Guarding Against Ransomware

Internal audit can help scrutinize cybersecurity practices and plans, says Soo-young Lee, lead internal auditor at Songwon Group.​

Comments Views

​What should internal auditors ask to assess the organization's protections from ransomware attacks?

Now is a time of unprecedented state-on-state ransomware attacks. To protect an organization from these attacks, internal auditors should question whether senior executives and the board support designing a holistic approach for people, process, and technology to make a defense strategy successful. Does IT security governance include the human factor in its corporate risk analysis and assessment? Is there a business continuity/disaster recovery cyber breach program that originated from a business impact analysis that includes vulnerability assessment and ethical hacking?

What is the most important deterrent to mitigate the risk of an attack?

Employees are an organization's greatest asset, but also its greatest security risk. As new types of cyberattacks grow, organizations must do people "patching" — training employees on how to recognize, analyze, and respond to vulnerabilities. Those vulnerabilities include out-of-date operating systems and software, and suspicious emails and attachments. Also, IT should make sure antivirus programs are installed and that files are backed up daily somewhere not connected to the internet.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Ia Online StaffIa Online Staff<p>Written by <em>Internal Auditor </em>magazine staff.</p>


Comment on this article

comments powered by Disqus
  • AuditBoard-January-2022-Premium-1
  • CIA-January-2022-Premium-2
  • 2022-GAM-January-2022-Premium-3



Stopwatch Auditing Auditing
Thanks, We Already Know That, We Already Know That
Remember the 98 Account the 98 Account
Hidden Goals Goals