On-call services‒Cyber & Fraud Response
The news is ripe with articles about companies involved in incidents of fraud and misconduct that suddenly face regulatory inquiries requiring large-scale evidence discovery efforts. More and more companies are victims of large-scale cyber-attacks, costing them millions in ransom payments, crippling their infrastructure, and destroying trust. COVID-19 and the increase in employees working remotely without strong security or using unapproved data storage devices has propelled both cyber-attacks and less than effective data identification and management protocols.
The hard truth of today’s environment is that everyone needs to be mindful of their safety.
From global multinationals to smaller non-profit companies, fraud, regulatory enforcement, and cyber-crime can affect all organizations, no matter the size.
A rapid response to allegations of fraud, regulatory data requests, and cyber breaches is critical and often complex, especially if the incidents are reported in a company’s foreign operations. Having resources with the right skills set, fluency in the local language, knowledge of local customs, and the ability to be deployed within hours is a tall order for any organization. To improve response time, efficiency and costs, many organizations are proactively establishing collaborative relationships with KPMG.
KPMG On-call services are designed to comprehensively address clients’ forensic, regulatory, and cyber needs. Our On-call services help clients reduce risk, proactively identify threats, and develop long-term strategies for addressing fraud, misconduct, regulation, and cyber-attacks, while providing immediate access to experienced KPMG professionals.
Our approach allows for increased speed and accuracy. KPMG accelerates the investigation and remediation efforts through the significant use of IP and proprietary tools
When our clients inspire trust, they create a platform for responsible growth, bold innovation and sustainable advances in performance and efficiency.
KPMG takes a comprehensive approach to cyber incidents through its integrated cyber practice. Incident readiness services include cyber strategy and planning, security configuration and monitoring, security controls testing, and business and technical simulations.
IDC MarketScape: Worldwide Incident Readiness Services 2021 Vendor Assessment, Doc #US46741420, November 2021
KPMG is positioned in the Leaders category in the 2021 IDC MarketScape for worldwide incident readiness services.
We have worked on some of the most high-profile financial reporting investigations; regulatory inquiries into misconduct allegations; ransomware, APT, and insider attacks and litigations. We have significant experience working with all the stakeholders involved – outside counsel, general counsel, internal audit, compliance, law enforcement, regulators, fidelity insurance, cyber insurance, and the broader business on all aspects of incident response.
We have the ability to further invest in you. Our team is able to conduct an optional onboarding consisting of meeting with stakeholders to learn as much as we can about your business, technology, and processes before an incident occurs. The primary objective of the onboarding is to prepare you and our team to respond quickly and effectively as needs arise.
Combined with global capabilities of KPMG firms, KPMG professionals have local knowledge, capabilities and presence in nearly every market where you do business. This deep local expertise allow KPMG to understand the risks and ramifications that vary from one country to the next. We leverage a consistent engagement governance structure globally and assign you a single point of contact to help ensure consistent delivery across the world.
We’re entirely driven by our experience. You can have the confidence in our bias-free judgement and advice.
We are pre-approved as a preferred vendor on many major cyber insurance carrier lists. This can help streamline your cyber insurance claims.
The challenge
A large multibillion-dollar global corporation engaged a KPMG firm to provide cyber response services for a global intrusion event.
What we did
The KPMG firm coordinated and executed the global response effort involving identification, forensic analysis and containment of over 19,000 systems in six countries. This included packet-level analysis of six months of network activity and behavior/static malware analysis of over 100 suspicious binaries.
The outcome
As a result of the quick resolution, the firm was further engaged to help proactively develop a global cyber response plan.
The challenge
A cyber security investigation prompted by an FBI notification to the insurance provider regarding data leakage.
What we did
KPMG assembled a 24/7 operation that began by scanning the client’s network for externally facing servers, performing vulnerability assessments of key systems, and reviewing available network logs for signs of suspicious activities. Further details from external sources enabled KPMG to focus our investigation and identify compromised systems. In addition to identifying the compromised hosts stemming from a VNC exploit, KPMG was able to identify other security weaknesses within the client’s environment and other potentially compromised machines that were not related to the incident under investigation.
The outcome
The organization had a dramatically improved overall security posture. Evidence preserved by KPMG was provided to the government through proper legal channels. The suspect responsible for the data leakage was arrested shortly after and later sentenced to several years in prison and ordered to pay nearly $3 million (USD) in restitution to the client.
The challenge
A Mexican retail company identified a payroll payment to an un-registered account in their employee master. It was found that the account belonged to an IT employee.
What we did
KPMG carried out the forensic collection and analysis of electronic communications of the IT employee and key system logs. At the same time, we collected and processed one year of payroll data from more than 20k employees to identify deviations. As deviations were confirmed, our analysis led to the identification of an unauthorized program in the ERP system that allowed the automatic discount of a certain amounts from all employee’s payroll. The amount deviated was automatically applied to a bank account. Furthermore, this program was design to overwrite payroll disbursement files, overcoming security controls. It was also identified that several third parties were granted remote access to the ERP System by the IT employee.
The outcome
As a result of our work, the company implemented more robust controls over the payroll payment process, conducted an in-depth review for unknown programs running on the ERP, improved their remote access monitoring process and began legal action against the involved employee.