Security News

Find out what your company could risk by not getting cybersecurity audits. Steven Wertheim, president of SonMax Consultants, in his CPA Journal article Auditing for Cybersecurity Risk makes a strong case that auditing should be a part of every cybersecurity defense program.

The Ministry of Defence's multibillion budget overrun has been caused in part because of its spending splurge on flashy new "Cyber" capabilities, according to the National Audit Office. The MoD faces a budget black hole measured in billions thanks to its profligacy - and even the announcement of a cash top-up of £4bn per year between now and 2024, on top of its £41.2bn annual budget, won't be enough to plug it, according to the auditors.

Through most of 2020 bans on Chinese apps have meant geopolitical strife, but China yesterday revealed it has started banning some of its own apps. A ban on 34 apps was among the nuggets of news revealed, with their banishment from local app stores the result of a departmental trawl of 320,000 apps offered in local download-marts.

Shujinko launched AuditX, a SaaS platform that simplifies, automates and modernizes the enterprise cloud security compliance audit process to make it up to 3x faster and dramatically simpler. Simultaneously, the company announced its Automated Evidence Collection Engine, the industry's first platform for automatically orchestrating, collecting and transforming compliance evidence directly from public cloud platforms and other SaaS systems.

The US Department of the Interior spectacularly failed its latest computer security assessment, mostly for a lack of Wi-Fi defenses. The infosec experts also noted other security shortfalls, such as a lack of network segmentation that would allow intruders to casually move between systems, incomplete inventory records of wireless networks, and a reliance on pre-shared keys that could be exploited by miscreants to eavesdrop on network traffic.

CISOs are tasked with preparing for more than three audits on average in the next 6-12 months, but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes. "This survey clearly shows that CISOs at major companies are caught between a rock and hard place when it comes to security and compliance audits over the second half of 2020 and want automated tools to help dig them out. Unfortunately, they're simply not able to find them," said Scott Schwan, Shujinko CEO. "Teams are cobbling together scripts, shared spreadsheets, ticketing systems and a hodgepodge of other applications to try to manage, resulting in inefficiency, lengthy preparation and limited visibility. More than two-thirds of CISOs are looking for something better."

Calendars for security and compliance audits are largely unchanged despite COVID-19, but the pandemic is straining security teams as they work remotely, according to the findings of a recent survey by automated audit prep provider Shujinko. The survey of North American CISOs documented the challenges facing security and compliance professionals preparing for a wave of upcoming audits and was conducted by Pulse in late June 2020.

Thousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organizations' premises to conduct essential re-certification audits during the current coronavirus pandemic. Worldwide, hundreds of thousands of certifications are at risk of lapsing as lockdown conditions look set to continue for the foreseeable future.

Chief audit executives and internal audit leaders report their next-generation competency levels in three vital areas - governance, methodology and enabling technology - to be remarkably low, a Protiviti survey reveals. Nearly 780 Chief Audit Executives and internal audit leaders were surveyed across industries to uncover the pressing priorities for internal audit functions when it comes to next-generation auditing skills.

Quest Software, a global systems management, data protection and security software provider, announced new capabilities available within On Demand Audit to support the industry-wide shift to the cloud and ensure Microsoft environments remain secure in the face of growing malware and cyber threats. To further help customers tighten their security posture, streamline auditing processes, and adhere to compliance requirements, On Demand Audit now features new support for Teams and delivers the necessary auditing and alerting on all critical events to minimize vulnerabilities across the business collaboration tool.