Security News

Internal audit's ongoing digital transformation will rapidly accelerate in 2021, with 22% of respondents reporting that they will implement cloud-based technology this year, resulting in a majority of internal audit teams using a cloud-based audit management or GRC software solution for the first time, an AuditBoard survey reveals. "Many internal audit teams that have not yet shifted to a cloud approach are now set to reap the benefits of modernization - including gaining greater bandwidth for strategic, value-add activities - and will be better positioned to protect their organizations from new and emerging risks," said John Reese, AuditBoard's CMO. "They'll also get to equal footing with other functions within their organization who have already made the move to cloud-based solutions."

A study of 299 internal audit organizations showed that the function faced both declining budgets and a significantly expanded workload in 2020, according to Gartner. "For many heads of audit, it's not clear where the extra capacity is going to come from," said Margaret Moore Porter, managing vice president in the Gartner Audit practice.

Your company takes compliance and security very seriously, but you've no idea what or how to layer on top of AWS's existing security and compliance protocols to achieve levels necessary for compliance certification. In this case and others, passing a compliance audit may prove particularly problematic even though your company is committed to performing at or above baseline legal requirements.

The US Financial Industry Regulatory Authority has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. The domain used in these ongoing phishing attacks was registered just two days ago, on March 3rd, using the NameCheap domain name registrar.

Secondly, a given password might be somewhat easy to guess, despite existing password requirements. Password changes only occur via the user or Active Directory administrator.

Find out what your company could risk by not getting cybersecurity audits. Steven Wertheim, president of SonMax Consultants, in his CPA Journal article Auditing for Cybersecurity Risk makes a strong case that auditing should be a part of every cybersecurity defense program.

The Ministry of Defence's multibillion budget overrun has been caused in part because of its spending splurge on flashy new "Cyber" capabilities, according to the National Audit Office. The MoD faces a budget black hole measured in billions thanks to its profligacy - and even the announcement of a cash top-up of £4bn per year between now and 2024, on top of its £41.2bn annual budget, won't be enough to plug it, according to the auditors.

Through most of 2020 bans on Chinese apps have meant geopolitical strife, but China yesterday revealed it has started banning some of its own apps. A ban on 34 apps was among the nuggets of news revealed, with their banishment from local app stores the result of a departmental trawl of 320,000 apps offered in local download-marts.

Shujinko launched AuditX, a SaaS platform that simplifies, automates and modernizes the enterprise cloud security compliance audit process to make it up to 3x faster and dramatically simpler. Simultaneously, the company announced its Automated Evidence Collection Engine, the industry's first platform for automatically orchestrating, collecting and transforming compliance evidence directly from public cloud platforms and other SaaS systems.

The US Department of the Interior spectacularly failed its latest computer security assessment, mostly for a lack of Wi-Fi defenses. The infosec experts also noted other security shortfalls, such as a lack of network segmentation that would allow intruders to casually move between systems, incomplete inventory records of wireless networks, and a reliance on pre-shared keys that could be exploited by miscreants to eavesdrop on network traffic.