Table of Contents
Overview
Company Overview
Your Challenge
2. Research and background information
Background Information
PwC’s Cyber Security Teams
Recent news
3. Pitch Planning
Questions to consider
Presentation structure

Fledgling social media platform, ‘Chatter’ launched in September 2017. Its main users are 13-21 year olds. Users can:
● Share photos and post status updates
● Send messages via a private chat
● Play games with other users, and make in-app purchases
Their head office is in Birmingham, and they employ 30 people. All staff members have a staff pass to enter the building, and have a company iPhone and laptop. All staff have received an email outlining the best practice for cyber security but this was not read by everyone and staff have not undertaken any mandatory training.

Recently, Chatter had a minor cyber security threat. They are therefore looking to improve their cyber security and are looking for a cyber security specialist to help. PwC are in competition with other firms to be selected by Chatter to help them. You are part of the PwC Cyber Team who will have to pitch our proposal to Chatter for how we could resolve their cyber security threats.

In your teams, you will have to prepare a pitch to Chatter that outlines:
1. Chatter’s cyber risks – which one of these do you think Chatter should focus on first?
2. Which team you think Chatter needs to help them improve their Cyber Security and why.

“For companies, successful cyber attacks could result in material fines, legal actions, operational outages, and adverse impact on stakeholders. Individuals need to be confident that vast amounts of personal data submitted to organisations is safe and that the digital services on which they increasingly depend are reliable.”

Dr Richard Horne, PwC Specialist Partner for Cyber Security

Chatter’s recent cyber security incident A staff member left their laptop on the train while commuting home. The laptop was picked up by someone and they were able to gain access to it. Fortunately, the member of staff had reported it missing and the laptop was remotely wiped. Chatter cannot be sure if any data was accessed before the laptop was remotely wiped. Important Government Regulations
GDPR – General Data Protection Regulation. As of Spring 2018, changes to GDPR came into force, designed to better protect consumer and
personal data. Any organisation holding data must:

We help organisations from all sectors operate securely in the digital world. Our expertise enables clients to resist, detect and respond to cyber-attacks. Our Core Advisory team, works globally to support clients across the public, private and financial sectors, helping them to understand and reduce their cyber risks.

Some of the services offered to clients include:
● Assessing and measuring their exposure to cyber security risk
● Developing a strategy and vision for tackling cyber security
● Designing and implementing the secure IT systems a client needs to be secure
● Designing and putting in place security training and awareness programmes
● Gaining experience of security operations and incident response

Ethical Hackers
The ethical hacking team will work within the boundaries defined to legally penetrate the company with their permission. This exercise is designed to help companies understand their technical security weaknesses, to provide specific recommendations to clients to help them keep hackers out.
● Ethical hacking to expose vulnerabilities in client IT systems
● Identifying and monitoring malicious activity on client networks
● Actively tracking and disrupting cyber threat actors and seeking out new ones
● Investigating networks which attackers have compromised and removing threat actors.

Nulla consectetur maximus turpis a egestas. Mauris efficitur, ante non bibendum eleifend, diam massa varius ex, non vestibulum risus metus in eros. Proin eu urna vitae ex feugiat interdum. Nunc vel auctor nisi.

A spokeswoman said: “The hacker shared a number of details with us to try to prove he had customer information – we were then able to verify they were Superdrug customers from their email and log-in.”…
…Superdrug is the latest high street retailer to report a data breach. Last month Dixons Carphone said personal data belonging to 10 million customers may have been accessed illegally last year, nearly 10 times as many as the firm initially thought. The electronics retailer had estimated the attack – one of the biggest-ever data breaches – involved 1.2m personal records when it first reported the breach in June.

Web Link to the full article:
https://www.theguardian.com/business/2018/aug/22/superdrug-targeted-by-hackers-who-claimto-have-20000-customer-details

A bank customer was tricked into transferring money by fraudsters who pretended to be responding to his angry Twitter post about poor service. Writer Mike Tinmouth was furious with the process and time taken to open a business account with Barclays. He expressed his
frustration in a public tweet – which was seized on by fraudsters who posed as the bank in an attempt to trick him out of £8,000. Fraud experts say con-artists are becoming skilled at impersonation…
… [In the Twitter post] he even posted an email that he received from the bank which he felt was unprofessional and had to confirm was genuine. The bank urged him to delete this public post. All this information, together with some personal details that were already available about him online, was enough for fraudsters to mimic the bank and appear to know details of the case.
Soon after the Twitter exchange, he received another email apologising for the poor service and offering to deal with his case. This time the message was from a fraudster posing as his bank.

Web Link to the full article: https://www.bbc.co.uk/news/business-46309561