THE ROLE OF INTERNAL AUDIT IN REDUCING THE RISK OF RANSOMWARE
DOI:
https://doi.org/10.56362/Rev22100057JKeywords:
ransomware, cyber risks, cyber threats, cyber security, cyber insurance, Threa lines modelAbstract
Although the list of risks in the field of cyber security is long, ransomware is still at the very top, as a high-risk threat to the security of a business entity. Ransomware can also cause problems such as data leaks and damage to business reputation. The aim of the paper is to examine the role of internal audit in reducing the risk of ransomware. The main conclusion is that effective ransomware detection involves a combination of technology and knowledge, in which the best way to defend is preventative action, and an internal audit function can significantly assist in this.
References
Abdullatif, M., & Kawuq, S. (2015). The role of internal auditing in risk management: evidence from banks in Jordan. J. Econ. Admin. Sci. 31 (1), 30-50.
Alina, M., Cerasela, E., & Gabriela, G. (2017). Internal Audit Role in Cybersecurity. Ovidius University Annals, Series Economic Sciences, 17(2), 510513.
Anders, B. (2019). Cybersecurity Tools for CPAs. CPA Journal, 89(6), 72-73.
Calderon, G., & Gao, L. (2021). Cybersecurity risks disclosure and implied audit risks: Evidence from audit fees. International Journal of Auditing, 25(1), 24-39. https://doi.org/10.1111/ijau.12209.
Carataș M., A., Spătariu E., C., & Gheorghiu G. (2017). Internal Audit Role in Cybersecurity. Ovidius University Annals: Economic Sciences Series, XVII (2), 510-513.
Chaudhary, R., & Hamilton, J. (2016). Internal Audit’s Critical Role in Cybersecurity. New Perspectives on Healthcare Risk Management, Control & Governance, 35(2), 20-29.
Christ, H., Eulerich, M., Krane, R., & Wood, A. (2021). New Frontiers for Internal Audit Research. Accounting Perspectives, 20(4), 449- 475. https://doi.org/10.1111/1911-3838.12272.
Dmitrović, V., Stojanović, D., & Jakovljević, N. (2022). Challenges for information and cyber security of banks in a pandemic environment and user attitudes. In book: Stability, institutional growth and perspectives of the development of the Croatian financial system in the conditions of the Covid-19 pandemic. Chapter: Sveučilište u Rijeci, Ekonomski fakultet.
Eaton, V., Grenier, H., & Layman, D. (2019). Accounting and Cybersecurity Risk Management. Current Issues in Auditing, 13(2), C1-C9. https://doi.org/10.2308/ciia-52419.
Garrie, D., & Halprin, P. A. (2021). Placing Ransomware in Context and Avoiding Liability for Paying Ransomware Claims. Journal of Internet Law, 24(5), 1-19.
Islam, S., Farah, N., & Stafford, F. (2018). Factors associated with security/cybersecurity audit by internal audit function. Managerial Auditing Journal, 33(4), 377-409. https://doi.org/10.1108/MAJ-07-2017-1595.
Jakovljević, N, Jakovljević J. (2021). The impact of the Covid-19 global pandemic on the responsibility of auditors. 92-113. https://mfin.gov.rs/aktivnosti/asopis-finansije-broj-1-62021.
Jakovljević, N. (2021). Analysis of auditor’s characteristics. Monografija konferencije SPIN21. 366-374. http://spin.fon.bg.ac.rs/wp-content/uploads/2021/11/Zbornik-SPIN2021-final.pdf.
Jakovljević, N. (2021). Analysis of the impact of the Covid-19 epidemic through the sojourn tax and the attitudes of the respondents. Trendovi u poslovanju. 2/2021(18) 20-29. http://www.trendovi.vspep.edu.rs/index.php/tp/article/view/246.
Jakovljević, N. (2021). Aplicaton of the digital games in the audit profession. Monografija konferencije SPIN21. 374-382. http://spin.fon.bg.ac.rs/wp-content/uploads/2021/11/Zbornik-SPIN2021-final.pdf.
Jakovljević, N. (2021). Application of artificial intelligence in audit. Monografija konferencije STES21. 277-290. http://stes.unibl.org/wp-content/uploads/2021/11/Dru%C5%A1tvene_zbornik_2021.pdf.
Jakovljević, N. (2021). Irregularities in conducting the list of assets and liabilities. Trendovi u poslovanju, 1/2021(17), 94-104. http://www.trendovi.vspep.edu.rs/index.php/tp/article/view/230.
Jakovljević, N. (2021). Political neutrality in the audit profession: attitudes of respondents in the Republic of Serbia. BizInfo (Blace) Journal of Economics, Management and Informatics. 12(2), 23-38. https://doi.org/10.5937/bizinfo2102023J.
Jakovljević, N. (2021). Use of drones in the audit profession. Monografija konferencije SPIN21. 382-390. http://spin.fon.bg.ac.rs/ wp-content/uploads/2021/11/Zbornik-SPIN2021-final.pdf.
Jakovljević, N., & Jakovljević, J. (2021). The impact of the Covid-19 global pandemic on the responsibility of auditors. Finansije. 92-113. https://mfin.gov.rs/aktivnosti/asopis-finansije-broj-1-62021.
Jeremić, N., Jakovljević, N., Jeremić, M. (2021) Agile internal audit. Revizor. 95-96, 57-76.
Jeremić, N., Jakovljević, N., Jeremić, M. (2022) The role of internal auditing in business continuity. Revizor. 97-98, 53-71.
Jethva, B., Traoré, I., Ghaleb, A., Ganame, K., & Ahmed, S. (2020). Multilayer ransomware detection using grouped registry key operations, file entropy and file signature monitoring. Journal of Computer Security, 28(3), 337-373. https://doi.org/10.3233/JCS-191346.
Kozlova, O., Kononovič, G., Kononovič, V., Romanюkov, G., & Timošenko, M. (2017). Dinamіčnі Vlastivostі Procesіv Zabezpečennя Kіberbezpeki Na Prikladі Auditu Kіberbezpeki. Informatics & Mathematical Methods in Simulation, 7(3), 205-212.
Lankton, N., Price, J. B., & Karim, M. (2021). Cybersecurity Breaches and the Role of Information Technology Governance in Audit Committee Charters. Journal of Information Systems, 35(1), 101-119. https://doi.org/10.2308/isys-18-071
Lanz, J. (2014). Cybersecurity Governance: The Role of the Audit Committee and the CPA. CPA Journal, 84(11), 6-10.
Lanz, J. (2016). Communicating Cybersecurity Risks to the Audit Committee. CPA Journal, 86(5), 6-10.
Li, H., No, G., & Boritz, E. (2020). Are External Auditors Concerned about Cyber Incidents? Evidence from Audit Fees. Auditing: A Journal of Practice & Theory, 39(1), 151-171. https://doi.org/10.2308/ajpt- 52593.
Madani, H., Ouerdi, N., Boumesaoud, A., & Azizi, A. (2022). Classification of ransomware using different types of neural networks. Scientific Reports, 12(1), 1-11. https://doi.org/10.1038/s41598-022-08504-6.
Marcus C. (2019). Avoid Getting Hit by Ransomware: Five Tips for Employees: When Lives Are on the Line, Your Employees Could Be Your Best Line of Defense. Journal of Health Care Compliance, 21(1), 43-46.
Mierzwa, S. J., Drylie, J. J., Cochi Ho, Bogdan, D., & Watson, K. (2022). Ransomware Incident Preparations With Ethical Considerations and Command System Framework Proposal. Journal of Leadership, Accountability & Ethics, 19(2), 110-120. https://doi.org/10.33423/jlae.v19i2.5112.
Min, D., Ko, Y., Walker, R., Lee, J., & Kim, Y. (2022). A Content-Based Ransomware Detection and Backup Solid-State Drive for Ransomware Defense. IEEE Transactions on Computer-Aided Design of Integrated Circuits & Systems, 41(7), 2038-2051. https://doi.org/10.1109/TCAD.2021.3099084.
Oberly, J. (2019). Best Practices for Effectively Defending Against Ransomware Cyber Attacks. Intellectual Property & Technology Law Journal, 31(7), 17-20.
Sabillon, R, Cavaller, V., Serra-Ruiz, J. & Cano, J. (2017). “A comprehensive cybersecurity audit model to improve cybersecurity assurance”, International Conference on Information Systems and Computer Science, pp. 253-259. https://doi.org/doi.org/10.1109/INCISCOS.2017.20.
Sabillon, R. (2018). A Practical Model to Perform Comprehensive Cybersecurity Audits / Un modelo práctico para realizar auditorías exhaustivas de Ciberseguridad. Enfoque UTE, 9(1), 127-137. https://doi.org/10.29019/enfoqueute.v9n1.214.
Steinbart, P., Raschke, R., Gal, G., & Dilla, W. (2018). The influence of a good relationship between the internal audit and information security functions on information security outcomes. Acc. Organ. Soc. 71, 15-29. https://doi.org/10.1016/j.aos.2018.04.005.
Sumner, P., & Keenan, R. (2022). Ransomware Attacks on Healthcare Providers -What You Need to Know. Journal of Health Care Compliance, 24(2), 11-69.
Tran N., & Andrea T. (2021). Cyber-Security Risks Assessment by External Auditors. Interdisciplinary Description of Complex Systems, 19(3), 375-390. https://doi.org/10.7906/indecs.19.3.3.
Turetken, O., Jethefer, S., & Ozkan, B. (2020). Internal audit effectiveness: operationalization and influencing factors. Managerial Audit. J. 35 (2), 238-271. https://doi.org/10.1108/MAJ-08-2018-1980.
Wade, M. (2021). Digital hostages: Leveraging ransomware attacks in cyberspace. Business Horizons, 64(6), 787-797. https://doi.org/10.1016/j.bushor.2021.07.014.
Wertheim, S. (2019). Auditing for Cybersecurity Risk. CPA Journal, 89(6), 68-71.
Deloitte USA (2017) Cybersecurity and the role of internal audit: an urgent call to action.
The Institute of Internal Auditors (2020) GTAG, Assessing cybersecurity risk.
