partner at Grant Thornton, I head up the IT security department, specializing in digital forensics and incident response (DFIR), eDiscovery and information security. 

My team and I can look back on a large number of successful projects in which we have supported our clients from a wide range of industries in areas such as crisis management in the event of cyber-attacks, data protection and ISMS. 

However, my heart beats for incident response in particular, as this is where all topics come together. 

What characterizes Grant Thornton

Of course, a lot more than just the key points mentioned at the beginning. Grant Thornton understands the needs of its clients. Particularly in an emergency, such as a cyber security incident, we can react quickly and provide support in times of need with our dedicated team. As an auditing company, we are not only committed to independence – our statements, for example in financial statements, are always fact-based. Our experts are also committed to regular further training so that we are always up to date on the process, technology, and organizational fronts. 

For me personally, Grant Thornton is also a great place to work: not least because we work really well together as a team and also globally. IT security and cyber is one of the focus areas at Grant Thornton, and we are experiencing strong strategic growth in this area. 

How does Grant Thornton help other companies? 

I would like to give you a brief overview of our services. The client always comes first and that we can support them with customised solutions. As auditors and professional services providers, Grant Thornton has an extensive portfolio of services in a wide range of technical and non-technical areas to fulfil this objective.  We provide our clients with comprehensive advice and support on a range of topics within eight business areas, service lines and focus areas: 

o Audit & Assurance 

o Advisory 

o Tax 

o Business Process Solutions 

o Legal 

o Technology Consulting 

o Sustainability / ESG 

o International Expertise 

Within the Advisory Service Line, we offer support services for IT and cyber security incidents (“Cyber Incident Response“) and Managed Security Services (“MSS”) with vulnerability scanning, for example Managed SOC (“MSOC”). Our consulting services also include auditing technical and organizational processes based on a cyber security check, advice on IT emergency management and incident response readiness assessments, advice on ISMS and data protection. Other services include cyber security awareness training, determining monetary damages following cyber security incidents, vCISO security services and special (digital) forensic investigations and eDiscovery. In cooperation with our global internal network, we can also offer penetration testing, darknet monitoring and cryptocurrency tracing. 

What do you perhaps see slightly differently from prevailing opinions in the field of cyber security? 

It’s not just on social media that people in our industry often talk about how expensive cyber security is. Especially when a cyber-attack on a company has been successful, of course. 

However, cyber security is definitely affordable – and worth the price. There are many approaches to launching simple and inexpensive initiatives in a company that sustainably increase cyber security. Of course, cyber security is always an investment that does not have a directly recognizable added value compared to the normal situation. However, compared to a fully encrypted IT infrastructure, for example, the normal state should be maintained and is therefore worth striving for. Early investment is therefore not necessarily expensive, but it certainly makes sense: statistics on cyber-attacks not only show that the number of cyber-attacks is increasing every year, but also that the amount of damage caused by them is constantly rising.

Which security tool categories do you think are over- or undervalued? For example, would you invest in an NDR or an EDR system first? 

The typical answer from a digital forensics’ expert is “it depends”. It is the same here. To effectively assist in the management of cyber security incidents, one should generally be open to niche technologies. Many tools are no longer just one or the other. For example, terms such as “XDR” may emerge where the boundaries are blurred, or platforms may emerge with a comprehensive toolset that combines or partially combines, for example, SIEM, SOAR, EDR, NDR, patch management, log analysis and data acquisition, also depending on the cost of these platforms and their functions offered in modules. 

It also depends on which cyber strategy our clients are pursuing. Is protecting the outer perimeter more important than securing the crown jewels themselves? Is full encryption worse than data loss? Depending on the situation, there are various toolkits that have advantages and disadvantages. In principle, however, there is no single solution that covers all requirements for all times. 

From the forensic scientist’s point of view, it is particularly important for their own toolset to ensure that data acquisition and data analysis are reliable in court. This means that you always need more than just one tool to be able to prove the same results and thus the correctness of the forensic investigation. 

What’s next – what’s on your technical roadmap, what are your plans?

I am happy and proud to say that we are in a great technical position as a team. Nevertheless, I am convinced that a roadmap should never be empty – if you rest, you rust. 

We want to keep developing as a team. Not only in the technology itself, but also in areas that are inseparable from our technical work, such as crisis communication. The team will grow in numbers, but also in skills. Of course, this also includes technical training from established providers. 

Our toolset is regularly reviewed and updated and expanded as required. We also continue to develop internal tools. There is always something to do. 

If you could send an email to all CISOs to address a security issue, what would you choose?

The CISOs we have met have always been very open-minded and interested in our services, which cover not only technology but also all other areas for which a CISO is responsible. 

For example, a security problem can be of a technical nature, but it can also have many different causes, resulting in a technical problem. The gateways for serious cyber-attacks are often a brief moment of inattention, for example when reading a phishing email. 

If I could send an email to CISOs, I would take up the point from your previous question here: there are effective and inexpensive ways to drastically increase cyber security – this takes a lot of pressure off the work of a CISO and makes the markets a little safer, or even a lot safer.