Continuous Cyber Attack and Readiness Evaluation

Continuous Cyber Attack and Readiness Evaluation

Cybersecurity is not a matter of a few days a year

A tool designed by PwC to assess continuously your readiness to face cyber attacks

In response to the continuing evolution of cyber threats and the cyber landscapes of our clients, PwC has developed a subscription-based version of our existing Cyber Attack and Readiness Evaluation offering to help organisations assess their security posture over time. This new approach is called ‘Continuous Cyber Attack and Readiness Evaluation’.

How does Cyber Attack and Readiness Evaluation continuous work?

Via our online questionnaire, we evaluate your risk appetite and the measures currently in place to mitigate your exposure to the main cyber risks. We challenge your answers with continuous technical evaluations of your websites’ cyber-resilience using ImmuniWeb® Discovery 2.0. In parallel, our experts raise the global awareness of your employees through regular and realistic phishing campaigns. This enables you to identify potential problems before they occur and to plan and deploy risk mitigation measures as needed across your information systems.

Continuous CARE is based on the existing offering, which we have applied successfully in a range of industries, including public administration, banking, consumer goods and luxury goods. You can learn more about our standard CARE offer on our Cyber Attack and Readiness Evaluation web page.

Our modular approach

Our modular approach comprises three service lines, each covering a key dimension of cybersecurity

Annual Cyber Risk Evaluation

Annual Cyber Risk Evaluation

Service Overview:
Know the risks that your organisation faces and track their evolution

Every year, we use an online questionnaire to re-evaluate your cyber risk landscape, processes and security controls. We base our set of controls on the Minimum ICT Standard published by Switzerland’s Federal Office for National Economic Supply (FONES).

The purpose of our annual cyber risk evaluation is to identify the maturity of your security procedures and controls against our experts’ expected state and determine the level of cyber risks you face. On the basis of our observations and recommendations, you will be able to plan mitigation measures, prioritise their deployment and raise the maturity of your cyber processes and controls

 

Deliverables:
Pragmatic recommendations

You will receive an annual cyber risk and security controls maturity evaluation comprising an executive summary of the current maturity level of your controls, your posture in relation to a standardised set of cyber risks and our detailed observations.

Each annual evaluation comes with prioritised actions that we recommend in order to raise the maturity of your security controls, close any cyber security gaps that are discovered and protect against the identified threats.

We make an annual presentation of our conclusions to various relevant bodies within your organisation.

Continuous Technical Evaluation of your web solutions

Continuous Technical Evaluation of your web solutions

Service Overview:
What are your current exposures?

We will perform continuous automated external vulnerability scans of your web sites through our partnership with ImmuniWeb® and its Discovery 2.0 tool. Performed at any time 24/7, these scans will detect changes in the security posture of the monitored websites.

An external vulnerability scan is a simple out-of-the-box solution for rapidly identifying weak points in your company’s web solutions that could be exploited by hackers.

 

Deliverables:
Gives your IT clear tasks, a roadmap and up-to-date situation reports

You will receive regular comprehensive reports comprising a list of the known vulnerabilities discovered while performing the scan. The report will also outline the steps needed to fix these vulnerabilities (i.e. the relevant patches to apply).

In addition to the reports, you will have access to an ImmuniWeb® Discovery 2.0 web interface, where you will find all of the vulnerabilities and the related indicators, which are updated after each scan.

Monitoring of the dark web and discovery of sensitive data

Discovery and monitoring of sensitive data on the dark web

New service as part of Continuous Cyber Attack and Readiness Evaluation 'Corporate'

Service Overview:
Search for proven data breaches…

We will define together a list of sensitive data to monitor on the dark web using the monitoring services of our partner, ImmuniWeb®.

The continuous monitoring of the dark web is an advanced solution to add reactive capabilities to the proactive dimension of CARE. Monitoring of the dark web will allow you to detect leaked sensitive data following a breach and to react accordingly.

 

Deliverables
…to limit their impact

You will receive regular reports on any sensitive data found on the dark web by ImmuniWeb®.

In the event of a confirmed data leak, PwC will be able to accompany you in your mitigation and remediation efforts through additional consulting or emergency response services.

Phishing Awareness Campaign

Phishing Awareness Campaign

Service Overview:
Keep your staff alert

Phishing is the most frequently used technique by hackers to gain an initial foothold in a company’s infrastructure. It enjoys a high success rate as it targets the weakest component of the security chain: human beings!

Our service simulates real phishing attacks over several months through two awareness campaigns, each covering up to 100 employees. We will send credible emails, adapted to your organisation, to a defined group of people asking them to perform a particular action (for example, clicking on a link or opening an attachment) which could compromise the end-user device or lure the recipient into disclosing confidential information.

 

Deliverables:
Transform your 'weakest link' into part of your cyber strategy

Our phishing campaigns are supported by awareness material. Employees that fall for our simulations have access to explanations on what should have warned them of the phishing attempt.

Every action of the tested group is recorded and summarised in regular reports. The report outlines the responses of your employees (such as the number of people who clicked the link, opened the attachment and provided their credentials) so that you can effectively gauge their level of awareness and/or determine the effectiveness of any awareness campaign you might have performed.

Our modular subscription options

We have designed a scalable service model to gear our services to the needs and size of your company. We can help you customise your package to your needs.

*An annual phishing awareness campaign for 100 employees may be ordered as an option for an additional CHF 99 per month. Other tailored packages can be discussed with our experts.

Subscribe to a cybersecurity offer

Leave your email address and the desired package and we’ll contact you!

This form is protected by reCAPTCHA. Read more about its Privacy Policy and Terms and Conditions.

check
Thank you, we'll get back to you shortly.

Your cybersecurity experts

Urs Küderli
Urs KüderliLeader Cybersecurity Strategy and Transformation, PwC Switzerland
Yan Borboën
Yan BorboënPartner Cybersecurity and Privacy, PwC Switzerland