Cyber Attack & Readiness Evaluation

Cybersecurity at PwC: we focus on risks

Cyber Attack & Readiness Evaluation

CARE is a new service designed by PwC to help clients evaluate their security posture – their ability to deal with the main threats of our cyber world − in an easy and understandable way.

How does CARE work? First, we do a workshop with you to evaluate online your risk appetite and the measures currently in place to mitigate your exposure to the main cyber risks. We then challenge these responses with a technical evaluation of your readiness. 

This service is primarily designed for small and medium-sized enterprises, but it is  modular and scalable to any size and field of activity. We have credentials in a range  of industries including public administrations, banks, consumer and luxury goods. Our modular approach with the services is described below.

We also provide an online free self-assessment which will give you an initial overview of your exposure to cyber risks and the maturity of your controls.


pwc-cyber-circle-here

Our Services

Self-assessment

Get an initial overview of your cyber risks and maturity level

The purpose of the self-assessment is to provide you an initial overview of your exposure to cyber risks and the maturity level of your controls.
In this phase, you will complete an online questionnaire to evaluate your risks and the maturity of your security controls. We have based our set of controls on the ICT Minimum Standard from the Federal Office for National Economic Supply FONES.

 

Concise report

A report with a concise view of your cyber risks and your current maturity level based on the answers that you have provided.

Cyber Risk Evaluation

Know the risks before it starts to hurt

The purpose of a Cyber Risk evaluation is to identify potential problems before they occur. This enables you to plan risk-mitigating measures and invoke them as needed across your information systems or projects.

In this phase, we will go through an online questionnaire to evaluate your risks and the maturity of your security controls. We have based our set of controls on the ICT Minimum Standard from the Federal Office for National Economic Supply FONES.

 

Pragmatic recommendations

  • A report with a complete list of severe cyber risks and an executive summary summing up your current maturity level
  • For the defined scope, a detailed report in an electronic format that will be prepared for and presented to various bodies within your organisation
  • A project plan covering all project activities planned at all phases of the engagement after the initial mobilisation phase

External Security Assessment

What are the open windows? Can they be used for an attack?

The external security assessment can be executed in two phases, depending on your needs.
First we run an external vulnerability scan, which is a simple out-of-the-box solution for rapidly identifying weak points in your company’s network that could be exploited by hackers. 
The penetration testing is then conducted to discover the depth of the problem and finds out exactly what type of damage could be done if a vulnerability were exploited.

 

Give your IT Department clear tasks and a roadmap


Depending on the services that were chosen, you will receive the following deliverables:

  • An exhaustive report with a list of the known vulnerabilities discovered while performing the scan. The report will also outline the steps needed to fix these vulnerabilities (i.e. the relevant patches to apply).
  • A more detailed report with observations and recommendations, including quick wins. It describes the methodology used for our penetration exercise, the assumptions taken and the business impact of the ‘hack’.

Phishing Awareness Campaign

Challenging the ‘weakest link’

Phishing is the most frequently used technique by hackers to gain an initial foothold in a company’s network. Phishing enjoys a high success rate as it targets the weakest component of the security chain: human beings! Our awareness campaign simulates a phishing attack by sending a credible email to a defined group of people asking them to perform a particular action (for example clicking on a link or opening an attachment) which could compromise the end-user device or lure the recipient into disclosing confidential information. 

 

A report on how to be ‘phished’ less

Every action of the tested group will be recorded and summarised in a report. It will outline the response of your employees (e.g. the number of people who clicked on the link, opened the attachment and provided their credentials) so that you can effectively gauge their level of awareness and/or determine the effect of any training they may have done in this area.

Cyber Awareness Workshop for Executives

Awareness training for executives

Given the rapidly evolving nature of cyberrisk, company directors and executives have to be kept regularly up to speed on the salient technology and developments in cyber risk. 

Our Game of Threats ™ session will help your executives or colleagues understand, try out, iterate and play a near real hack use case with our interactive tool.

 

Awareness report

You’ll receive a presentation which summarises the key findings observed during our session with practical actions.

Our modular approach

We have designed a scalable and adaptive service model to gear our services to your needs and size. Depending on the depth of the assessment required and your experience and knowledge of cybersecurity, you may need a certain level  of technical and human behaviour evaluation. Let’s tailor your package together!

 

Contact us to help you choose the service the most adapted to your needs

Please contact us to get a free self-assessment or find out how we can help you to get better prepared against cyber risks with our new CARE service offering


Contact us

Yan Borboën

Partner Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 84 59

Alexandre Baranov

Assistant Manager Cybersecurity & Privacy, PwC Switzerland

Tel: +41 58 792 91 00