Cyber Audits: The Missing Layer in Cybersecurity

Uploaded on 2018-11-02 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Involving the audit team ensures that technology solutions are not just sitting on the shelf or being under-utilised to strategically address security risks.

There is a broad spectrum of cybersecurity preparedness on the enterprise landscape, but even organisations that are relatively well-resourced and committed to cybersecurity stand to benefit from cybersecurity audits.

There is no question that, in many cases, earlier and expanded input from auditors would have helped organisations that have suffered high-profile cyberattacks from sifting through the financial and reputational damage that ensued.

Cybersecurity audits provide a key, additional layer of assurance to organisations that they are safeguarding the data that has become increasingly essential in driving and transforming virtually every business process.

The audit function is well-positioned to assess the data protection and controls around those business processes. Organisations that have mature security teams in place might figure they have cybersecurity covered, but how is the effectiveness of that security team being evaluated, and who is ensuring that new threats are being considered on a regular basis? Audit teams need to be part of these mission-critical answers.

Unless organisations have robust risk management processes in place, and many do not, there are common gaps in organisations' cybersecurity posture that cyber audits can help identify, most notably insufficient controls around data management.

Not only can cyber audits identify these gaps, they also counteract the tendency for organisations to become complacent and reactive by assuring that risk assessments are being conducted regularly.

People, Processes & Technology

Organisations often miss the mark on cybersecurity when they focus predominantly on the technology components of their programs rather than looking at people, processes, and technology in a more overarching way.

Involving the audit team in cybersecurity helps make sure that the attention is not just on technology implementations; auditors also can identify instances when technology solutions are sitting on the shelf or being underutilized, rather than being deployed to strategically address security risks. Additionally, audits can help evaluate critical challenges such as coverage models, skill sets, training, and gaps in key resource capabilities.

When organisations are astute enough to turn to their audit teams for cybersecurity support, auditors must be prepared to deliver value, aligned to the speed of their business. Just as the businesses that auditors support, are rapidly transforming, the audit groups must follow suit.

This can be challenging, considering many IT auditors received much of their professional training many years ago, when the word cybersecurity did not command the attention it does today, and before transformative technologies such as artificial intelligence, connected Internet of Things devices, and cloud-based platforms were so prevalent and impactful.

Here's the good news: There are many more educational and training resources available today than 20 years ago, when I began in IT audit.

Despite time and budget constraints, it is incumbent upon auditors to pursue the appropriate training and credentialing to transform their organisations, refresh their skill sets, and obtain the auditing cybersecurity acumen needed to become integral to their organisation's cyber programs.

With few exceptions, enterprises depend upon their technology more than ever to swiftly deliver value. Reliance upon effective and secure technology deployment has spread well beyond a centralised IT department.

Having the needed controls in place to contend with an ever-growing array of threats, risks, and vulnerabilities can be the difference between thriving and floundering in today's digital economy. With so much at stake, enterprises cannot afford to take any shortcuts. Activating the additional line of sight that the audit function is uniquely equipped to provide can make all the difference.

Dark Reading:                       Image: Nick Youngson

You Might Also Read: 

Cyber Security is Now Business Critical (£):

4 Steps Toward A GDPR Compliance Audit:

 

« Machine Learning & Big Data - Where You Least Expect It
How Cybersecurity Threats Are Growing Investments »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Glocomms

Glocomms

Glocomms is a leading specialist recruitment agency for the tech sector, providing permanent, contract, and multi-hire recruitment from our global hubs in San Francisco, New York, London and Berlin.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

63 Moons Technologies (63MT)

63 Moons Technologies (63MT)

63 Moons Technologies is a world leader in providing next-generation technology ventures, innovations, platforms, and solutions.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.