Page 233 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 233
CA Ravi Taori
Insider Threats:
Current or former employees can pose risks to an organization due to their access to the company network,
sensitive data, IP, and knowledge of business operations, making them capable of executing attacks.
DNS Tunnelling:
DNS Tunnelling is a cyberattack using DNS queries to bypass security, allowing hackers to transmit data or
deploy malware by encoding information in DNS responses.
IoT-Based Attacks:
An IoT attack targets Internet of Things devices or networks, letting hackers control the device, steal data, or add
it to an infected group.
(CNO DAA.160) Stages of Cyber Risks:
Following are 3 Stage of cyber risk.
Stage 1 - Assessing the cyber risk.
Stage 2 - Impact of cyber risk
Stage 3 - Managing the cyber risk
Stage 1 - Assessing the cyber risk:
Risk Immunity: No organization is completely immune to cyber risk, with varying levels across different clients
in the same industry.
Ransomware Threat: Organizations must consider the risk of ransomware attacks, which can disable their
operations, including plants and manufacturing facilities.
Phishing and Hacking: The threat of common criminals using email phishing and hacking for fraudulent
activities and theft is a significant risk.
Insider Threats: The potential for insiders to commit malicious or accidental activities leading to unintended
information theft and frauds is another crucial risk to consider.
Stage 2 - Impact of cyber risk:
1. Financial Implications:
- Regulatory costs.
- Fines and penalties.
- Incident response cost which could be for investigations & remediations.
- Intellectual property theft which may not only take the competitive advantage, but we may also result in any
impairment/impediment charge because of the loss of IP.
2. Operational Disruptions:
- Business interruptions causing an operational challenge for an organization.
- Ransomware - more common these days where entire systems are encrypted.
3. Data and Privacy Concerns:
- Data loss, reputational loss, and litigation.
- Breach of Privacy, if personal data of a consumer is hacked it could have a significant impact on the
organization.
Stage 3 - Managing the cyber risk:
Comprehension: Gain a holistic understanding of the cyber risks and threats facing the organization.
Compliance: Assess existing IT and cybersecurity programs against relevant regulatory requirements.
Alignment: Align cybersecurity and IT transformation initiatives with strategic objectives and critical risks.
Controls: Understand accepted risks and documented compensating controls.
(CNO DAA.180) Cyber Security Framework
Identify the risk.
Protect the risk.
Detect The risk. (Attacks)
www.auditguru.in 12.8