Featured - 4 items
Focus on cybersecurity and privacy to achieve your goals
As companies pivot toward a digital business model, exponentially more data is generated and shared among organizations, partners and customers. This digital information has become the lifeblood of the interconnected business ecosystem and is increasingly valuable to organizations—and to skilled threat actors. Business digitization also has exposed companies to new digital vulnerabilities, making effective cybersecurity and privacy more important than ever.
PwC offers services that address challenges which relate to cybersecurity and privacy threats, organizational changes, and regulatory requirements for organizations.
Key issues
- Increased risk of organized crime, hacktivism, and cyber-terrorism
- Increased media attention that leads to brand risk, related to cyber attacks
- Hyper-connected, borderless technology and business environments
- Difficulty finding and retaining highly-skilled security resources
- Increased number and complexity of privacy and regulatory mandates
- Imposing of fines and penalties for non-compliance
- Increased need for privacy and security for compliance with regulatory requirements
Increased risk of organized crime, hacktivism, and cyber-terrorism
As organizations switch to digitization of information, the digital landscape becomes a new attack vector for crime, activism, and terrorism. Critical information that pass through the cyber landscape provide malicious actors a trove of valuable data which they can obtain illegally and use for their own purposes.
Increased media attention that leads to brand risk, related to cyber attacks
As organizations widely use web and mobile applications to spread information and promote their organizations, this has become an attack vector used by malicious actors focusing on defacement, man-in-the-middle attacks, or stealing of customer information which may lead to reputational damages to the organization.
Hyper-connected, borderless technology and business environments
Interconnection of devices and the internet made it easy for organizations to reach out to their customers and its employees, but this setup presents security concerns in the network of the organization. Malicious actors can use vulnerabilities in these areas to gain unauthorized access and obtain company and customer information.
Difficulty finding and retaining highly-skilled security resources
As cyber attacks become more complex, fewer talents and resources are able to cope up with these newer threats. Organizations put in constant effort to strengthen their cybersecurity defenses, policies, and practices by relying on knowledgeable personnel who knows how cyber attacks work.
Increased number and complexity of privacy and regulatory mandates
Governments want organizations to comply with strict regulatory requirements to protect customer Personal Identifiable Information (PII) from malicious actors the cause data leakage and breaches.
Imposing of fines and penalties for non-compliance
Connected with governments imposing regulatory requirements to organizations, they impose heavy fines and penalties to those who do not comply with these regulations. Organizations are required to protect customer information not only for the resilience of the organization, but also as required by the law.
Increased need for privacy and security for compliance with regulatory requirements
Organizations need to address both the resiliency of the business to cyber attacks whilst addressing the regulatory requirements of the government on organizations. This addresses both the operational and compliance aspects of cybersecurity resilience.
Vulnerability Assessment and Penetration Testing (VAPT)
Perform black-box to gray-box Vulnerability Assessments on the client network, web application, mobile application, wireless LAN connection, VoIP devices, servers and workstations, whichever covers the requirements of the organization, to identify weaknesses and subsequently perform Penetration Testing to check if publicly-available and advanced exploits can be used on these vulnerabilities to obtain, perform unauthorized transactions, or exfiltrate critical data from the organization. Report these weaknesses and exploits to client management and work with the IT department to remediate and retest these observations.
Social Engineering
Perform campaigns or simulations which assess the social engineering awareness of an organization’s employees by testing how will the employees react in case a social engineering attack is conducted to them. This scope also includes the assessment of implemented security hygiene in the organization, tolerance to unauthorized physical intrusion, and conducting security awareness trainings as required or requested by the organization for their employees.
Data Privacy Services
Perform data privacy services which include system and DPO Registration, Privacy Compliance Advisory, Privacy Impact Assessment, Privacy Assessment , Development of PIMS Manual and Policies, Data Privacy Awareness Training, and Staff Augmentation to ensure a comprehensive process of safeguarding personal information, maintaining regulatory compliance and mitigating privacy risks associated with data handling.
Other services
Related Content
Contact us
Mark Anthony P. Almodovar
Risk Assurance Executive Director, PwC Philippines
Tel: +63 (2) 8845 2728
Follow PwC Philippines
