Information and Cyber Security
How to Respond: Threat intelligence, technology investment, educate staff
The field of information security has evolved with organisations’ investment in, and use of technological developments. Organisations today are able to yield benefits from large-scale collection of data and enhanced connectivity with customers and tried parties through digital platforms. These same factors however also expose organisations to cyber threats. Cyber Security will remain the prominent digital challenge of the 21st century, with attacks becoming increasingly sophisticated and complex (from phishing and sophisticated socially engineered attacks to targeted, advanced persistent attacks). If breached, the consequences are normally significant (including reputational impact, costs from legal claims, and/or increased sanctions due to regulations such as the European, General Regulation).
At BDO we continue to deploy our Cyber Security expertise to help our clients better understand the precise threat scenarios (whether theft of information assets or sabotage of data or online services with ransom request) and the vulnerabilities, relevant to their business, that may allow the threats to materialise.
BDO has a team of information and cyber security experts which, along with our investment in tools and methods, can help bring the latest insights to your business. BDO’s Cyber Security services shape around a number of different solutions, from high level assessments to deeper intrusive assessment of the security configuration.
- Threat and Vulnerability Intelligence Services: We provide a variety of options to meet your needs, including Board awareness training, threat intelligence services with periodic updates of emerging threats, penetration testing to assess the security vulnerabilities exposed by accessible networks and applications, cyber security threat landscaping.
- Security Compliance Services: There are a number of different security standards organisations we may need to adhere to - based on their industry or the data they hold. We have methodologies to help you meet the requirements of various standards, including PCI DSS, Cyber Essentials, ISO27001/2, Gambling Commission compliance.
- Information and Cyber Security Strategy Services: Our experts can help develop or assess your cyber security strategy in the following areas:
- Prevent: Evaluate the security tools and methods in place (including firewall configuration, network security architecture & configuration, identity and access management, secure software development)
- Protect: Assist senior management in identifying ‘crown jewels’ and protecting them from the emerging threat scenarios (including phishing, mobile and ‘BYOD’ devices, cloud-based services, , and more traditional channels such as physical security threats,, and those from the network perimeter.
- Monitoring for Cyber Security Breaches: Evaluate how tools and data analytics are used to detect, assess and report on security attacks or successful security breaches.
- Security Improvement Planning: We understand the most efficient and effective way to manage the security threats. We can work with you to identify appropriate technology solutions, conduct security vendor selection, enhance security management processes, provide assurance over key 3rd party service providers and provide security awareness training to Board or employees.
- Security Incident Response Services including: Cyber Breach readiness: Assess how mature your incident response plans are including, use of tools, methods to help contain the attack, communication strategy and ecovery plans. Cyber Breach response: If attacked and a security breach occurs, BDO’s experts can help you develop an immediate response plan to deal with the risk exposure you face.