Cyber Attack and Readiness Evaluation
Cyber Attack and Readiness Evaluation is a new service designed by PwC to help clients evaluate their security posture – their ability to deal with the main threats of our cyber world − in an easy and understandable way.
How does it work? First, we do a workshop with you to evaluate online your risk appetite and the measures currently in place to mitigate your exposure to the main cyber risks. We then challenge these responses with a technical evaluation of your readiness.
This service is primarily designed for small and medium-sized enterprises, but it is modular and scalable to any size and field of activity. We have credentials in a range of industries including public administrations, banks, consumer and luxury goods. Our modular approach with the services is described below.
Cyber Risk Evaluation
Know the risks before it starts to hurt
The purpose of a Cyber Risk evaluation is to identify potential problems before they occur. This enables you to plan risk-mitigating measures and invoke them as needed across your information systems or projects.
In this phase, we will go through an online questionnaire to evaluate your risks and the maturity of your security controls. We have based our set of controls on the ICT Minimum Standard from the Federal Office for National Economic Supply FONES.
Pragmatic recommendations
- A report with a complete list of severe cyber risks and an executive summary summing up your current maturity level
- For the defined scope, a detailed report in an electronic format that will be prepared for and presented to various bodies within your organisation
- A project plan covering all project activities planned at all phases of the engagement after the initial mobilisation phase
External Security Assessment
What are the open windows? Can they be used for an attack?
The external security assessment can be executed in two phases, depending on your needs.
First we run an external vulnerability scan, which is a simple out-of-the-box solution for rapidly identifying weak points in your company’s network that could be exploited by hackers.
The penetration testing is then conducted to discover the depth of the problem and finds out exactly what type of damage could be done if a vulnerability were exploited.
Give your IT Department clear tasks and a roadmap
Depending on the services that were chosen, you will receive the following deliverables:
- An exhaustive report with a list of the known vulnerabilities discovered while performing the scan. The report will also outline the steps needed to fix these vulnerabilities (i.e. the relevant patches to apply).
- A more detailed report with observations and recommendations, including quick wins. It describes the methodology used for our penetration exercise, the assumptions taken and the business impact of the ‘hack’.
Phishing Awareness Campaign
Challenging the ‘weakest link’
Phishing is the most frequently used technique by hackers to gain an initial foothold in a company’s network. Phishing enjoys a high success rate as it targets the weakest component of the security chain: human beings! Our awareness campaign simulates a phishing attack by sending a credible email to a defined group of people asking them to perform a particular action (for example clicking on a link or opening an attachment) which could compromise the end-user device or lure the recipient into disclosing confidential information.
A report on how to be ‘phished’ less
Every action of the tested group will be recorded and summarised in a report. It will outline the response of your employees (e.g. the number of people who clicked on the link, opened the attachment and provided their credentials) so that you can effectively gauge their level of awareness and/or determine the effect of any training they may have done in this area.
Cyber Awareness Workshop for Executives
Awareness training for executives
Given the rapidly evolving nature of cyberrisk, company directors and executives have to be kept regularly up to speed on the salient technology and developments in cyber risk.
Our Game of Threats™ session will help your executives or colleagues understand, try out, iterate and play a near real hack use case with our interactive tool.
Awareness report
You’ll receive a presentation which summarises the key findings observed during our session with practical actions.
Our modular approach
We have designed a scalable and adaptive service model to gear our services to your needs and size. Depending on the depth of the assessment required and your experience and knowledge of cybersecurity, you may need a certain level of technical and human behaviour evaluation. Let’s tailor your package together!
In response to the continuing evolution of cyber threats and the cyber landscapes of our clients, PwC has developed a subscription-based version of our existing Cyber Attack and Readiness Evaluation offering to help organisations assess their security posture over time. This new approach is called Continuous Cyber Attack and Readiness Evaluation.
Contact us to help you choose the service the most adapted to your needs
Please contact us to find out how we can help you to get better prepared against cyber risks with our Cyber Attack and Readiness Evaluation service offering.
https://pages.pwc.ch/core-contact-page?form_id=7014I0000006qY1QAI&lang=en&embed=true
Contact us
Partner and Leader Cybersecurity and Privacy, PwC Switzerland
Tel: +41 58 792 42 21
Partner, Leader Digital Assurance and Cybersecurity & Privacy, PwC Switzerland
Tel: +41 58 792 84 59
