REvil – The Importance of cyber-security audits

Few ransomware groups have been as prolific as Russian-based REvil. From stealing the plans for Apple products from supplier Quanta Computer to attacking the world’s largest meat processing company, JBS, resulting in major disruptions; REvil have demonstrated the damage ransomware can cause.

While REvil has reportedly been dismantled by the Russian Federal Security Service, countless threats continue to challenge the cyber security of major enterprises. Rather than waiting for hackers or cyber criminals to act, many companies are proactively performing cyber-security audits to uncover vulnerabilities before they are exploited.

Two of the main goals a company aims for when implementing a cyber-security audit are ensuring regulatory compliance as well as fully assessing if they have the right level of security protections in place. As rogue cyber actors can use any vulnerability to gain access to sensitive company data, any cyber-security audit must include all cybersecurity processes, tools and policies.

“By performing a comprehensive cyber risk assessment, internal audit can present objective perspectives and findings to the audit committee and board members, and use those findings to develop a broad internal audit plan that addresses the areas of cyber risk for the organisation over a single or multi-year audit period,” explains Deloitte in a recent report.

In an effort to eliminate any potential conflicts of interest, cyber-security audits are typically performed by third-party firms, with internal teams also undertaking these services, as long as they are sufficiently independent of who they are reporting to. Cyber-security audits are an increasingly important part of any corporate strategy to combat cyber threats and give IT teams the opportunity to discover potential weaknesses and fix them before cyber criminals have the opportunity to exploit them.