Microsoft has announced a new collaboration with PwC to expand its joint incident response and recovery capability. In this global alliance, Microsoft begins the initial containment and investigation, seeking to help evict the bad actors faster and more effectively.

PwC can then work on securely rebuilding and restoring mission-critical systems, while helping clients manage the broader incident, including incident reporting, crisis management, and a recovery strategy. 

“This type of industry collaboration is key to addressing the volume, complexity, and severity of breaches we see today. It will take all of us working together to stop nation-actors from attacking organizations and governments around the world,” said Kelly Bissell, Corporate Vice President, Microsoft Security Solutions.

“For example, Microsoft security researchers have seen a 130.4 percent increase in organizations that have encountered ransomware over the last year. Microsoft Threat Intelligence is tracking more than 300 unique threat actors, including 160 nation-state actors, 50 ransomware groups, and hundreds of others.”

When an organisation experiences a crisis and engages Microsoft Incident Response and PwC, both teams can immediately mobilize.

Microsoft can have people in their offices within 24 to 48 hours, parlaying their large global footprint so they can be at wherever the issue is quicker.

The Incident Response team focuses on evicting the bad actor, determining root cause analysis, and getting the customer’s core technology back up and running.

“Our extensive relationships with government agencies and organizations around the world can help stop the damage and bring criminals to justice. We can help find the bad guys so customers can start their recovery journey,” said a spokesperson.

Meanwhile, PwC focuses on the broader incident response, like executing contingency plans - or helping companies navigate through the situation quicker, updating business processes, and identifying control failures to design a prioritized and measurable recovery strategy.

They can work closely with C-suite and the board of directors to help address their needs.

For example, the chief financial officer should understand the cost implications due to fines or fees. The legal counsel should engage the right law firm to help during the response and recovery. And the board and public relations team should figure out the appropriate thing to say to the media and customers. P

wC can stay with customers to provide guidance throughout this very abridged sample recovery journey with the goal of helping the company emerge stronger.

“Time is often the enemy in any breach. The incident response collaboration between Microsoft and PwC means our customers have a team that can help support them from discovery through recovery. With a global footprint and history of recovery, remediation, and transformation experience, we can assist customers with the speed, agility and broad knowledge needed to provide a level of confidence and professional services during a potentially chaotic period,” said Sean Joyce, Global Cybersecurity and Privacy Leader, PwC.

“To connect with PwC and learn more about this collaboration, register for our webinar in December 2023 called “5 things you (probably) don’t know about incident response.”