How can internal audit assist organisations in defending themselves against bad actors who are using their own technology against them? How can organisations protect themselves?
Organisations have worked diligently for decades to protect data and information assets. Organisations deploy encryption technology, access limitations, and physically and logically segment valuable, sensitive, and proprietary data and information assets in an effort to keep bad actors from viewing, stealing, altering, or destroying them. However, at the same time, the bad actors have improved their craft; they infiltrate and steal these assets by using the same technology designed to protect them.
One of the primary methods used to extort and humiliate organisations throughout the globe is to impact technology using ransomware, which is designed to deny a user or organisation access to files on their computers and servers. By encrypting the files and demanding a “ransom” payment for the decryption key, this malware places organisations in a position where paying the ransom may be the easiest way to regain access.
Who will benefit from this course?
This course is for internal audit leaders and internal auditors who wish to gain a basic understanding of ransomware.
Course Objectives
Using clear business language, this seminar is designed to familiarise internal auditors and internal audit leaders with ransomware facts and types, as well as the means to reduce threats and improve controls. In this seminar, we will:
- Explore the origin of ransomware.
- Recognise the characteristics of common and emerging ransomware variants.
- Describe the primary ways ransomware is delivered.
- Identify controls to reduce the possibility of infection.
- Explore compensation controls to reduce the likelihood of infection by zero-day attacks.
- Summarise the key components in a ransomware playbook.
- Describe the key elements of a ransomware prevention, detection, and response program audit.
- Discuss how audit leaders can talk to their board of directors and other key stakeholders about ransomware and its impact.
Course Topics
- Origin of ransomware
- Exploitation
- Controls
- Auditing ransomware programs
- Management discussion points
Presenter: Tariq Islam PMIIA | Managing Director | RapidLynx Consulting
Tariq is a highly experienced internal audit and risk management professional with nearly 20 years of corporate experience. In 2023, Tariq started a boutique data, analytics and digital consultancy called RapidLynx Consulting which mainly services internal audit, risk and compliance teams. As part of his consultancy, Tariq also works with IIA-Australia to help deliver External Quality Assessments of internal audit functions. Prior to starting RapidLynx, Tariq spent 7 years working in internal audit at two of the Big 4 banks where he held Executive Manager roles at both banks. In addition to specialising in data and analytics within internal audit, Tariq worked closely with technology and cyber risk audit teams and helped deliver many technology and cyber risk audits. Tariq has a technical background and completed a double degree in Engineering (Computer Systems) and Maths & Computer Science from the University of Adelaide. After working as a defence engineer for several years post University, he spent several years at PwC in risk consulting prior to working in banking.
Online Classroom: This training program will be delivered on the morning of 1st November using Zoom. Registrations will be strictly limited to 15 participants to allow maximum interaction in the online environment. For Funds Transfer payments: Download the funds transfer registration form here and email the completed form to [email protected].
