Read Aloud the Text Content

This audio was created by Woord's Text to Speech service by content creators from all around the world.

Text Content or SSML code:

As the fall-out of the Covid-19 pandemic continues into 2021, the remote work infrastructure of industries around the world continues to increase. In the context of audit, specifically systems audit, we will look at 2 major players that are likely to shape how covid-19 impacts the information technology side of audit in 2021. The first being the risks of remote working tools. And the second one will highlight the increase in fraud. Due to the pandemic, many desks across the globe remain empty as companies adapt to working from home. While this transformation provides flexibility and a level of comfort, it is also exacerbating existing trends to another level. We begin with insecure networks. Insecure networks pose a challenge to continuity of business. Companies go to major lengths to protect their I.T infrastructure with monitoring tools and firewalls. Your personal computer and home network are highly unlikely to provide that level of security that a corporate network provides, which in return compromises business data and applications. Moving on, phishing attacks have been the primary method of cyber-attacks. Phishing is a type of cyber-attack that uses electronic communication to fraudulently obtain sensitive information. According to Morphisec Technologies which is a company that offers security solutions, since March 2020, phishing attacks went from 2,000 per week, to 90,000. Also, due to the influx in the use of video conferencing apps, hackers have been able to grant themselves administrative privileges that allow infiltration of online meetings and learning. There have been reports of work- meetings, online learning and family gatherings being infiltrated by users who are able to control these meetings. Thirdly, the lack of I.T support becomes evident if a home laptop gets infected. This is hardly an issue in an office environment as the on-site I.T liaison can respond. In a home environment, with no direct I.T support, a potential data breach can last longer, which in-turn can further compromise a system. Password Attacks are a commonly used attack approach. The process used to do this is called “sniffing”. A password sniffer is a software application that scans and records passwords that are used or broadcasted on a computer or network. An attacker will “sniff” a network connection to try obtain passwords that have not been encrypted. Another method of obtaining a password is through social engineering. Social engineering is psychological manipulation technique that tricks people into giving out sensitive information. And finally, eavesdropping. Eavesdropping attacks are done through interrupting network traffic. By doing this, sensitive information such as passwords, card numbers, personal contacts and emails can be obtained. There are 2 methods of doing this. Passive eavesdropping is where the hacker captures all network traffic for analysis. Active eavesdropping involves using malware to infiltrate a system through spoofing. The attacker can then manipulate data and disguise himself as a member of the party involved. The above mentioned attacks pose a direct threat to video conferencing applications that have been primarily used when working remotely. One theory is that apps such as Zoom, Teams, Google Meet and other video conferencing applications suddenly became so popular in a short period of time, that the engineering team behind these apps have not had sufficient time to analyze their security measures. Up next we take a look at the increase in fraud, examples of fraudulent activity and what can be done to mitigate this. According to Coveware which is a global ransomware remediation firm, Coveware calculated that the average ransomware payment in Q2 of 2020 was $178,254. A 60% increase from Q1 of 2020. For those who might not be familiar, Ransomware is a type of malware that encrypts a system and user files and prevents access until a ransom is paid and is the number one method of how fraud takes place. An example of ransomware was the WannaCry attack of May 2017 which targeted work-stations using the windows operating system. Over 200,000 computers across 150 countries were attacked. Fraudsters have been using the covid-19 health crisis for their own personal benefit. For example, viral messages on Whatsapp that ask for donations, fraudulent emails impersonating members of health departments and the creation of websites claiming to sell products that prevent a person from contacting covid. However, there are precautions a company can take in order to protect their system. This can be done through a penetration test and a vulnerability assessment. A penetration test is a simulated attack on a computer system or a network. This is performed to test and evaluate the overall security of a system. A vulnerability assessment is a methodical approach that is used to review the security weaknesses in an information system, a network, hardware and software, and taking active steps in remediating the vulnerability. Once the above mentioned tests are completed, a report is shared containing steps to mitigate security risks. A penetration test and vulnerability assessment satisfies some of the compliance requirements for security auditing procedures such as S.O.C 2. S.O.C 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, compliance is a minimal requirement when considering a software as a service provider. Thank you for your attention. Stay safe, stay secure and stay vigilant. You may contact R.S.M Eastern Africa through either of the platforms shown.