Cyber Security

New technologies. Sales channels. Customer experiences. Does your organisation have the confidence and agility to seize these kinds of opportunities, or are cyber threats holding you back? Can you do what you want to do, knowing you have the resilience to withstand a cyber security event and continue to serve customers? As you exchange more data and become more dependent on interconnected systems, a strategic approach to cyber security has never been more critical.

That’s why cyber security is not just an information technology issue, it’s a business issue — demanding the attention not only from CISOs but also from the rest of the C-suite, the board, employees, supply chain and business partners.

A strong cyber security strategy should align to the business vision, objectives and innovation projects. If implemented effectively, it can enhance product integrity, customer experience, operations, regulatory compliance, brand reputation, investor confidence and more — turning risk into a competitive advantage.

KPMG's cyber security helps you with tailored methodologies for cyber security and data protection. From determining the appropriate levels of acceptable risk to aligning your information protection agenda with your business and compliance priorities to building enterprise-wide security strategies to help move your organisation from reacting in crisis mode to having proactive, value-added business methodologies, we help you carry security throughout your entire organisation.

Our services:

Cyber security framework/compliance assessment: Focusses on our clients’ ability to comply with industry standard frameworks such as The National Institute of Standards and Technology cybersecurity framework (NIST CSF), Control Objectives for Information and Related Technologies (COBIT), International Organisation for Standardisation (ISO) and other relevant information security regulatory frameworks. By assessing current-state security control processes, we assist clients in identifying needs, strengths and weaknesses in the current environment as compared to peers and determining future business processes and technology that will be needed in order to enhance the cyber security function over time.

Cyber Maturity Assessment (CMA): KPMG’s CMA is a unique offering that incorporates our insight into leading cyber practices from the public and private sectors. The assessment is targeted at boards and executives to assist with appropriate board-level reporting and communications. The CMA framework is based on a combination of internationally accepted standards (such as NIST CSF, ISO and COBIT) and can be tailored to the specific requirements of our clients yet is comprehensive in its ability to address key dimensions that together provide an in-depth view of an organisation’s cyber maturity.

Cyber strategy and target operating model development: KPMG’s cyber strategy and target operating model service provides clients with an efficient method to establish a security strategy, quantify risks, evaluate true cost and determine effectiveness of their current security programme. Driven by an assessment of core capabilities across people, process and technology, clients will gain an understanding of their current security capability maturity, which will then drive the creation of a tailored target operating model.

Cyber key performance indicator, metrics and dashboarding: Helps security organisations establish a consistent, repeatable and mature process for reporting cyber security performance at all levels—to the board, executive management and information security leadership.

Third-party security risk management: The third-party security risk management service assists our clients with the design and execution of a third-party security assessment programme. This service provides clients with a risk triage model, representative assessment questionnaires, and a centralised coordination and reporting office to assist our clients in conducting assessments of their vendors, suppliers and other third-party business partners across the globe. Third-party security risk management.

Business resilience: KPMG’s business resilience service assists clients with the development and deployment of a Business Continuity Management (BCM) programme, including emergency response, crisis management, business continuity and technology recovery. Key steps include understanding recovery priorities and requirements through business-impact analysis, developing continuity strategies and plans and performing regular exercising, testing and maintenance of strategies and plans.

Information and data governance: KPMG’s approach to information governance begins with an intimate understanding of industry issues and business processes. We use a DC2 (Define, Clean, Discover, Change) approach to assess and improve information governance capabilities. Privacy regulations and compliance requirements have exploded in the past few months.

Data privacy and protection services: Our clients are struggling with designing, building and sustaining privacy programmes that meet employee, customer and regulatory expectations. Similar to privacy concerns, corporate retention and disposition obligations are fast evolving and changing. Organisations must develop policies and implement technology enablers to facilitate the effective lifecycle management of records and data.

When time to market is critical, how can you ensure security at the speed of business? How can you stay protected when non-centralised teams are building new technology around legacy infrastructure? With KPMG in Malta at your side, you can protect critical assets and enable your ongoing digital transformation.

At KPMG in Malta, we view cyber security as inseparable from business and technology transformation. We work with you every step of the way, helping you go from a reactive to proactive position, making cyber security part of your day-to-day business.

We know that applying the same rigour and approaches to introducing new or enhanced processes, enabling technologies and organisational alignment, can create successful platforms to help reach an organisation’s cyber security goals.

KPMG’s cyber security will guide you through large and complex cyber initiatives, to help create successful cyber programmes that improve security posture and advance your cyber agenda.

Our services:

Identity and Access Management (IAM): In today’s increasingly digital world, controlling access to online resources is a foundational tenant of strong cyber security. An organisation’s understanding of users (both internal and external) and their digital representation is both a business enabler and a means to reducing risk. KPMG in Malta helps large, complex organisations with a wide variety of IAM services, spanning assessment, strategy, implementation and operations. We have strong IAM credentials and bring to bear strong alliance relationships with leading IAM vendors.

Governance, Risk and Compliance (GRC) integration and enablement: KPMG delivers a wide-ranging set of services delivered through the RSA Archer platform to support enterprise, IT and information security GRC needs. This includes strategy, implementation roadmaps, GRC tool selection and analysis, process development, methodology configuration, post-implementation production support and change and transition management.

Security operation and management next-generation SOC, security analytics: KPMG delivers a wide-ranging set of Security Operations Centre (SOC) services that allow clients to assess, design, implement and manage their security-monitoring programmes The firm provides services to build a security operations centre and associated incident response and threat intelligence processes and assess current processes, technology, staffing and sourcing models to help ensure client requirements and business objectives of the monitoring programme are being met. Additionally, KPMG in Malta can assist clients with loan-staff arrangements to augment client-staffing models and assist clients with the ‘run’ component of a monitoring programme.

Technical integration and enablement - data leakage, next-generation threat management: Given the proliferation of cyber security vendors and the tremendous investment occurring in the cyber domain, clients are faced with an ever-increasing number of potential services. We assist clients in navigating the complex cyber landscape and getting increased value out of the products they are implementing. That value is derived by performing technical implementation and integration and also by helping to ensure that supporting processes – including operations and support function appropriately.  KPMG helps clients unlock the value in their cyber-technology investments.

As technology becomes essential for meeting the needs of customers, employees, suppliers and other stakeholders, an organisation’s cyber security must build both resilience and trust. In addition to protecting your mission-critical assets and ensuring business continuity after a cyber-attack, how can you protect the data that stakeholders entrust to you?

While there is no ‘one-size-fits-all’ cyber security action plan, business-led protection strategies need to be embedded in governance models, operational processes and culture.

When you weave cyber security into the fabric of your business, you can protect critical assets and win trust. That means you can maximise opportunities, remain resilient, adapt to fast-changing risks and regulations and transform faster.

KPMG's cyber security brings a broad-ranging, business-operations perspective to cyber services. We help you maintain your information protection agenda as your business and technology programmes evolve by providing greater visibility and understanding of changing risks.

Our services:

Technical cyber security assessments (VA/PT, application and mobility security): KPMG assists organisations in identifying vulnerabilities present in their wired or wireless as well as network or application infrastructure and develop actionable remediation recommendations. We can also assist organisations in the assessment or development of a threat and vulnerability management programme aligned to your industry and investment appetite or assess your service provider or approach to address the changed threat landscape and new technology platforms.

Security review of components (firewalls, network devices, databases): KPMG assists organisations in identifying security misconfiguration present in their wired or wireless network or application infrastructure and suggest actionable remediation recommendations. Through discussions with staff, critical components are identified and prioritised. Depending on requirements, we will then resource the relevant skills.

Industry-specific operational technology security assessment and testing (power, energy, telecom, healthcare, payment channels): With the convergence of Information Technology - Operations Technology (IT-OT) systems, cyber threats and attacks are now successfully targeted to OT Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) or even programmable logic controller (PLC) real time clock (RLC). KPMG in Malta works with clients to design an effective ICS security framework, including a cyber-governance structure, ICS security policy, procedures and control system incident-response management. 

Data breach remediation: KPMG's data identification and remediation service offering leverages technology to provide secure management of critical and confidential data. KPMG in Malta professionals index data throughout our clients’ enterprises, identifying redundant, obsolete, and trivial data (ROT) for remediation while at the same time helping to secure the business-critical data, safeguarding it from loss and making it available for use in the business decision-making process. We have worked with large power utility, energy, oil and gas organisations to secure its OT environment and identify security threats in the use of legacy solutions. 

Red teaming/blue teaming advisory: Red teaming is a multi-layered attack simulation designed to measure how well an organisation’s people, networks, application and physical security controls can withstand an attack from a real-life adversary. Red teams are external entities brought in to test the effectiveness of a security programme. This is accomplished by emulating the behaviours and techniques of likely attackers in the most realistic way possible. In a red-team assessment, only the high-level stakeholders at the CEO and CTO levels are informed. Blue teams refer to the internal security team that defends against both real attackers and red teams. Blue teams should be distinguished from standard security teams in most organisations.

Cyber drills: An organisation may take every possible effort to prevent a cyberattack. It may have the best possible technology and process controls. An attack may still be successful. In such an event, it always helps to be prepared. Most organisations concentrate only on the preventive and detective controls and fail to strengthen their reactive controls. Most business continuity and disaster-recovery plans do not consider cybersecurity risks or their resilience plans. Organisations need to evaluate if their staff is adequately equipped to detect, defend, contain and respond to a cyber incident. Organisations should periodically evaluate their cyber incident response capabilities. This can happen via mock cyber war drills or simulation exercises.

Cyber security threats are a new business reality. As cyber threats grow in volume and complexity, the loss of intellectual property, customer data and other sensitive information can put your entire organisation at risk.

Not only can it result in disruption of business operations, but it can also cause severe financial and reputational damage and affect product integrity, customer experience, investor confidence, regulatory compliance and more.

KPMG In Malta’s cyber security practice can assist you with detecting, responding to and recovering from cyber breaches by providing immediate response services. Our professionals have experience in investigations, digital forensics and recovery, which can help your organisation secure evidence, understand what happened, mitigate risks and support internal, legal and law enforcement inquiries.

At KPMG in Malta, we help leading organisations effectively manage and protect their most valuable data across a broad spectrum of evolving threats and scenarios. We approach cyber security, not as a one-time project, but rather a holistic, adaptive strategy aligned to your business goals, focused on delivering long-term value for your business. 

Our services:

Incident response readiness and planning (Simulation, tabletop exercises, playbooks, training and awareness): Organisations today are aware that cybersecurity breaches are inevitable, and they have no options but to prepare themselves to respond to attacks appropriately. KPMG in Malta’s Cyber Response team can proactively assist clients to improve incident readiness and response capabilities. So, in the event a security incident does occur, the organisation is well-prepared to respond in a timely and effective manner. Our professionals harness their experiences responding to incidents into maturing your organisation’s incident response plans.

Cyber incident investigations and remediation (Retainership, on-call services): KPMG in Malta’s Cyber Response team helps clients efficiently respond and manage cyber incidents. After a breach occurs, companies need to collect breach-related data to secure evidence and support legal and law enforcement investigations. To that end, we conduct forensic analysis and detailed investigations to determine what happened, how it happened, and, if applicable, who was involved. We work with client to support in rapid analysis, containment, eradication of incident and in recovery strategy. We follow local regulatory and compliance requirements while conducting cyber forensic procedures.

Threat intelligence collection: The most mature organisations anticipate cyber threats and attacks to help minimize potential impact, rather than merely planning to respond to the event. Matching our industry experience with our technical skills, We work closely with clients to both execute cyber threat intelligence-augmented professional services engagements and to design and implement cyber threat intelligence functions in order to help our clients understand who the threats are, how they conduct attacks, and what they are after. KPMG in Malta helps to develop programme which will set requirement, collect, analyse, evaluate and share cyber threat intelligence.

Data breach remediation: KPMG in Malta’s Data identification and remediation service offering leverages technology to provide secure management of critical and confidential data. Our professionals index data throughout our clients’ enterprises, identifying redundant, obsolete, and trivial data (ROT) for remediation while at the same time helping to secure the business-critical data, safeguarding it from loss and making it available for use in the business decision-making process.