Incident and Threat Management

Protecting your business through layered defences

Confidently prepare, identify, respond, investigate and remediate threats.

Unplanned events can arise anywhere, at any time. Each incident is different: some you know in advance; some you know could happen one day and others are just impossible to predict. Therefore, the ability to prepare, respond and emerge stronger from threats and economic crime requires specialised expertise and an understanding of key business issues.

Our PwC services assist you to recognise threat when you see it and manage it dynamically through identifying your critical assets and processes and developing resilience plans to protect them from major incidents.

Threat and Vulnerability Management

Your Challenges

  • Are you aware of the vulnerability of your information systems and how critical they are?
  • Are you managing vulnerabilities in compliance with the latest regulations?
  • Have you already assessed the effectiveness of your patch and vulnerability management processes?
  • Are you satisfied that your network is adequately secured against a malicious hacker?
  • Are you willing to test the overall effectiveness of your security infrastructure?
  • Are you willing to test your organisation’s ability to respond to advanced attacks through real simulation exercises?
  • Do you want to detect insecure coding practices in your application source code?
  • Is your application stable under various loads and responds quickly enough for the potential users?

How can we help you?

  • Scan your externally exposed systems and internal infrastructure.
  • Red, Blue and Purple team exercises.
  • Static and dynamic analysis of web application and mobile applications performed with automated scanners and tools along with manual assessment.
  • Source code review to identify hidden vulnerabilities in the application source code.
  • Performance testing to measure the speed, accuracy and stability of the application being used by your organisation.

Key benefits

  • Prevent your data from being stolen and protect your environment against security breaches.
  • Assess and measure the status and effectiveness of security measures in your organisation.
  • Reduced risk of attacks exploiting known vulnerabilities (e.g. WannyCry).
  • Measure performance of your applications to help you gauge the scalability, efficiency and speed of your software, which in turn helps to improve your business performance.

Social Engineering

Your Challenges

  • Are your employees aware of the common attack vectors?
  • Are you willing to know how many employees in your organisations are susceptible to phishing or vishing attacks?
  • Do you want to assess the security awareness culture of your organisation and find out how effective is your security awareness training?

How can we help you?

  • Customised phishing/ vishing and smishing campaign simulations to determine how many employees are prone targets to cyber attackers.
  • Conduct tailgating scenarios to access your office premises without going through the security controls in place to check the existing effectiveness.
  • Wireless Testing / Rogue Access Point simulations to test the ability of employees detecting rogue access points in a heterogeneous network consisting of wireless and wired subnets.
  • Ransomware Attack Simulation which will evaluate the effectiveness of your organisation’s security monitoring and incident response teams, and awareness of employees about the risk of ransomwares.

Key benefits

  • Social engineering exercises simulate the real-world for e.g. phishing attacks to highlight cybercriminal tactics and test employee susceptibility.
  • Your employees are trained in the types, examples and scenarios of social engineering attacks.

Operational Technology (OT)

The focus of the cybersecurity industry has been on developing solutions for the enterprise Information Technology (IT) systems. There is now increasing attention on Industrial Control Systems (ICS) or Operational Technology (OT) systems - the integration of hardware and software with network connectivity to control industrial processes.

The term ‘operational technology’ (OT) refers to the hardware and software used to control industrial processes and infrastructure, particularly in industries such as energy, mining, utilities, manufacturing and transport. A cyber-attack on an OT environment can have serious and wide-ranging consequences beyond just financial losses - including prolonged outages of critical services, environmental damage and even the loss of human life.

As Mauritius moves towards a Smart City, the increasing integration of IT and OT systems means that any disruption of OT systems will potentially have a cascading impact across sectors. 

Your Challenges

  • Are your OT systems well protected and secured?
  • Are you willing to test the overall effectiveness in your OT networks, process control systems and critical infrastructure?
  • Do you want to understand cybersecurity risks pertaining to OT systems and applying cybersecurity controls and best practices?
  • Is your business reliant on OT networks to control your critical industrial operations and do you need assistance to enhance the cybersecurity posture of your OT systems?

How can we help you?

  • Risk assessment and management of OT system.
  • Identification of key vulnerabilities and configuration issues in the OT system.
  • Identification of various routes that an attacker could use to break into the OT system.
  • Training operators to senior management on cyber security for OT systems to provide an understanding of cybersecurity risks pertaining to OT systems and applying cybersecurity controls and best practices.
  • Developing the strategy and roadmap in enhancing the cybersecurity posture of the OT systems.
  • Identification of relevant technology and solutions for implementation.

Key benefits

  • We help you recognise and understand the threats and risks and recommend mitigation controls against the security vulnerabilities that can potentially impact your OT systems.

Digital Forensics Investigation

Transforming information into intelligence.

We investigate and solve questions that arise; we work with companies to turn that trusted knowledge into action, creating confidence and clarity.

Your Challenges

  • Do you have suspicions of unusual user activity?
  • Do you need to investigate the causes of a security incident?
  • Do you need evidence for the establishment, exercise or defence of legal claims?

How can we help you?

  • eDiscovery, Identification and investigation of computer and cyber related irregularities 
  • Analyse and extract valuable information from emails that could lead to the identity and/or location of the offender.
  • Assist in collecting and preserving footage and digital images from digital cameras and surveillance networks with the aim of enhancing and analysing the footage for investigative and review purposes.

Key benefits

  • Our combination of computer forensics, data imaging, cyber surveillance and fraud prevention can help you preserve any evidence in its most original form and make informed decisions.
  • The processes and software tools we use are consistent with those utilised by international law enforcement agencies and accepted by courts in most countries.
  • If you opt to proceed to a legal prosecution, our experience and reporting techniques can assist to present the findings of the incident analysis in such a way that is scientifically and forensically sound.

Incident Readiness and Management

Your Challenges

  • Are you willing to strengthen your organisation’s ability to detect, respond to and recover from security incidents?
  • Do you need immediate assistance to respond to a serious incident?

How can we help you?

  • Define incident management framework (policies and procedures)from incident detection to classification, response and recovery.
  • Definition of incident response playbooks which describe the actions to be taken for each type of common incident.
  • Assessment of your organisation’s incident response management capabilities.
  • Assistance in responding to major security incidents.
  • Assistance in managing public relations (e.g. with the media) and reporting incidents to national authorities (e.g. Data Protection Office).
  • Specialist training for incident response teams.

Key benefits

  • Reducing the financial, reputational and legal impact of security incidents.

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

Contact Us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Jean-Pierre Young

Jean-Pierre Young

Advisory Leader, PwC Mauritius

Tel: +230 404 5028

Vikas Sharma

Vikas Sharma

Consulting, Partner, PwC Mauritius

Tel: +230 404 5015

Hide