Cybersecurity

The scope of our work is usually a combination of the following services in three main areas:

Application

• Application penetration tests (web, mobile, thick client)
• Application source code reviews
• ERP system security assessments
• Evaluation of the system design from a security perspective
   

Infrastructure

• Analysis of security architecture
• Internal and external vulnerability tests as well as penetration tests
• Evaluation of security configuration of infrastructure elements
• Analysis of device security (IoT/IIoT)
• Physical security tests
   

People

• Analysis of the maturity of processes and organization security
• Compliance reviews of the organization and processes with applicable regulations
• Verification of employees’ vulnerability to social engineering attacks
• Verification of the effectiveness of security monitoring and incident response functions

We ensure cost-effective development of organizations, processes, and technical measures that enable effective improvement of security levels:

Transformation and optimization of cybersecurity

• Building a cybersecurity strategy
• Implementing employee cybersecurity awareness programs
• Developing a security architecture
• Implementing and optimizing cybersecurity management systems
• Security management in relations with third parties
• Organization of SOC (Security Operations Center) teams
• Business continuity management
• Embedding security into software development lifecycle
   

Support in the selection and implementation of security systems

• Data Loss Prevention and Data Activity Monitoring (DLP, DAM)
• Identity Management and Privileged Identity Management (IDM, PIM)
• Advanced Threat Protection (ATP)
• Security Information and Event Management (SIEM)
• Cloud solutions security
• Web Application Firewalls (WAF)
• Mobile Device Management (MDM)
• Public key infrastructures (PKI)

We provide comprehensive support to companies before, during, and after a cyberattack:

Preparation

• KPMG helps limit the damage caused by security breaches by preparing organizations to effectively detect and respond to incidents.
• During the preparatory phase, key systems, confidential information, and important individuals within the organization are identified. An analysis of the risks and impact of various types of cyberattacks on the company is conducted.
• KPMG offers comprehensive support in testing incident detection and response plans, including tailored tabletop and CTF exercises, as well as assistance in process optimization, tool implementation, strategic partner selection, and staff training.
   

Response

• KPMG is a reliable partner in cybersecurity incidents. We provide data security, file and log analysis, and incident management to effectively help our clients deal with threats.
• KPMG offers 24/7 emergency incident response services. Before starting projects, client onboarding is provided to learn about the infrastructure and security systems, ensuring effective response to future incidents.
• Global clients choose KPMG for its critical response time and professional assistance. KPMG's qualified specialists are available within just 4 hours or less, and we provide local support within 24-48 hours in most countries.
   

Post-breach activities

• Following a cyber incident, it is important to determine whether the causes of the incident have been correctly identified and mitigation measures have been properly implemented. In the event of a personal data breach, there may be legal obligations to report the incident to the regulator.
• KPMG helps clients understand the root causes of incidents, assess the effectiveness of mitigation measures, and supports them in communicating with the regulator. KPMG recommends additional mitigation measures and expert support to resolve identified issues.
• KPMG is ready to provide clients with temporary support to strengthen monitoring, detection, and response to threats as part of its Post Breach Monitoring service, taking into account the risk of attackers maintaining continuous access to the infrastructure.

With the growing popularity of cloud solutions and the globalization of systems, processes, and supply chains, combined with the proliferation of social media and mobile devices, more and more customer data is being collected, stored, disclosed, and transferred around the world. It is extremely important that this data is used in the most appropriate way.

Given the changing nature of organizations as a result of mergers and acquisitions, organizational restructuring, new system implementations, and a complex and evolving regulatory environment, data protection is emerging as one of the most difficult and demanding challenges facing organizations today.

What will you gain by implementing service-based data protection processes in your organization?

KPMG's data protection services help you manage regulatory compliance and enable you to use personal data to build value and increase revenue while meeting the expectations of customers, employees, and suppliers.

Our support:

• Risk assessment – providing an independent assessment of your current risk profile and comparing it with your target state.
• Design – working with the client to develop a personal data protection compliance program to meet legal requirements.
• Strategy – working together to develop a pragmatic personal data protection strategy and gain senior management buy-in.
• Monitoring – supporting the maintenance of a personal data control environment.
• Operations – providing ongoing support and advice on operating the control environment.
• Implementation – supporting the implementation of robust and sustainable processes, policies, and controls to mitigate risk.