“Yes, Your Business is a Target” – Webinar by Matt Kinsey
“Yes, Your Business is a Target” – Webinar by Matt Kinsey
"The cyber-attack footprint has changed. Has your security profile changed to match? Cybercriminals are no longer operating in their basements. Today, they are sophisticated operators that rival the structure of major corporations. Businesses should enable the layers of security needed and identify where they are over-spending and where they are often lacking. Companies can improve the security profile often with little to no additional cost," said Matt Kinsey
Matt Kinsey, Chief Information Security Officer for IT Fusion, LLC, an IT management company located in southeast Florida, United States, delivered a presentation to increase awareness of cybersecurity for members of the Institute of Internal Auditors, Doha Chapter.
According to Palo Alto Networks, the global cybersecurity leader, the average demand for a ransomware incident was $2.2 million, with an average payout of over USD 540,000. The ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web "leak sites" where they pressured victims to pay up by threatening to release sensitive data. The most affected industries were Professional and Legal Services, Construction, Wholesale and Retail, Healthcare, and Manufacturing.
The tactics have changed over the last few years. Modern cybercrime attacks often involve transferring data from a compromised system. The criminal groups then threaten to make this data available for sale via the Dark Web, which increases their chance of receiving a payout.
"This requires a comprehensive approach to cybersecurity that covers all seven security layers, from the human element to critical assets. It also requires implementing a trusted cybersecurity framework based on ISO 27001 and ISO 27002 international standards," stated Kinsey. Based on his experience, Kinsey says that most companies overspend on endpoint protection and underspend on application security measures.
There are several steps that companies can take immediately to increase their security posture. These include email filtering to protect systems from phishing attacks sent via email, application whitelisting to protect from both known and unknown threats, and multi-factor authentication to provide additional verification of an end-user identity.
Matt emphasized the need to conduct a security audit as the first step so companies can determine their risk, allowing them to create a plan to address those risks. This should be a business-driven project involving IT and Information Security staff, not an IT project for the most effective solution.
The month of May is celebrated as Internal Audit Awareness Month. As we celebrate Awareness Month, every practitioner should take steps to improve their service to stakeholders. The IIA surpassed 200,000 members, a momentous milestone. Pride in the profession should be evident every day of the year. Audit practitioners should raise awareness of the value audit brings to organizations and, most importantly, live up to the picture we are painting about the profession. A program with such a reputed expert is a huge thing to happen. The IIA Chapter is also conducting training for CIA Examination in Arabic during this month," said Sundaresan Rajeswar, a Board member who coordinated the event.
Muralikrishnan hosted the event, Rashid al Rashidi welcomed the gathering, and Adel Al Hashmi, the IIA President, made closing remarks and thanked the speaker. Aisha Rafique was the liaison with the speaker. For more information on the webinar, please contact the IIA at seminar@theiiaqatar.org