Cyber security threats are a new business reality. With cyber threats increasing in scope and complexity, the loss of intellectual property, customer data and other sensitive information can endanger your entire business. This can not only disrupt business operations, it can also cause serious financial and reputational damage and compromise product integrity, the customer experience, investor confidence, compliance with regulations and much more.
Digital forensic investigation and recovery
KPMG's Cyber Security practice can help you identify, respond to and recover from cyber violations by supplying direct response services. Our professionals have experience in detection, digital forensic investigation and recovery. This can help your company secure evidence, understand what has happened, limit risks and support internal, legal and law enforcement investigations.
The following points are essential in order to fully understand the situation when a cyber incident occurs:
- Checking your information security measures for compliance with contractual obligations and regularly testing them.
- Maintaining a data register.
- Keeping relevant network and system log files for an appropriate period of time for the purposes of forensic investigation, in order to be able to pass on lessons learned to relevant stakeholders.
Following up security and compliance incidents
At KPMG, we help leading businesses worldwide to effectively manage and protect their most valuable data in the context of a wide range of developing threats and scenarios. For example:
- Introducing multifactor authentication for externally accessible services (for instance, services like Outlook Web Access, Office 365 and Citrix).
- If you are using Remote Desktop externally, protecting access behind a VPN or by means of firewall rules which only permit access from authorised external IP addresses.
- Dividing administrator privileges between different accounts for specific administration objectives. This avoids a single administrator account having all privileges, which would render the entire infrastructure vulnerable should an unauthorised party obtain access.
- Carrying out timely security updates for applications and IT systems.
- Keeping adequate backups of your business-critical data outside your IT infrastructure.
We approach cyber security not as a one-off project but as a holistic, adaptive strategy aligned with your business objectives and aimed at delivering value for your company in the long term. This allows you to protect your future and extend your options.
Senior Manager Cyber Technology