All Channel Islands businesses are under attack. Today, the sheer volume and concentration of data, coupled with an ever increasing dependency on IT, increases your exposure to cyber attacks.
But cyber security isn't just about technology. It involves people, information, systems, processes, culture and physical surroundings. It's about a secure environment where your business can leverage technology and remain resilient in the event of an attack. The impact could be significant disruption, loss of earnings, reputational damage and potential fines. All of these are critical when you're competing in a crowded business landscape.
Local financial services businesses rich in data and intellectual property are particularly attractive to hackers. While you grow and expand your business, your basic cyber defences may not be adequate and one simple oversight can make you a target for cyber criminals.
The answer is that every business will have some vulnerability and you might have already had a breach and may not know about it. Keeping ahead of the hackers is impossible but with some proactive work and support you can significantly reduce the likelihood of your businesses suffering a cyber attack.
PwC has created a cyber security assessment service that helps you begin to answer these questions. Managing cyber risk effectively isn’t just a technology issue, it’s a combination of people, process and technology. We will help you understand your cyber vulnerabilities by looking at all three aspects.
We combine an assessment of your technical cyber risks with user education and a review to assess the people and process risks. This provides an end-to-end assessment of cyber security. Our work also provides you with an industry recognised cyber rating for your business that you can share with key stakeholders. The four aspects of the service are outlined below:
1. External security perspective
We will conduct a technical assessment of your internet-facing IT systems such as websites and IP addresses, using industry-leading tools to help identify any vulnerabilities with these.
2. Simulated phishing attack
We will conduct a phishing attack on your employees, using two phishing scenarios, and record the success rate. This will help identify where training and support with education and awareness is required.
3. Broader cyber assessment
We will conduct a cyber security assessment of people and processes in line with good practice standards and use this to help identify any broader cyber risks at your business. We will also use a self assessment to inform this process and do validation questioning.
4. Cyber rating and benchmark
We will provide you with an independent and internationally recognised cyber rating for your organisation that can be shared with third parties. We will also conduct a cyber benchmarking exercise.
Our cyber security assessment is an excellent first step in strengthening your cyber readiness. But that could and should be just the beginning. PwC in Guernsey and Jersey can bring you the power of a global firm at the forefront of cyber security. Our specialist cyber security team in the U.K. is rated by Forrester as a leader in digital forensics and incident response and is one of only a few firms that are certified by the National Cyber Security Centre’s Cyber Incident Response scheme to respond to sophisticated attacks on networks of national significance.
Game of Threats™ is a head-to-head digital game that simulates the experience of executives when their company is targeted by a cyber attack. During the game, participants play as both attackers and defenders, working against the clock and with limited resources in a race to beat their opponents.
Game of Threats™ challenges participants to make quick, high-impact decisions. It helps them to understand the activities that can make the biggest difference and provides valuable insight into emerging cyber threats.
Many people and departments have a role to play in ensuring that your organisation is able to effectively respond to cyber security incidents. As one of the few firms providing comprehensive end-to-end incident response services globally, PwC's market-leading cyber incident response practice is well positioned to advise organisations who are preparing for, responding to and learning from cyber security incidents in order to minimise business impact and residual risk.
Our cyber security framework comprises four capability areas (Identify, Protect, Detect, Respond and Recover) and twenty-four capabilities. Based on industry standards such as NIST, ISO, ISF, it considers the full spectrum of control objectives and capabilities to assess your organisation’s cyber security maturity.
We have built a substantial database of capability maturity benchmark data from our experience applying our framework with a wide range of global clients.
Our service identifies evidence of malicious activity within your business' network. We analyse data pulled from the endpoints, network and external threat sources, augmented by our industry-leading proprietary threat intelligence platform, to gain unique insight into signs of historic or active compromises in your environment and provide clear, pragmatic advice for remediation.
Unlike traditional methods of threat detection, our experts apply a layer of advanced threat hunting and analysis techniques to filter through the false positives and identify malicious behaviours within your environment to detect actual intrusions.
We can review you existing cyber strategy or help to build one that meets the particular risks of your business. Our approach will cover key strategy pillars such as governance, threat assessment, training and awareness, technology, and response readiness.
When a cyber incident impacts your business, you need immediate access to highly experienced experts that can rapidly and effectively contain and remediate the threat, as well as help you remedy any affected business processes.
Our retainers give you on-demand access to a specialist cyber incident response team in the event of a cyber incident. We not only provide you with deep technical experts, but can give you access to the full range of expertise that we believe is required to appropriately deal with an incident; crisis coordination, cyber security and data protection law, regulator relations, business impact, and more.