{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
With cyber security attacks developing in scope, complexity and sophistication, assessing cyber resilience and security audit has become an integral part of business operations, and financial institutions make particularly high risk targets. In 2018, the Association of Banks in Singapore, with support from the Monetary Authority of Singapore, released the Adversary Attack Simulation Exercise guidelines (or red teaming guidelines) to help financial institutions build resilience against targeted cyber-attacks that could adversely impact their critical functions. In January 2021, the Monetary Authority of Singapore (MAS) published the revised MAS Technology Risk Management Guidelines for the financial sector, which included best practices and principles for cyber resilience - including performing red teaming simulations to validate cyber defence models.
According to PwC’s Digital Trust Insights Survey 2021 - Singapore findings, Singapore executives have higher threat outlooks than that of their global counterparts, given the region’s accelerated adoption of new technologies. The highest threat outlooks are for the Internet of Things (65% voted significantly negative impact’ or ‘negative impact’), social engineering attack (61%) and attacks or hacking on cloud service providers (55%).
Often, cyber investments to combat these high threat outlooks are spent on controls or system-specific penetration testing - but these might not provide the closest picture to an organisation’s response in the event of a real-world cyber attack. A red team exercise simulates real-world hacker techniques to test an organisation’s resilience and uncover vulnerabilities in their defences.
Knowing the strength of your own defences is as important as knowing the power of the enemy’s attacks. Red teaming enables an organisation to:
With a CREST accreditation to provide simulated targeted attacks, our award-winning and industry-certified red team members will use real-world hacker techniques to help your organisation test and strengthen your cyber defences from every angle with vulnerability assessments.
Depending on the size and the internet footprint of the organisation, the simulation of the threat scenarios will include:
Our cyber specialists will work with you to define the scope of the assessment, vulnerability scanning of the targets, and various attack scenarios.
The attack scenarios are driven by real-life threat actor tools, techniques and procedures, by drawing on a spectrum of intelligence sources, including past incident response engagements and data, open source intelligence (OSINT tools), and geopolitical intelligence.
We also help you analyse the tactics that might be used in an attack and how an attacker might conduct a compromise and align it with your wider enterprise context digestible for your stakeholders.
We prepare the testing infrastructure and software and execute the agreed attack scenarios. The efficacy of your defense is determined based on an assessment of your organisation’s responses to our Red Team scenarios.
Finally, we collate and analyse evidence from the testing activities, playback and review testing outcomes and client responses and produce a final testing report on the defense resilience.
PwC’s team of 200 experts in risk, compliance, incident and crisis management, strategy and governance brings a proven track record of delivering cyber-attack simulations to reputable companies around the region.
Our award-winning penetration testing professionals are certified to some of the highest global industry standards, including Council of Registered Ethical Security Testers (CREST), Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Wireless Professional (OSWP), Certified Red Team Professional (CRTP), Global Information Assurance Certification Forensic Analyst (GCFA) and GIAC Certified Forensic Examiner (GCFE).