Dark Lab

Cybersecurity strategy

Organisations are transforming their processes and moving towards increasing digitalisation. Now more than ever they need sound and actionable cybersecurity strategies to secure their digital environments against ever evolving cyber adversaries.

Our cybersecurity strategy services focus on helping organisations to understand how to achieve their cybersecurity and business goals in relation to their business and digital environments.

Our services in this area include:

• Developing cybersecurity strategies and roadmaps
• Evaluating cybersecurity maturity
• Evaluating cybersecurity compliance posture with reference to international frameworks and standards, such as NIST Cybersecurity Framework, NIST SP 800-53, and ISO 27001
• Advising on ISO 27001 certification process

China's Cybersecurity Laws (CSL) compliance

Compliance =with CSL and regulations/standards of cybersecurity and privacy protection is a challenge to many multinational and Chinese corporations. Our CSL advisory services focus on helping our clients to meet the regulatory expectations of Chinese cybersecurity regulators.

Our services in this area include:

• Providing Multiple Level Protection Scheme certification advisory
• Evaluating cross-border data transfer risks
• Assessing cybersecurity compliance for critical infrastructure operators and industrial control systems in China
• Assessing the compliance gaps with reference to personal information protection regulations, such as Personal Information Security Specification

We believe privacy is a guardrail to your business in the digital age, and it will help your business to grow with clear and value-added privacy programmes. Our privacy services focus on enhancing your data security capabilities, enhancing your privacy compliance, and guiding your business growth by effective privacy programmes. Our services in this area include:

• Conducting privacy data discovery, privacy data flow mapping, privacy data registration, and privacy impact assessment;
• Assessing your privacy regulatory compliance, including General Data Protection Regulation (EU), Privacy Data (Privacy) Ordinance (Hong Kong), and Personal Information Security Specification (Mainland China);
• Developing privacy control frameworks, programmes, and operating models;
• Providing privacy awareness workshops and training services;
• Advising ISO 27701 certification process.

Dark Lab has a deep expertise in providing clients with offensive security services. We run the biggest professional ethical hacking team in Hong Kong and have worked with organisations of all sizes and across sectors to help them stay ahead of cyber threat actors.

Our offensive-related services include:

• CREST-recognised threat intelligence and simulation services
• Adversary simulation to mimic real-life threat actors exercise their attack patterns
• Penetration testing against applications and infrastructure to visualise the attack surface and the possible entry points
• Evaluation of the ability to detect and defend against APT, in terms of people, process and technology
• Tailored recommendations to fine-tune system defences, security processes, and overall IT strategies, with focus on the preparedness to latest identified attacks and techniques

"Find and Fix" Purple Teaming
A Purple Team delivers rapid cyber security risk reduction by combining the skills and experience of ethical hackers (the "Red Team"), incident responders (the "Blue Team"), and technical project managers.

Our Purple Teaming approach is aligned to the Mitre ATT&CK framework (a knowledge base of real world adversary techniques). This ensures a structured approach aligned to real-world threats.

For each stage of the ATT&CK framework we iteratively simulate a range of attacks, assessing protection and detection capabilities and identifying quick-win "fixes" to drive risk reduction.

We also ensure rapid pace of delivery and ongoing flexibility by following Agile principles, delivering our security testing and managing the delivery of fixes using a series of sprints.

Secure-SDLC
Review, design and implement a tailored security framework and processes for end-to-end software development life cycle from requirements to production.

PwC Dark Lab also offers tailored recommendations on security governance and control in different phases of SDLC.

Organisations are often targeted by cyber threat actors through a variety of cyber means. Dark Lab offers a suit of services to help organisations detect, respond, and remediate cyber attacks, from opportunistic data breach to sophisticated APT intrusions.

Our DFIR services include:

• Cyber security incident response service to investigate suspicious activities using computer forensics, data analysis and threat intelligence
• Discover threat actor presence by performing a threat hunting exercise
• Cybersecurity incident response maturity assessment to enhance the readiness of the overall security operations and management support
• Threat and vulnerability management consultancy to streamline vulnerability detection and mitigation processes
• Tailored recommendations on all aspects of IT to enhance organisations’ capabilities to defend against real life cyber attacks

Our managed security services capabilities offer a unique combination of on-premise and centrally coordinated capabilities designed to free your IT and security teams to focus on improving your business security.

Our services in this area include:

• 24/7 Security Monitoring
• Security Operations Management
• Vulnerability Management

We offer a range of threat intelligence products and services designed to enable an effective and intelligent defence against cyber threats.

Digital Footprint Intelligence

Digital Footprint Intelligence offers a snapshot of your external IT footprint as seen from a threat actor’s point of view. Dark Lab leveraged years of expertise in threat intelligence, incident response, and red team to develop an automated, passive, and unobtrusive methodology similar to that of sophisticated threat actors (APTs). Digital Footprint Intelligence reports cover areas that threat actors would consider before planning an attack against your organisation.

Bespoke research and analysis

Direct access to PwC’s threat research team for tasks relating to ad hoc or long term enquiries – both tactical and strategic research into malicious incidents, threat actors or analysis support.

Cyber threat assessment

A detailed overview of most likely cyber threats to your organisation, including what threat actors are most likely to represent a threat to your organisation. We shine a light on their intent, capability, and the tactics, techniques, and procedures attackers would likely employ against your organisation - mapped to the Mitre ATT&CK framework.

Organisations are increasingly taking steps to enable new business and operation models using the cloud. Dark Lab can help you enable necessary protections on your chosen cloud solutions, to match your expected level of protection.

Our services in this area include:

Cloud strategy planning

• Cloud strategy & business case
• Cloud adoption framework
• Cloud assessment & preparation
• Cloud operating model

Cloud migration

• MS M365 migration
• Private cloud re-platform
• Workload migration

Cloud enablement services

• Cloud security review & assessment
• Cloud monitoring
• Cloud optimisation

Cloud native development

• DevOps development
• Scrum mater
  

PwC’s purpose is to build trust in society and solve important problems. We believe we have a role to play in the development of the crypto ecosystem. PwC has put together a comprehensive service offering to service your needs in the best possible way to allow you to focus on your business.

We provide the following cyber-related services for crypto industry:

Blockchain

• Blockchain / Distributed Ledger Technology security assessment (including consensus hijack, DOS, scalability, etc.)
• Smart contract auditing
• Governance and controls framework
• Feasibility study of blockchain as solution for business problems

Wallet and key management

• Security assessment (PwC framework, CCSS, etc.), including third party assurance assessments such as SOC reports
• Advisory and guidance for setting up policies and procedures on key management (generation, storage, backup & usage) plus holistic security protections around it

Over the years Dark Lab has developed digital products that empower clients on their transformation journey:

Ethical Hack Bot

Ethical Hack Bot is an integrated platform using robotics technology to automate the threat and vulnerability management process. We can:

• Provide instant overview on security levels through mobile dashboard
• Standardise workflows to streamline vulnerabilities/security management processes
• Improve efficiency and communication by automatic email notifications, reminders and alerts
• Reduce human errors by keep tracking, updating findings, remediation and follow up actions
• Speeds up vulnerability assessment process from tedious, repetitive manual actions to combat continuous cyber attacks

We help businesses to continuously remain agile and align with the user expectations as well as market standards by delivering applications seamlessly while remaining competitive in the market. We offer end-to-end services from strategy & consulting to implementation.
   

Please click here to further explore how we can help.