Cover
RAPPORT

Tone at the top

Cybersecurity culture

The rapid spread of ransomware called WannaCrypt — swiftly dubbed #WannaCry on social media after it paralyzed an estimated 200,000 computers across Europe, Asia, and the Americas — has governance and risk management functions thinking more seriously about how they can strengthen cybersecurity controls. After so many years of often devastating cyber fails, why do organizations continue to be caught short when a new attack is launched?

These breaches may well be abetted unknowingly by organizations’ cybersecurity cultures, wrote IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, in a blog post shortly after #WannaCry swept the globe. “Providing assurance on cybersecurity involves more than just looking at whether the protocols and policies designed to block or discourage cyberattacks are in place and operating effectively,” he wrote. “We must consider how the organization’s culture influences how those protections are carried out.”

One example of this is that some organizations may be willing to accept higher-risk behaviors in email practices in exchange for higher productivity. Another is how efforts to protect data through encryption can be undermined if rules prohibiting or limiting hard-copy versions of the data are not in place or are ignored. Chambers also offered caution about “IT mystique,” where cybersecurity may be viewed as solely within the IT department’s sphere and not open to questioning by other stakeholders.

Building cooperative relationships with IT, chief risk of cers, chief information security officers, human resources, and others who manage cyber risks will help internal auditors strengthen their organization’s cybersecurity culture. Otherwise, internal audit will not be able to gain a clear understanding of what drives cyber risks and what in uences the organization’s cybersecurity culture and share those insights with management and the board.

logo experttube

Video's op het gebied van Audit & Control, Actuariaat & Risk Management, Juridisch & Fiscale Zaken, Pensioenen, Schade & Hypotheken, Compliance en Investment Management.

Bekijk ons volledige overzicht op www.experttube.nl.

logo CareerTube

Videoplatform met werkenbij video's van toonaangevende organisaties in de financiële wereld. Met een focus op de finance specialisatie zorgt de koppeling met de 17 (niche) vacaturesites van CareerGuide direct voor een relevant bereik.

Bekijk ons volledige overzicht op www.careertube.com.