Risk In Focus 2021 – Hot topics for internal auditors - survey has been recently published, the result of cooperation of Internal Audit Institues from 10 European countries, under the auspices of ECIIA (European Confederation of Institutes of Internal Auditors) which reports on a yearly base a map of the main risks companies will have to face vis a vis future audit plans.
Risk In Focus 2021 shows that this year Cybersecurity and data security rank first in the list of risks organizations are facing.
Some of the factors which have made companies more vulnerable to cyber-attacks are:
- The sudden and extensive use of homeworking
- The use of personal devices to have access to confidential data and information
- WiFi connection at home.
Isolation makes us more vulnerable
Smartworking consolidation, isolation at workplace and the lack of direct relations with colleagues makes us more vulnerable and victims of hacker attacks that often use deceitful e-mails apparently coming from top managers.
The research also shows that many do not understand the importance of Cybersecurity issue and therefore they do not comply with security protocols: some think they are an obstacle to productivity (51%), others know not being controlled by IT division when doing homeworking (48%).
Data and information protection, therefore, represent more and more a priority for each kind of organisations.
“Cyber threat”: which are the most frequent criminal cyber activities?
The first step to protect both data and resources is knowing which the threats are which can endanger the corporate IT systems:
- Abusive access to a protected information system;
- Digital fraud: violation of digital devices with the aim of earning money through information, data or software fraud;
- False identity: fraud to real or digital identity of another person;
- Phishing: fraud that aims at encouraging users to provide confidential information. The instruments currently used for enticement are: e-mails, webistes and ads;
- Damaging of digital information, software data, impairment of IT systems, abusive password possession and diffusion;
- Mail interception, destruction and theft, including e-mails.
The time has come for a technological and cultural revolution
Being able to provide data and information security even in homework setting is, therefore, crucial since we expect that remote working will be more and more implemented eveng once Covid19 emergency is over.
This process must involve security systems, which need to be improved and reinforced, togheter with people’s awareness and their behaviours.
A true cultural change that goes together a detailed training of people about the risks following ignorant behaviours.
As for Cyber and data privacy Italy results hardly prepared to prevent and face the risk, therefore an action is required for a detailed assessment of cyber risk especially for SMEs which are most vulnerable to IT risks.
In order for these needs to be met, RSM IT Consulting team is able to:
- support you when choosing the most effective protection technology solutions
- to define staff training activities (e-learning mode) on cybersecurity framework & risk analysys.
Please, contact us to know more.