Following the December 2014 cyber attack on Sony Pictures, our client’s Chief Executive Officer (CEO) mandated a wide-ranging threat preparedness review with the aim of ensuring the company would be able to respond, that its data would be protected if key systems were contaminated by malicious hackers, and that IT operations could be recovered.
KPMG LLP (KPMG) helped the client assess the resilience of its key mission critical systems and develop a plan to mitigate risks. As a result of the review and subsequent IT system and process updates—which included addressing gaps in its backup solutions and disaster recovery plans—the company is more confident about its capacity to sustain and recover from a cyber attack.
Because of its longstanding relationship with KPMG and our involvement on other large projects, this major meida and entertainment company asked us to assess its disaster recovery plans and its ability to handle a malicious attack. We assembled a multidisciplinary team that included professionals in technology infrastructure, information protection, and forensic technology to help the client with:
Today, cyber attacks are a major risk for organizations. The breach at Sony Pictures in 2014 highlighted the IT security vulnerabilities and lack of preparedness at many companies and prompted them to take a wide-ranging look at their recovery, contingency, and response plans.
Create a thorough IT resiliency plan and maintain a strong relationship with external resiliency and forensic technology professionals who know your company and can be available on short notice to help you recover after a malicious attack.
The trend among many organizations is to place connected data centers in multiple locations around the country to enable a smooth transition in case a natural disaster or other event causes a local system failure. But with threats such as sophisticated cyber attacks that can spread malware quickly, connected highly available application solutions create a significant risk. Isolating an offline copy of mission-critical data and applications helps protect against contamination during an attack.
KPMG complies with the auditor independence rules of the AICPA, SEC, PCAOB and DOL. As a result, some services described herein may not be available to our audit clients. KPMG audit clients should check with their respective lead audit partner for more information.