In January 2021, the Institute of Internal Auditors (IIA), an international association whose members work in internal auditing and risk management, released a report identifying what they believe will be some of the key risks that businesses and organizations worldwide will face in 2021.
Many of these involve cyber security threats, which the IIA believes will become increasingly menacing in 2021.
The report, “OnRisk 2021,” is designed to “offer organizations the opportunity to carry out their introspective examinations of risk management” and to help them prepare for what may be another challenging year, primarily due to COVID and political winds, when it comes to corporate security.
According to Larry Dietz, TAL Global’s General Counsel and Managing Director of Information Security, and a retired Colonel in the U.S. Army, “our clients and all organizations should be advised not to neglect their cyber security in these times of uncertainty.
Our adversaries, foreign and domestic, may use the cover of internal and international disturbances to engage in cyberattacks and cyber security breaches. The rampage through the Capitol splashed physical destruction across traditional and social media, however, the ultimate of impact of data theft and future cyber breaches is yet to be determine.”
Because of this, TAL Global believes many of the following points discussed in the report should be presented here, starting with the IIA’s definition of organizational the word “risk:”
The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is part and parcel of modern economic theory. As social, business, and government institutions have become more complex, global, and entwined, mastering the art and science of risk management has become ever-more imperative—and elusive.
Among the key cyber security risks pointed out in the report are the following:
Cyber attacks. Cyberattacks are no longer just bothersome. They can become potentially calamitous for organizations, including governments. The recent cyberattacks on U.S. government agencies and American businesses is likely an example of this. At this point, we just do not know all the implications and the seriousness of these cyberattacks.
However, according to the IIA, when it comes to cyber security cyberattacks, we can expect “growing sophistication [by hackers] that can wreak havoc, often resulting in disastrous financial impacts. The cybersecurity threat depends on the weakest link in the organization, and the weakest link is always people.”
Phishing and malware infections. The report indicates these are two of the most likely threats most organizations will face in 2021. They have become a much greater concern (as we shall discuss next in more detail) because of remote working. “Phishing is sending emails disguised as those from reputable organizations that induce recipients to divulge personal or confidential information,” says Dietz. “This information may also be corporate information that should remain confidential.”
Malware is designed to damage or disable one or more computer systems in an organization. “In an in-house corporate setting, both phishing and malware may be caught and prevented by internal computer safeguards not always available to staffers working remotely,” adds Dietz.
Ransomware. In 2019, the FBI Internet Crime Complaint Center (IC3) received over 2,000 complaints with adjusted losses of over $8.9 million. This figure is expected to significantly increase in 2020.
Remote working. The IIA report indicates that “the efficacy of controls” has diminished as more staffers work remotely. In a very general sense, the efficacy of controls refers to administrators’ ability to supervise workers, for instance, in an office setting. But when they work remotely, it makes it much more difficult to oversee worker activities and, because of this, ensure data security. This also can open the door to fraud, bribery, and financial crimes that “can happen more easily in a remote working environment.”
Data governance. According to the IIA report, the COVID-19 pandemic has forced many organizations to collect more information—and more sensitive information—from and about employees and customers than ever before. However, steps to protect this data have lagged, making it easier for hackers and bad actors to potentially collect this information, making it public or using it for unsavory purposes.
The report concludes that in 2021, more organizations should obtain a “top-down” insight into their business operations.
“This typically involves the use of risk assessments such as those advocated by the NIST Cyber Security Framework,” explains Dietz. “This way, organizations can better anticipate what might happen and whom it could affect in an organization, giving them the ability to respond promptly and effectively.”
As always, we value your feedback, which helps us shape our perspective on recent events, security, and the services we offer.
Chief Executive Officer