Cyber Security

Building confidence in your digital future.

We believe that confidence in your cyber security arrangements is essential in today’s business context.

Confidence means being aware of your cyber security risks, being able to assess which threats could affect your business the most, and having the agility to deal with current and emerging threats quickly and efficiently, across the entire Africa region.

But doing so requires resource flexibility, capacity and capability with the potential to challenge accepted norms. This is particularly challenging given the extent of security skill and capacity in most organisations.

You cannot do this alone.

With PwC as your cyber security partner, you’ll not only be able to leverage our experience and expertise but also our global perspectives – to protect what matters most to you, making the most of available resources and effectively leveraging the strengths of your partners and service providers – PwC included.

Outlined here are the six lenses of confidence that we see as essential to helping you embed cyber security at the very heart of your business, linked to our core service capabilities.

How we can help

In the last two decades, the technology revolution has changed the way we all go about our business.

While offering opportunities for innovation and productivity, the Cyber era also presents new risks and challenges. Illustrated in the ecosystem to the right, from governments and their citizens to businesses and their employees and customers, we are all connected and affected by cyber risks.

The cyber supply chain has removed the traditional security perimeter as enterprises adopt cloud, mobile and social technologies, and invest in third party business relationships.

There’s no such thing as perfect security. An agile and commercially pragmatic approach is essential for the growth and innovation required to thrive in the new world.

The cyber ecosystem is complex and fast. While it’s necessary to invest in protection, incidents will occur. Rapid response is key to minimising brand damage and financial loss.

Protection, detection and response are interdependent. Leading practice needs a cohesive relationship between technology risk, information security, forensics and operational teams.

Our Cyber lifecycle

Confidence in your people

People make critical security decisions every day.

Disappearing organisational boundaries mean that you can no longer rely on technology alone. You need to make sure your people understand security and act securely.

We can help you foster secure behaviours by shaping your culture and designing processes, systems and roles with human vulnerability in mind.

View more

Confidence in your technology

Technology underpins your business.

As your business changes so should your technology. While embracing the new, you still need to protect legacy technology and information against cyber threats.

We can help you understand the inherent risks of your technology and how to mitigate them.

View more

Confidence in your priorities

Addressing cyber threats helps you prioritise what matters most. Being prepared for changes in the digital era will help you get your priorities straight. A ‘cyber savvy’ governance and management structure means you can prioritise opportunities and know where you can afford to take risks.

We can help you to recognise your key tangible and intangible assets and align your security strategy to your priorities.

View more

Confidence to take risks

Digital opportunities cannot be realised without managing the inherent risks.

Some risks are worth taking, but if you’re struggling to manage the downside, you won’t be able to take advantage of the upside.

We can help you consider your interactions within the digital world and assess where and how they impact your past, present and future.

View more

Confidence during a crisis

Cyber attacks are now commonplace.

Resilience means being able to react quickly and effectively when compromised. Being aware of and prepared for threats will help you prevent incidents and react to them quickly enough to reduce their impact, and prevent them becoming a crisis.

We can help you protect what’s important, detect intruders, dealwith the regulators and minimise your exposure when you’re compromised.

View more

Confidence in your connections

Organisations exist in an increasingly complex digital ecosystem.

We share information and transact digitally more than ever before. Your digital relationships with customers, suppliers and others expose you to new areas of risk that need to be managed.

We can help you assess your connections, negotiate robust contracts and build an agile risk management framework, adept at keeping pace as your collaborative networks evolve.

View more

Our service offering

Strategy and policy is about…

  • Investing to enhance cyber resilience
  • Understanding and adapting to changes in the cyber risk environment
  • Defining security policy and the mandatory requirements that your business users, and third parties must adhere to
  • Communicating security posture and risk decisions to drive a cyber aware culture

Considerations…

  • Is our cyber strategy and policy aligned to our business model and strategy?
  • Do we understand what information is most valuable, where it is located, and how it impacts the customer experience?
  • Does the strategy and policy consider the full scope of security and resilience risks:
    technical, physical, process, and people?
  • Have we assessed the full impact of business disruption, and do we understand our reliance on critical systems, service providers and suppliers?
  • Do employees understand their role in protecting information assets?

Protect is about…

  • Taking advantage of new technologies, safely
  • Cost effective, repeatable and scalable cyber resilience
  • Security, privacy and resilience by design
  • Controlling access to business critical information
  • Understanding the effectiveness of security and controls before going live

Considerations…

  • How is cyber resilience managed for new systems, projects or product launches? Is it cost effective?
  • Are your cyber resilience skills broad, scalable and flexible to deal with spikes in business demand?
  • Is cyber resilience seen as a hand brake or an enabler?

Operate is about…

  • Understanding your vulnerabilities, monitoring security events and maintaining operational performance
  • Understanding all cyber risks – Government agencies and industry peers sharing intelligence
  • Continually assessing risks and re-testing security and controls
  • Reporting cyber risks and status to the executive and board

Considerations…

  • Are your cyber operations cost effective? 
  • Is your security and control testing program risk based?
  • Is your monitoring capability flexible and scalable?
  • How do you know when you have a breach?
  • How do you know your service providers effectively manage cyber risks?

Respond is about…

  • Having people, systems and processes in place to respond immediately
  • Maintaining capability that is scalable and cost-effective
  • A proven approach to containing the incident and minimising damage
  • Teamwork between all stakeholders including outsourced service providers to minimise brand damage and financial loss

Considerations...

  • What would happen if you had a major systems outage or customer information breach? Are you prepared? Do you have a plan to respond? 
  • What are the protocols when responding to cyber threats or incidents?
  • Do you have a plan to manage external stakeholders, customers and regulators?

Remediate is about...

  • Root cause analysis of cyber events to enhance your cyber strategy
  • Using intelligence, monitoring and testing results to improve cyber resilience
  • Understanding and communicating risks and cost effectively fixing problems
  • Training and sharing of lessons learnt

Considerations…

  • When you experience a cyber incident, how do you fix the problem so it won’t happen again?
  • Do you learn from other organisation’s issues? 
  • Do you regularly reassess your cyber risk appetite?
  • Do you have a culture of cyber resilience?
  • Are you leveraging analytics to understand incidents and identify systemic issues and root causes?

The services you can draw on

Understanding your capabilities and maturity to help you prioritise your improvement programs

Cyber security diagnostics, maturity assessments and benchmarking:

  • Governance
  • Threat intelligence
  • Control effectiveness
  • Third party management
  • Incident response and resilience

Cyber security capability “deep dives”:

  • Strategy reviews
  • Compliance reviews
  • Skills assessments
  • Threat landscape assessments
  • Vulnerability assessments and penetration testing
  • Red/Blue team exercises
  • Third party risk assessments
  • Incident preparedness exercises
  • Cloud security assessments

Designing and delivering on your cyber security improvement programme

Framework implementation

  • Establish security management systems (e.g. ISO 2700x)
  • Build industry compliance programmes (e.g. PCI/DSS)
  • Develop security MIS platforms

Capability build

  • Create a cyber secure culture
  • Cyber skills development and training
  • Strategic staff secondments

Operations enablement

  • SOC design and development
  • Data leak management
  • Access governance
  • Vulnerability management
  • Threat modelling and management
  • Incident readiness and response
  • Advanced threat protection

Rapid, global access to leading cyber incident containment, investigation and crisis management expertise

  • Computer, network and malware forensics
  • Network intrusion containment and remediation
  • Threat hunting
  • Fraud and eCrime investigations
  • Regulatory proceedings
  • Crisis management
  • e-Discovery
  • Expert witness services in support of legal actions
  • Surveillance

Outsourced managed security services to enable you to focus on strategic priorities

  • Vulnerability management as a service
  • Access governance as a service
  • SIEMplus
  • Security event and incident management services
  • Advanced threat detection and monitoring
  • Threat intelligence
  • Retained incident response service
  • Cyber defence

Contact us

Sidriaan de Villiers
Partner - Oracle
Tel: +27 (0)11 797 5411
Email

Busi Mathe
Partner
Tel: +27 (0)11 797 4875
Email

Follow us