What should internal auditors ask to assess the organization's protections from ransomware attacks?
Now is a time of unprecedented state-on-state ransomware attacks. To protect an organization from these attacks, internal auditors should question whether senior executives and the board support designing a holistic approach for people, process, and technology to make a defense strategy successful. Does IT security governance include the human factor in its corporate risk analysis and assessment? Is there a business continuity/disaster recovery cyber breach program that originated from a business impact analysis that includes vulnerability assessment and ethical hacking?
What is the most important deterrent to mitigate the risk of an attack?
Employees are an organization's greatest asset, but also its greatest security risk. As new types of cyberattacks grow, organizations must do people "patching" — training employees on how to recognize, analyze, and respond to vulnerabilities. Those vulnerabilities include out-of-date operating systems and software, and suspicious emails and attachments. Also, IT should make sure antivirus programs are installed and that files are backed up daily somewhere not connected to the internet.