Cyber Risk Services

Specialized services focusing on automotive security. The scope includes complete cars as well as individual ECUs. Testing activities address investigation on electronics and firmware level, in-vehicle automotive buses like CAN, Automotive Ethernet or Flexray and the connected vehicle ecosystem.

Testing and evaluation of off-the-shelf electronics products, IoT, automotive or healthcare devices and electronics. Typical projects include:

• Circuit level testing a.k.a. hardware hacking
• Firmware level assessment
• Bus and interface testing, including internal and external communication channels
• Application and backend testing

We cover the security needs of complex industrial environments, from the shop floor to the product and its backend environment too. The range of tests include, but is not limited to:

• Penetration testing on application and network-level
• Shop floor infrastructure security assessment
• Network segmentation and configuration review
• Hardware-level security testing of Industrial IoT (IIoT) devices
• Simulation of ransomware and APT attacks

Simulate complex, real-world-like cyber-attacks including social engineering (e.g. spear phishing or physical intrusion), assumed breach scenarios, external or internal attacker simulations or focused scenarios for high risk applications and systems.

Focuses on web, API, mobile and binary applications penetration testing. Besides discovering typical vulnerabilities, we also tests application logic flows and apply advanced techniques (e.g., reverse engineering).

Infrastructure level testing of external perimeters or entire internal networks (e.g. office or production zone), including wireless systems, desktop security review for standard office laptops/workstations or remote access solutions, such as Citrix/VDI desktop or breakout tests for application virtualization or breakout tests for specialized kiosk solutions, such as ATMs, or HMI devices in medical or industrial facilities.

We provide expertise and highly specialized resources to support clients in all aspects of forensic scenarios, including prevention, detection and investigation in the following areas:

• Digital evidence acquisition
• Digital evidence analysis
• Forensic archiving
• E-Discovery
• Complete forensic investigation
• Non-technical investigation services
• Fraudulent-case consultancy services
• Interview training
• Deloitte Halo whistleblowing solution

When in need, we offer our quick response team for security incidents and breaches, including:

• On-site security support
• Forensic investigation and malware analysis
• System hardening
• Recovery / Data recovery / Service recovery