Skip to main content

Stopping a state-sponsored cyberattack with Deloitte and Google Cloud

How AI intelligence and human expertise combined to identify threats 66% faster

Defending at machine speed: Reinventing cybersecurity in the age of AI

The situation

Cybersecurity is at an inflection point. The scale of data, the speed of attacks and the sophistication of threat actors mean that traditional approaches are no longer fit for purpose.

In this case, a major European government organisation faced a highly advanced state-sponsored cyberattack. The attacker had gained access to the environment, creating a real risk of disrupting critical digital services and exposing highly sensitive data linked to senior individuals.

“The client could no longer assure the quality of the security of their data and environment,” explains Paul Beverley-Paddock, Director at Deloitte and Security Operations Lead. “We were dealing with nation-state threat actors operating with tools that can appear indistinguishable from legitimate IT activity,” shares Caroline Honeycombe, Director at Deloitte and Cyber Incident Response Lead.

The organisation needed to respond immediately, regain control, stop the threat and strengthen its ability to defend against future attacks. This required not just new technology, but a fundamentally different approach: combining AI, including Generative AI, with human expertise to detect and respond to threats at scale.

Deloitte stops state-sponsored cyberattack; identifies threats 66% faster with Google

Let’s make this work.

To view this video, change your targeting/advertising cookie settings.

Update

Manage cookie preferences

AI-powered cyber response in action

The solution

Deloitte combined cyber incident response expertise with advanced AI capabilities from Google Cloud to transform how the threat was identified, understood and removed.

At the core was a threat-led approach. Billions of data points were   inputted into Google SecOps, creating a unified, real-time view of activity. This was enriched with integrated threat intelligence, enabling rapid attribution and a deeper understanding of the attacker’s tactics.

By using Gemini, analysts could interact with this data in a fundamentally new way. Instead of manually complex queries to search through vast datasets, they could ask natural language questions, generate and evolve detection rules in real time and quickly identify patterns linked to the threat actor.

Gemini enabled us to reduce billions of data points into clear, prioritised actions within seconds.

Paul Beverley-Paddock, Director at Deloitte and Security Operations Lead

With Google Cloud, Deloitte is finding a new way to hunt threats, faster.

Caroline Honeycombe, director at Deloitte and Cyber Incident Reponse Lead 

This shifted the role of the analyst from manually processing data to directing and validating AI-driven insights, moving us closer to semi-autonomous response.

Deloitte’s role extended beyond deploying technology. The team:

  • Rapidly identified and contained the threat actor
  • Re-secured the environment to prevent further intrusion
  • Transferred knowledge and capabilities to the client team
  • Helped establish a more proactive, intelligence-led security model

This end-to-end approach, spanning response, recovery and capability-building, ensured the organisation was not only protected in the moment, but better prepared for the future.

From faster response to stronger resilience

The impact

The results represent a step change in cyber defence.

With the new approach in place, the organisation achieved a 66% improvement in efficiency for security analysts when triaging and investigating threats. Activities that once took hours could now be completed in seconds.

“It gave us the ability to act at a speed and scale we could only dream of before” explains Paul Beverley-Paddock.

Beyond speed, the impact was broader:

  • More accurate and rapid identification of real threats versus false positives
  • Greater visibility across forensic, log and threat intelligence data
  • Reduced risk of disruption to critical services
  • Stronger internal capabilities to detect and respond to future attacks

By combining Deloitte’s end-to-end cyber capabilities with Google Cloud’s AI-powered security platform, the organisation has shifted to a new model of cyber defence, one that is intelligence-led, AI-enabled and human-driven.

In a world where cyber threats operate at machine speed, response must do the same.

Get in touch

Susie Sharawi

Susie Sharawi

Partner
+44 (0)29 2092 6370
Yousef Barkawie

Yousef Barkawie

Partner | AI & Data
+971 (0) 4 376 8888
Clifford Foster

Clifford Foster

Partner | Engineering
+971 (0) 4 376 8888

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Our thinking

Deloitte's Virtual Civil Servant

Government organizations perform a range of functions, from supporting public health to promoting tourism. A Generative AI-enabled virtual assistant can serve as the interface between citizens and government information, helping with questions and transactions via empathetic, natural language.

Deloitte's Subsidy Assistant

Using the power of AI to help farmers navigate the complex landscape of subsidy programmes to drive sustainability improving.

Empowering Generative AI through trust

Artificial intelligence is having a transformative impact on industries from technology to healthcare to finance. However, the untapped potential of AI is accompanied by risks around bias, security and trust. 
Service

Deloitte Middle East Google Cloud Alliance

Unlock an ecosystem of possibilities. Shape what's next. With the power of Deloitte and Google Cloud on your side, you'll forge an impactful future.
Alliance
10 minute read