Skip to content Skip to footer
Search

Loading Results

Cybersecurity

Balancing security and opportunity to move forward boldly

Data analytics

Focus on cybersecurity and privacy to achieve your goals

As companies pivot toward a digital business model, exponentially more data is generated and shared among organizations, partners and customers. This digital information has become the lifeblood of the interconnected business ecosystem and is increasingly valuable to organizations—and to skilled threat actors. Business digitization also has exposed companies to new digital vulnerabilities, making effective cybersecurity and privacy more important than ever.

PwC offers services that address challenges which relate to cybersecurity and privacy threats, organizational changes, and regulatory requirements for organizations.

Key issues

Increased risk of organized crime, hacktivism, and cyber-terrorism

As organizations switch to digitization of information, the digital landscape becomes a new attack vector for crime, activism, and terrorism. Critical information that pass through the cyber landscape provide malicious actors a trove of valuable data which they can obtain illegally and use for their own purposes.

Network Security

Web Application Security

Systems Security

Increased media attention that leads to brand risk, related to cyber attacks

As organizations widely use web and mobile applications to spread information and promote their organizations, this has become an attack vector used by malicious actors focusing on defacement, man-in-the-middle attacks, or stealing of customer information which may lead to reputational damages to the organization.

Web Application Security

Mobile Application Security

Systems Security

 

Increased attention for security and privacy at Boards and Audit Committee levels

As cybersecurity incidents become more common, this has become a real threat to organizations and gained the attention of board-level management and audit committees pushing them to strengthen their cybersecurity defenses to prevent irreversible damage such as data breaches and data leakage which would have an impact on the organization’s reputation.

NIST CSF Assessment

ISO/IEC 27000 Assessment

ISO/IEC 27005 Risk Assessment

Hyper-connected, borderless technology and business environments

Interconnection of devices and the internet made it easy for organizations to reach out to their customers and its employees, but this setup presents security concerns in the network of the organization. Malicious actors can use vulnerabilities in these areas to gain unauthorized access and obtain company and customer information.

Network Security

Web Application Security

Mobile Application Security

Increased reliance on third parties to drive cost effectiveness

There is an increase in the number of organizations that now use cloud services to house their data and applications, the reason being the efficiencies this service provides and the cost-effectiveness of this setup. With these in mind, organizations have to ensure that data and transactions processed through the cloud service are within the organization’s cybersecurity standards to protect customer data and other critical information.

Cloud Management Audit

SWIFT Customer Security Program

Difficulty finding and retaining highly-skilled security resources

As cyber attacks become more complex, fewer talents and resources are able to cope up with these newer threats. Organizations put in constant effort to strengthen their cybersecurity defenses, policies, and practices by relying on knowledgeable personnel who knows how cyber attacks work.

ISO Lead Auditor Secondment

Cybersecurity Professional Secondment

Security Awareness Trainings

Increased number and complexity of privacy and regulatory mandates

Governments want organizations to comply with strict regulatory requirements to protect customer Personal Identifiable Information (PII) from malicious actors the cause data leakage and breaches.

Vulnerability Assessment and Penetration Testing

Security Assessments

Security Awareness Trainings

Imposing of fines and penalties for non-compliance

Connected with governments imposing regulatory requirements to organizations, they impose heavy fines and penalties to those who do not comply with these regulations. Organizations are required to protect customer information not only for the resilience of the organization, but also as required by the law.

Vulnerability Assessment and Penetration Testing

Security Assessments

Security Awareness Trainings

Increased need for privacy and security for compliance with regulatory requirements

Organizations need to address both the resiliency of the business to cyber attacks whilst addressing the regulatory requirements of the government on organizations. This addresses both the operational and compliance aspects of cybersecurity resilience.

Vulnerability Assessment and Penetration Testing

Security Assessments

Security Awareness Trainings

How we can help

Security Assessments

Perform review and assessment of currently-placed policies in the organization and identify gaps when compared with the selected baseline standard such as ISO/IEC 27000 or NIST Cybersecurity Framework (CSF). Assess policies and implementing procedures if these are non-compliant, partially compliant, or in full compliance with the baseline standard.

Learn more
 

Vulnerability Assessment and Penetration Testing (VAPT)

Perform black-box to gray-box Vulnerability Assessments on the client network, web application, mobile application, wireless LAN connection, VoIP devices, servers and workstations, whichever covers the requirements of the organization, to identify weaknesses and subsequently perform Penetration Testing to check if publicly-available and advanced exploits can be used on these vulnerabilities to obtain, perform unauthorized transactions, or exfiltrate critical data from the organization. Report these weaknesses and exploits to client management and work with the IT department to remediate and retest these observations.

Learn more



Social Engineering

Perform campaigns or simulations which assess the social engineering awareness of an organization’s employees by testing how will the employees react in case a social engineering attack is conducted to them. This scope also includes the assessment of implemented security hygiene in the organization, tolerance to unauthorized physical intrusion, and conducting security awareness trainings as required or requested by the organization for their employees.


Learn more



Contact us

Maria Rosell S. Gomez

Maria Rosell S. Gomez

Risk Assurance Partner, PwC Philippines

Tel: +63 (2) 8459 3184

Mark Anthony P. Almodovar

Mark Anthony P. Almodovar

Risk Assurance Director, PwC Philippines

Tel: +63 (2) 8845 2728

Eugene Jerome V. Tan

Eugene Jerome V. Tan

Risk Assurance Manager, PwC Philippines

Follow PwC Philippines

Get in touch with us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide