SEARCH
 
 
 
Jul
06

Conducting A Business Audit to Detect Cybercrime Attacks

Posted by David Mills
 

Cybercrimes are on the rise. This statement makes sense when considering that any company using the Internet is a target for cybercrime, which includes just about everyone on the planet. According to the Federal Trade Commission (FTC), nearly 10 million Americans have had their personal information stolen at an estimated cost of $5 billion for individuals and $48 billion for businesses.

Cybercrimes are Increasing. Watch out for Zeus!

Unfortunately, cybercrimes are growing increasingly more sophisticated. According to Symantec, the largest provider of security software, cyber criminals are now using a powerful crimeware kit known as Zeus. This kit was created to enable criminals to gain complete access to business computer systems. It allows for the reviewing and stealing of files, copying of passwords and credit card information, and recording of keystrokes. What makes Zeus even more dangerous is that cyber criminals are constantly revising the program to create variants that make it even more powerful and virtually impossible to detect.

What can you do to detect cybercrime and guard against cybercrime?

It is often difficult to detect some types of cybercrime. In many cases, it is a stealthy activity that is difficult to monitor without an established security baseline. A security baseline establishes what the norm should be, allowing easier detection of changes and compromised or stolen data.  Completing a complete Cyber Security Audit will establish this baseline. Coupled with a yearly IT security assessment by an objective third party IT auditor with a proven methodology and real experience for reviewing IT systems (including research, testing and analysis), should be part of your annual plan. Technology is rapidly changing, so updating security measures accordingly should be addressed on an ongoing basis.

What should the Cyber Security Audit (or IT Audit) include?

The auditors should begin by reviewing all relevant policies to determine the risks to the data. They should check for unauthorized implementations such as rogue wireless networks or unsanctioned use of remote access technology with documentation of all the steps that an attacker could take to exploit any vulnerability of your system.

The auditor’s report should review all pertinent information about your organization, including the results of testing to confirm exposures and include a risk analysis report that lets your firm know the exposure to IT risk that exists, plus recommendations for tightening security and strengthening your network defenses, with a recommended disaster recovery process, including data backup and recovery.

The net result of the audit process is to raise the bar on IT security to establish a new norm. Once the new norm is in place, your firm will be far less vulnerable to cyber attack, as well as far more able to detect and prevent it.

What questions do you have about protecting your firm from cybercrime? Do you require an IT audit?

SHARE:  
 

About David Mills
David is an IT consulting partner who conducts numerous IT audits and IT reviews. He likes to listen to Joss Stone, Dave Matthews Band and Mozart. He loves golf, cars and (of course) computers. He's a pretty fun guy. We know this because he told us.
This entry was posted in CONSTRUCTION, FINANCIAL INSTITUTIONS, FORENSIC SERVICES, GOVERNMENT, HEALTHCARE, INSURANCE, IT Consulting, MANUFACTURING & DISTRIBUTION, NOT-FOR-PROFITS and tagged .


Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>