Page 244 - CA Final PARAM Digital Book.
P. 244
DNS Tunnelling is a cyberattack using DNS queries to bypass security, allowing hackers to transmit data or
deploy malware by encoding information in DNS responses.
IoT-Based Attacks:
An IoT attack targets Internet of Things devices or networks, letting hackers control the device, steal data, or
add it to an infected group.
QNO Impact of Cyber Risk New Course – (SM23)
DAA.500 TITANIUM CNO -- DAA.160
Sukanya, a CA final student, is of the view that cyber risks are issues of IT and result only in information
loss to an entity. She also feels that many cyber-attacks are not directly targeted at financial systems and
do not pose risk of material misstatements to financial statements of an entity. Is her view proper?
Answer
The cyber risks are not an issue of IT alone. Rather, it is a business risk and has an effect on whole business
organization. It affects entity’s reputation and can lead to many other consequences which are listed below:-
• Regulatory costs
• Business interruptions causing an operational challenge for an organization.
• Data loss, reputational loss and litigation.
• Ransomware - more common these days where entire systems are encrypted.
• Intellectual property theft which may not only take the competitive advantage, but we may also result
in any impairment/impediment charge because of the loss of IP.
• Incident response cost which could be for investigations & remediations
• Breach of Privacy, if personal data of a consumer is hacked it could have a significant impact on the
organization.
• Fines and penalties
It may happen that many cyber-attacks are not directly targeted at financial systems. However, the access
gained by the attackers may provide them the ability to:
• Manipulate or modify financial records
• Modify key automated business rules
• Modify automated controls relied upon by the management.
Further, auditor should consider whether cyber risk (like other business risks) represents a risk of material
misstatement to the financial statement as part of the audit risk assessment activities. Focus should be on
understanding the cyber risks affecting the entity and the actions being taken to address these risks.
QNO Cyber security Framework New Course – (SM23)
DAA.600 TITANIUM CNO -- DAA.180
Briefly describe the cyber security Framework
The five pillars of Cybersecurity Framework:
1. Identify the Risk:
This involves understanding what assets you have (data, systems, applications) and what threats they face.
Think of it like mapping your valuables and potential entry points for a burglar.
2. Protect the Risk:
Once you know what needs protection, implement safeguards like firewalls, access controls, and encryption.
Imagine installing strong locks and an alarm system on your treasure chest.
3. Detect the Risk (Attacks):
Monitor your systems for suspicious activity that could indicate an attack. It's like having cameras and guards
constantly watching for intruders.
www.auditguru.in PARAM 12.3 | P a g e
