As many organisations have learned, cyber attacks are no longer a matter of if, but when.
For EY Advisory a better working world means solving big, complex industry issues and capitalising on opportunities to help deliver outcomes that grow, optimise and protect our clients' businesses.
Our global mindset and collaborative culture across our diverse team of consultants and industry professionals inspire us to ask better questions about the cybersecurity challenges you face. We then team with you to co-create more innovative answers – to activate a foundation that protects the business as it is today, adapt that foundation as the organisation and threats change, and anticipate attacks that may be coming.
Together, we help you deliver better outcomes and long-lasting results, from strategy to execution.Read more
While organisations continue to prioritise cybersecurity and are making good progress identifying and resolving vulnerabilities, they are more worried than ever about the breadth and complexity of the threat.
Will fixing a security breach lead to future-state cybersecurity?
We helped a large medical centre recover from a security breach by analysing the cause and recommending administrative and technical changes to mitigate the impact. We then designed a multiyear cybersecurity operating model with robust processes and tools to help future-proof ts security operation centre (SOC).Contact us
Can identifying current gaps in cybersecurity produce opportunities for long-term improvement?
We helped a global automotive company evaluate its existing security posture and risk exposure, and identify areas for improvement. We then created a multiyear road map to align its cybersecurity programme to current threats and emerging technologies, its risk tolerance and its future business objectives.Contact us
When is ''good'' simply not good enough?
We helped a global equipment manufacturer build on its substantial security measures. We developed a transformation road map to upgrade its operating model, incident responses and IP protection; this helped the company better prioritise and implement initiatives to detect, respond to and defend against cyber crime.Contact us
Can you protect your business by better protecting your customers' information?
We helped a large cable and telecom service provider improve protection for its customers' credit card information through Payment Card Industry (PCI) security assessment and transformation, changing the company's attitude to the role of tools, processes and people in managing and reducing risk in the process.Contact us
Can becoming more compliant give you more security confidence?
We helped an airline that relied on online sales improve its payment processing system, knowing that a cyber breach could be catastrophic. We devised a Payment Card Industry (PCI) Data Security Standard (DSS) remediation programme to reduce business risk and improve focus on delivering PCI compliance.Contact us
Can your competitors' leading practices lead you to success too?
We helped a multinational pharmaceutical company create its future cybersecurity strategy, based on that of its competitors and peers. After a maturity assessment, we identified areas for improvement, and developed a transformational road map for organisational process, people and technological change.Contact us
- Why we exist
At EY, our purpose is to build a better working world for our clients, our people and our communities. We strive to help create a legacy of improved business performance, confidence and trust.
- How we do it
We team globally to co-create more innovative answers with our clients. The unique and ongoing collaboration between EY consultants and our clients results in better working businesses.
We work long-term with diverse organisations including businesses, governments, military forces and charities to increase confidence, and maintain vigilance to thwart the efforts of cybercriminals – whatever form they take. And we choose exactly the right people and bring the best and newest thinking to your issue.
- What we do
We solve big, complex issues and capitalise on opportunities to help deliver better working outcomes that grow, optimise and protect our clients' businesses now and in the future.
Cybersecurity is not just a technology issue. It's much broader than that: it's a fundamental business issue. We embed ourselves deeply in your organisation, get to know you and your threats inside out, and help you see that the threats are often much broader, and the solutions needed are much deeper, than you may have realised.
We help you activate, adapt and anticipate to improve your cybersecurity on a global basis. By equipping you with knowledge and resources you can move up a trajectory of greater capability and protection.
We help you work out what you need to do by carrying out a cyber programme assessment, helping you identify your most important or critical assets – whether that's IP or automated machinery. That points the way to activate the cybersecurity measures you need first and foremost – building a solid foundation of defence against cyber attacks.
We help you develop an organisation-wide strategy based on your cybersecurity risks, vulnerabilities and needs. With a unified approach and set of measures, we help make sure that everyone within the organisation is aware of cybersecurity and their role in protecting against it.
In the long term, you need to develop tactics to detect and deter potential cyber attacks, and rehearse what happens in a likely attack or accident scenarios. To do this we help you build a robust risk assessment methodology and an experienced incident response mechanism – all to take your organisation to a point where it's informed and prepared.
By implementing our cyber threat intelligence capabilities, we help you see the big, detailed picture of your vulnerabilities, understanding the full attack surface: from skilled and persistent hackers to the potential of accidental breaches caused by innocent mistakes internally; from employees' own mobile devices to the potential areas of exposure in technology you're implementing.
We also support you in your moves to create a cyber ecosystem that protects not only your organisation, but also those that you're linked to and implicitly trust – such as supply chain partners.
How we can help
At EY, we have an integrated perspective on all aspects of organisational risk and cybersecurity.
Cyber Programme Management
EY's Cyber Programme Management (CPM) framework is built upon a meaningful analysis of how information security fits into your overall risk management structure.
How we can help.
Organisations are facing not only escalating risk, but also the near-certainty that they will suffer an information security breach.
A sharp focus on business structure, culture and risks will enable an organisation to better safeguard the data essential to its survival and success. For many companies, this requires a fundamental transformation in how information security is understood within the business.
Creating a security programme around intelligence on threats and also business risks will support resilience in a constantly shifting landscape of risk; however, few companies today have the appropriate skills and resources in-house to effectively secure their information assets and at the same time optimise business performance.
Organisations in all sectors can benefit from an objective assessment of their information security programmes and structures. EY's Cyber Programme Management (CPM) framework is built upon a meaningful analysis of how information security shapes and fits into an organisation's overall risk management structure.
A CPM assessment assists with:
- Understanding your organisation’s risk exposure
- Assessing the maturity of your current cybersecurity programme and identifying areas for improvement
- Building a prioritised roadmap for project investments and organisational change initiatives
- Collecting information to create benchmarks against other organisations
- Validating that your security investments have improved your security posture
Security Operations Centres
EY's Managed SOC service redefines security operations to meet the next generation of cyber threats. We give you a highly mature threat detection and response capability.
Vital to foundational cybersecurity are the processes and technology that support the Information Security function. These are most effective when they are centralised, structured and coordinated – which is why a Security Operations Centre (SOC) is a valuable starting point.
A well-functioning SOC can form the heart of effective cyber threat detection, helping to secure and enable the business about attackers. It can enable Information Security functions to respond faster, work more collaboratively, and share knowledge more effectively.
However, with the exponential growth of the digital world, and as the threats continue to rapidly evolve in both sophistication and scale, the need to protect organisations' intellectual property, operations, brand and shareholder value, in addition to their customers' data, is ever more critical.
We are now seeing the emergence of the third generation of SOCs; converging specialist skill sets from disciplines related to cybersecurity, threat intelligence, data science and cyber analytics into advanced SOC ecosystems, where the whole is greater than the sum of its parts.
Cyber Threat Management
It is important to understand and prioritise cyber threat intelligence (CTI) processes. We help integrate them into your organisation's security operations to add value.
In today’s cybersecurity landscape, it is not possible to prevent all attacks or breaches.
In a corporate context, a cyber attack has the potential to damage your brand and reputation, result in loss of competitive advantage, create legal/regulatory non-compliance and cause steep financial damage.
Sixty-seven percent of respondents to our 2014 Global Information Security Survey see threats rising in their information security risk environment. It is time to reassess how your organisation could be compromised and the impact this could have on its survival.
Cyber threat intelligence (CTI) is an advanced process that enables the organisation to gather valuable insights based on the analysis of contextual and situational risks and can be tailored to the organisation’s specific threat landscape, its industry and markets.
This intelligence can make a significant difference to the organisation’s ability to anticipate breaches before they occur, and its ability to respond quickly, decisively and effectively to confirmed breaches — proactively manoeuvring defence mechanisms into place, prior to and during the attack.
By integrating CTI into various aspects of security operations, it can be used to map out the threat landscape and put historical data into context. As a CTI programme matures, predictive capabilities are uncovered, allowing management to make decisions that are based on historical precedent rather than intuition.
Identity & Access Management
IAM is a foundational element of any information security programme and one of the security areas that users interact with the most.
Identity and access management (IAM) is the discipline for managing access to enterprise resources.
In the past, IAM focused on establishing capabilities to support access management and access-related compliance needs. The solutions often focused on provisioning technology and were poorly adopted.
They also resulted in high costs and realised limited value – organisations often struggled to meet compliance demands during this period, and the solutions were deployed to manage very few applications and systems.
Centralised, standardised, automated identity management services designed to reduce risk, cost, improve operational efficiency continued to be elusive. Many organisations now understand, or meet, their compliance requirements.
While compliance is still a key driver in IAM initiatives, IAM is evolving into a risk-based programme with capabilities focused on entitlement management and enforcement of logical access controls.
IAM life cycle phases
The management of identity and access permissions can be viewed as multiple stages.
The IAM life cycle diagram illustrates the stages that users proceed through when joining a business workforce and obtaining access to the tools and assets necessary to do their job. The IAM life cycle also includes stages to ensure that employees maintain appropriate access as they move within the organisation with access being revoked or changed when they separate or change roles.
Key IAM capabilities
During the development of an IAM transformation plan, you should confirm that the following recommended capabilities are included:
- Job role or application access matrices using rule mining tools
- Automated workflow-based access request and approval processes, using job role or application access matrices and segregation of duties checking
- Entitlement warehouse solution
- Access proxy solutions, central authentication (application, host and database layers)
- Risk-based authentication solutions
- Identity analytics and behavioral analysis services to integrate with DLP and security information and event management
- Data and access management process governance programme, which includes HR, application owners, information security and IAM stakeholders
- Federation solutions
- Emerging solutions that combine logical and physical security
- Design solution with future scalability requirements in mind
Data Protection and Privacy
Our Data Protection and Privacy services enable organisations to deploy processes and tools that can help to detect and prevent data breaches resulting from internal user activity.
Data Loss Prevention risk assessments provide specific, real examples of data loss within the client's environment, including sensitive data leaving the organisation and sensitive data stored in unprotected network shares/data repositories.
Privacy Transformation Services assist an organisation to enable a seamless flow of personal information, adhering to global regulations impacting the business. The range of services will address privacy challenges such as: identity theft, brand and reputation damage, litigation, regulatory action and global compliance, direct financial loss, loss of market value and loss of consumer and business partner confidence.
- Data loss prevention assessment
- Data protection programme assessment
- Privacy assessment and transformation
With our approach businesses consider their resilience across four key areas recognised as being vital to protecting and enhancing any organisation.
Business resilience services comprise business continuity management (BCM) and disaster recovery approaches that provide organisations with an ongoing risk-based, proactive approach for maintaining a continuation of critical business functions, (and the recovery of people, processes and technology) from business disruptions, in an optimised manner.
- Business resilience programme assessment
- Business impact analysis
- Business continuity plan, disaster recovery plan and crisis management plan development
Who we are
We are a team of consultants and industry professionals with a global mindset and a collaborative culture.
The skills and resources needed to address cybersecurity are extremely scarce within clients’ organisations, so we train, develop and deploy those resources in your organisation, to embed that deep experience so you can protect yourselves in the long term.
We work hard to understand our clients’ issues and are driven to ask better questions in the pursuit of making their businesses work better.
- How do you need support with ideas or resources to design a future-state cybersecurity operating model?
- How can we help you protect your IP?
- What new internet-connected technologies will emerge and pose a threat to your organisation?
- How is it that one of your competitors has beaten you to market with a new product that you secretly had in development?
- How do you roll out smart metering in developing countries and keep it secure?