CYBER RISK SERVICES (CRS)

Introducing our specialised Cyber Risk Services (CRS), offered by our Enterprise Risk Services (ERS) team of experts.

Our experience spans in several industries and our solutions are customised based on the profile and needs of the client.

Ethical Hacking

Defend against Cyber Attacks

Ethical Hacking - Penetration Testing - can assist our clients in assessing weaknesses and vulnerabilities associated with the organisation's infrastructure in order to prevent cyber attackers from potentially breaching defenses. Our service offering consists of a number of ethical hacking sub-categories: External and Internal Penetration Testing, Wireless Penetration Testing, Application Penetration Testing and Stolen Devices (Phone-Tablet-Laptop) Scenario Penetration Testing.

Cyber Simulation-in-a-box

Are you ready?

The Cyber Simulation scenario and injects have been designed to be used with Board/Senior level participants where they are given Board level roles during the simulation. Through this role-play the participants experience the business impacts and consequences of a major cyber-attack on a mocked-up organisation.

Deloitte Discovery

Computer Forensics Services

Deloitte's Computer Forensic professionals can help our clients in forensic investigations by collecting, preserving and harvesting data. Advanced digital forensics can be conducted through network packet analysis, malware analysis, mobile devices analysis, digital fingerprinting of computer systems and advanced file & system recovery.

Data Leakage Prevention

Information Security Behaviour

Information Security starts with a strong governance structure. This is a proper foundational element of security. In Deloitte's vision, a governance structure should consist of leadership, organisation structures, and processes to safeguard information and people. Our behavioural change approach drives up understanding and engagement for delivering the desired information security behavior for our clients.

Social Engineering

Information to the look-out

In a social engineering engagement, our team of experts evaluate the organisation's employees' level of security awareness in handling social engineering approaches with the goal of conveying confidential information. Our social engineers, i.e. attackers, will counterfeit a specific trustworthy identity to a member of the organisations' staff in order to gather the preferred information.

Security Awareness

People and Technology

Deloitte's team can assist our clients via a complete scope of activities required to develop and improve security awareness: assessments (level of security awareness), designing and delivering content, measuring how security awareness improves and perhaps most importantly, providing support to the organisation to change the internal security culture.

CYBER SIMULATION-IN-A-BOX - ARE YOU READY?

Attackers are increasingly motivated to target an organisation's digital infrastructure for financial, personal and political gain. Our increasing dependency on these systems means the impact of an attack can spread across the business as a whole.

Understanding the Threats

The Cyber Simulation scenario and injects have been designed to be used with Board/Senior level participants where they are given Board level roles during the simulation. Through this role-play the participants experience the business impacts and consequences of a major cyber-attack on a mocked-up organisation.

The simulation is split into two moves.

Move 1: Participants focus on crisis management and strategic decision making. The focus is on assessing information being fed to them from their Crisis Management Support Team (CMST).

Move 2: Participants focus on consequence management, in particular with regard to internal and external communications.

Realistic injects have been developed to convey the scenario to the participants. The injects take a number of different formats including media, emails, social media and phone calls.

"History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did".
Bruce Schneieregal

Why is a cyber attack so impactful?

Many motives and multiple routes of attack which can directly impact shareholders. The following illustration provides examples of cyber attack motivation and method. Preparedness will minimise erosion of value if/ when a significant cyber attack takes place. Motivation, Method and Value relate directly to the way a simulation is designed; developing the scenario, examining the mechanism/response and managing the consequences.

How cyber attacks can affect you:

MOTIVATION
  • Political advantage
  • Hostile intelligence collection
  • Foreign economic interest
  • Business intelligence
  • Competitive advantage
  • Disruption
  • Social or political activism
  • Theft of personal data
 METHOD
  • Password cracking
  • Vulnerability exploits
  • Covert channel attacks
  • Insider attacks
  • SQL injection
  • Virus and Malware propagation
  • System overloading
  • Phishing
  • Pharming
  • Interception
 SHAREHOLDER VALUE
  • Lost service and sales
  • Increase in costs of remediation and retrospective measures
  • Less attractive assets
  • Brand de-valued
  • Reduced confidence among customers and other stakeholders

Cyber Simulation-in-a-box Objectives

  • Explore as the Board the business impact of a major cyber-attack during a two hour interactive and engaging role-play session using a fictitious organization.
  • Experience strategic decision-making during a crisis management period and during a consequence management period.
  • Increase your cyber awareness, highlight potential weaknesses and support consensus building at Board level.

Cyber Simulation-in-a-box Objectives

Benefits

By considering what to do prior to a Cyber Attack, organizations can prepare suitable responses based on the inherent capabilities within the organization. This may lead to efficiency and cost savings before an organization attempts to procure external products and services that duplicate existing capabilities. However, when developing such Cyber Attack mitigation strategy, gaps in an organization's existing cyber defences may be identified, which require specialist services to be procured. An in-depth analysis of the gaps exposed will provide an effective scope for procuring specific Cyber Attack mitigation defences and implement them pre-emptively rather than in the midst of an attack.

Monitoring the conditions that would identify a distressed critical business service, having pre-defined, tested stages within a graceful degradation plan, and having criteria for moving between each state allows an organization to respond quickly to detrimental external stimulus during an attack for detailed assessment and robust corrective measures to be implemented.

World Class Services

  • Our security experts have the same skills and methods hackers use, but can also translate technical issues into business risks.
  • Deloitte has a global reach, with a presence in over 150 countries worldwide.
  • We can support you in solving security issues as a trusted advisor in a vendor-agnostic, but knowledgeable way.
  • Deloitte has been named a leader by Forrester Research, Inc. in Information Security Consulting in a new report, The Forrester WaveTM: Information Security Consulting Services, Q1 2013.

To read this Brochure in full, please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.