cyber-security incident response retainer services
TRANSCRIPT
Cyber-security Incident Response Retainer Services
1
You don’t want to wait for the inevitable. You want to be prepared, with confidence in your ability to manage the threats and risks you face.
Our incident response retainer services will provide you the confidence, and allow for rapid and on-demand access to a pool of highly skilled and experienced incident response professionals around the world, as well as a range of PwC services designed to support you when your business is at risk.
We work as your strategic and tactical advisors as well as arms and legs of your team, supporting your incident response and subsequent remediation and transformation efforts. Our teams (both in Mainland China/Hong Kong and at your overseas locations) maintain local presence and communications with your people. We can deploy our team with the minimum time period and cost overhead.
Cyber security incidents are firmly on the agenda: What should you do to prepare and respond?
• Combining live network and endpoint visibility provides direct access to adversaries actions
• Recognise adversary patterns, TTPs, etc.
• Containment and eradication strategies are carefully scripted
• Business returns to normal with accepted levels of risk and impact
Rapid Return to Operations
Containment & Eradication Strategies
Active Remediation
Endpoint Visibility
Digital Forensics & Malware Analysis
Network Monitoring
Log, Event & Access Analytics
Recursive Artifact
Analysis
Real-time Endpoint & Network Visibility
Actionable Threat Intelligence
2
Cyber security incidents have become unavoidable and significant concerns not just for your executive management team and board of directors, but for regulators, customers, and investors too. The scale and sophistication of cyber security incidents are increasing every year, and keeping pace with evolving attacker tools and techniques for any organisations has become a very difficult task.
Are you prepared to respond to a cyber security incident?
1. Integration
Our incident managers will understand the incident, the response structures in place and the actions that have already been taken.
5. Chief of staff
We will provide senior and experienced staff to ensure the Crisis Management Team operates effectively under the most difficult circumstances.
2. Structure
We will help define a suitable response team structure, and a plan that includes communications with all relevant stakeholders.
6. Business continuity
We will work with individual business units and recovery work stream leaders to define the priorities that will ensure effective business resumption and continuity.
3. Information management
We will apply the relevant tools and templates that will support senior leaders and enable sound strategic decision making.
7. Project management
We will track and report to you the level of resources deployed across the response effort, expenditure and invoicing.
4. Technical translation
Our incident managers can clearly communicate complex technical matters into business language so implications can be easily understood at all levels.
8. Breach readiness assessment
Using a tool we have developed, we can help you to understand your level of technical preparedness to respond to a data breach.
If you don't have a clear or positive answer, you may need to consider some of the important actions listed below and we can work with your organisation to help.
What questions should you be asking?
• Are you prepared to respond to a cyber security incident, including your executive management team and board of directors?
• Do you have plans in place to respond to, and recover from, the most likely attack scenarios?
• Do you already have arrangements in place to meet regulatory requirements on incident handling (e.g., Hong Kong Monetary Authority’s C-RAF 2.0)
• Do you have experts on call and ready to respond to a cyber incident?
• Do you have the capability to contain and limit the impact of a breach?
3
Our response to every incident is tailored, depending on the situation and your desired outcomes. We will work with you to identify the experts you feel will best support you as part of the incident you are facing.
How PwC can help
Our retainers provide global, on-demand, 24x7x365 access to a specialist cyber incident response team in the event of a cyber incident. Benefits include:
1
2
3
4
5
A rapid and effective response to reduce the impact of an incident, with no need to onboard a provider whilst under duress, which could delay your response.
Customisable service agreements to suit your specific business requirements.
Availability of relevant reporting and data to demonstrate compliance to stakeholders and regulators.
Detailed and effective breach notification support, in alignment with regulatory requirements.
Access to a wide-range of cyber security, forensic, business advisory and legal experts – all of whom are experienced in working closely together in times of crisis.
Initial and regular workshops to understand your business, IT infrastructure, and existing incident response policies and procedures that can help ensure an effective response immediately following discovery of an incident.
On-site and remote response SLAs.
Multiple escalation channels including a 24/7 emergency response telephone hotline.
Crisis preparedness and management support, where it is needed, from board-level executives to first-responder teams.
Access to our customised incident report templates, and a range of other PwC resources.
Unused retainer hours can be used on readiness and cyber security advisory services, to maximise your return on investment.
Rapid access to a range of additional cyber security services (including threat intelligence and threat detection) to inform a wider security strategy.
3 Expert
Highly experienced in digital forensics and incident response
Certified by CRESTCertified by GIAC
Holistic end-to-end experts (legal, crisis, business, etc.)
2 Effective
ReadinessInclusive IR hours per year
Workshop to review readiness of IT estate & IR processes + IR testing
80 hours (plus option to invest more at silver discount rates)
Silver + monthly onsite days
140 hours (plus option to invest more at gold discount rates)
1 Rapid
24/7 Incident response hotline
Remote support Onsite support
First responder contact within 4 hours (Monday – Sunday 9-5)
Onsite support next working day to pre-agreed locations
First responder contact within 2 hours
Onsite support within 24 hours to pre-agreed locations
Silver
Gold
We apply what we believe to be three essential qualities across our two incident response retainer tiers
4
7 key features of PwC’s incident response retainers:
Get in touch with us
This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
© 2021 PricewaterhouseCoopers Limited. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
Kenneth WongCybersecurity and Privacy Leader, Risk Assurance, Asia Pacific and Mainland China/Hong Kong
+852 2289 [email protected]
Felix KanPartner
+852 2289 [email protected]
Kok Tin GanPartner
+852 2289 [email protected]
Ross XiaoPartner
+852 2289 [email protected]
Gary NgPartner
+852 2289 [email protected]
Luke GrothPartner
+852 2289 [email protected]