Page 233 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 233

CA Ravi Taori
         Insider Threats:
         Current or former employees can pose risks to an organization due to their access to the company network,
         sensitive data, IP, and knowledge of business operations, making them capable of executing attacks.
         DNS Tunnelling:
         DNS Tunnelling is a cyberattack using DNS queries to bypass security, allowing hackers to transmit data or
         deploy malware by encoding information in DNS responses.
         IoT-Based Attacks:
         An IoT attack targets Internet of Things devices or networks, letting hackers control the device, steal data, or add
         it to an infected group.

         (CNO DAA.160) Stages of Cyber Risks:
         Following are 3 Stage of cyber risk.
         Stage 1 - Assessing the cyber risk.
         Stage 2 - Impact of cyber risk
         Stage 3 - Managing the cyber risk
         Stage 1 - Assessing the cyber risk:
         Risk Immunity: No organization is completely immune to cyber risk, with varying levels across different clients
         in the same industry.
         Ransomware Threat: Organizations must consider the risk of ransomware attacks, which can  disable their
         operations, including plants and manufacturing facilities.
         Phishing and Hacking: The threat of common criminals using email phishing and hacking for fraudulent
         activities and theft is a significant risk.
         Insider Threats: The potential for insiders to commit malicious or accidental activities leading to unintended
         information theft and frauds is another crucial risk to consider.
         Stage 2 - Impact of cyber risk:
         1. Financial Implications:
            - Regulatory costs.
            - Fines and penalties.
            - Incident response cost which could be for investigations & remediations.
            - Intellectual property theft which may not only take the competitive advantage, but we may also result in any
         impairment/impediment charge because of the loss of IP.
         2. Operational Disruptions:
            - Business interruptions causing an operational challenge for an organization.
            - Ransomware - more common these days where entire systems are encrypted.
         3. Data and Privacy Concerns:
            - Data loss, reputational loss, and litigation.
            -  Breach  of  Privacy,  if  personal  data  of  a  consumer  is  hacked  it  could  have  a  significant  impact  on  the
         organization.
         Stage 3 - Managing the cyber risk:
         Comprehension: Gain a holistic understanding of the cyber risks and threats facing the organization.
         Compliance: Assess existing IT and cybersecurity programs against relevant regulatory requirements.
         Alignment: Align cybersecurity and IT transformation initiatives with strategic objectives and critical risks.
         Controls: Understand accepted risks and documented compensating controls.

         (CNO DAA.180) Cyber Security Framework
         Identify the risk.
         Protect the risk.
         Detect The risk. (Attacks)

         www.auditguru.in                                                                                  12.8
   228   229   230   231   232   233   234   235   236   237   238