Threat actors with varying motivations organisations’ networks undetected and gain unauthorised access to critical data. Advanced attackers can maintain access to compromised environments for years without being detected. Research from PwC’s Digital Trust Insights (COVID-19) Pulse Survey 2020 shows that over 50% of businesses have observed increases in the numbers of successful intrusions since February 2020, including from phishing attacks, business email compromises and ransomware.
Organisations need to take a proactive stance towards threat hunting,and seek to identify threats in their IT estate -- and respond quickly and effectively-- to mitigate potential impact.
The most sophisticated threat actors dedicate their time to finding ways of evading detection from traditional defence mechanisms, such as antivirus; we are focused on identifying the cyber attacks that these first lines of defence may have missed. Our service is really about working with you to identify evidence of malicious activity within your IT estate. We do this by:
For situations that require a sustained period of response activities, you will have rapid on-demand access to our global Cyber Incident Response team to help you contain and investigate the incident. Our procedures are grounded in industry best practice, and years of practical experience.
Our service also provides visibility into a range of security risk, health and hygiene indicators that may be placing your environment at an elevated risk. The insights gained from this exercise include the identification of:
PwC investigates many business email compromises, which predominantly consist of attackers gaining access to one or more corporate email accounts to facilitate a financially motivated attack. We investigate email logs for any anomalous activity which could suggest that your organisation is victim to an ongoing business email compromise.
PwC has access to over 600 dark web forums, thousands of chat channels and groups, anonymous message boards, paste sites, and blogs. We investigate these for information related to your company. This could include any evidence that your organisation is being targeted or that sensitive documents are already being leaked or sold on the dark web.
Compromising a website can mean different things, from performing common web-based attacks to expose client data to installing a backdoor granting access to the underlying network. Analysis is performed on an enterprise-wide scale in order to identify any evidence that vulnerabilities in your websites and web applications are being exploited to leak confidential data, or indeed being used as a gateway into your environment.