Information technology (IT) services

Today, information systems (IS) play the main role in ensuring the operation of the critical infrastructure for business and government. In the era of digitalisation, using critical IT systems for information storage, processing and transmission complicates their protection, especially given the global trend with growing numbers of information attacks that cause significant losses of funds, property and reputation. To efficiently protect against cyberattacks, companies need an objective assessment of their IS security level – it is for these purposes that we encourage you to use our security evaluation and audit services.

Evaluate your cybersecurity capabilities using PwC’s security analysis service:

• IT security documentation analysis for regulatory compliance
• User access and rights analysis
• End user workstations analysis
• Network equipment and IT security systems analysis
• Threat identification
• Data processing and information leakage analysis
• Analysis of attacker’s behaviour during attack
• Network security check using vulnerability scanners and a pentest (an authorised cyberattack simulation)
• Preparing and improving your IT security documentation
• Devising a plan for final reporting and eliminating weaknesses.

Cybercriminals are rapidly evolving and using increasingly newer and more efficient technologies (ML and AI) in creating threats. Hackers can be outside or inside your company (often employed by it for years). It may well be that your company’s information resources are being tested and hacked, as autonomous viruses can carry out such unauthorised actions constantly. How cybersecure is your IT infrastructure? How can you proactively identify potential threats before they materialise? How can you avoid losing reputation in the eyes of customers? PwC ITS pentest team can help answer all these questions.

We test the cybersecurity of infrastructure and apps with a focus on identifying and exploiting vulnerabilities inherent in business critical IT infrastructure and apps (internal and external):

• Comprehensive infrastructure pentest
• Security checks of Web, Cloud, Mobile and other external resources
• Pentest using Black, White or Grey Box principles
• Drawing up recommendations to mitigate known security vulnerabilities
• Cybersecurity team’s response efficiency assessment
• Source code analysis (dynamic or static)
• Your company’s digital identity threat assessment (OSINT).

With most of today’s work being done remotely, companies often use cloud platforms where file sharing and storage is the norm. This is a challenge for companies needing to know exactly where their sensitive or regulatory data is located and what kind of data it is (structured or unstructured). We also need to understand who is working with this data and who is accessing it, and whether your company needs this data, with more questions that are sometimes even impossible to answer.

Given the mutual compatibility of today’s business processes, data is held across multiple systems, apps, databases and shared files, making their protection, authentication and confidentiality a challenge for companies. Data discovery, classification and efficient management are a range of services designed to fully identify corporate data and ensure appropriate controls are in place to implement best security practice and regulatory compliance measures. This also helps companies choose more efficiently the right systems for data protection and avoid future data leakage incidents and unauthorised access incidents.

PwC ITS data discovery and structuring experts will help you answer all these questions:

• What value does data carry?
• Can you trust your data?
• What happened and why?
• What could happen next?
• Is knowledge transferred to the right people at the right time?
• What are your company’s data analytics processes?

According to market researchers, 90% of vulnerabilities exist in app source codes deeply buried in the developers’ workstations and not accessible to most security tools and tests.

Unfortunately most companies do not subject their app source codes to security checks and analysis, which causes dangerous security gaps in the stages between the new app development stage and their full-fledged launch in a production environment.

PwC ITS cybersecurity experts will carry out an in-depth analysis of your app codes to detect security vulnerabilities in:

• Input validation logic
• Memory management
• Authentication
• API integrity and applicability etc.

We have created a unique cybersecurity Escape Room where companies can check the cybersecurity knowledge and skills of their employees in an informal setting, as well as paying attention to common cybersecurity risks and how to avoid them.

Our experience suggests that one of the biggest security vulnerabilities is the human. No matter how much your company invests in security tools, platforms and infrastructure, an untrained and uneducated employee will cause the biggest threats to your information security. During our social engineering tests, in about 78% of cases we penetrated the customer’s infrastructure through targeted employees. To prevent this, employees need to be educated on IT security issues not only theoretically but also practically so we encourage you to try our cybersecurity Escape Room simulation, which includes an informative lecture on IT security from PwC ITS experts and a hands-on game. Our cybersecurity Escape Room is suitable for a group of 10–20 participants.

The simulation participants help a hacker carry out a successful cyberattack. They act as hackers and carry out key types of cyberattack in a safe environment. The participants familiarise themselves with current cyberpenetration methods such as SQL injections and password attacks.

Our Escape Room will help you answer key questions and improve the understanding of cybersecurity among your employees:

• What bad habits do your employees have in terms of data protection?
• What serious damage can careless data protection cause?
• How can you develop your understanding of data protection?
• How to protect your company secrets and confidential information?