Strengthening Cybersecurity: Best Practices and Internal Audit Strategies
On 3 October 2024, IIA Singapore hosted the webinar titled “Strengthening Cybersecurity: Best Practices and Internal Audit Strategies”, drawing over 200 global attendees. Bernard Tan, Director at ISACA Singapore Chapter, led the session, delivering insightful strategies to fortify organisational cybersecurity frameworks through the lens of internal audit.
Bernard’s presentation outlined the significance of cybersecurity and why protecting organisational assets from cyber threats is more important than ever. He shared several case studies to demonstrate the real-world consequences of cyber attacks and highlighted the purpose behind such attacks, from data theft to business disruption.
The webinar highlighted several key takeaways for internal auditors aiming to strengthen their organisation's cybersecurity posture. Internal auditors must develop a strong understanding of risk management, including the ability to identify and prioritise cybersecurity risks such as data breaches and ransomware. While not required to be cybersecurity experts, internal auditors should have a foundational knowledge of key concepts like data protection, incident response, and vulnerability management, along with an awareness of common and emerging cyber threats. Critical thinking and analytical skills are essential for evaluating the effectiveness of cybersecurity controls and proposing solutions to address potential gaps. Lastly, strong communication and collaboration with IT and cybersecurity teams are vital, as internal auditors must present their findings in a clear manner that enables leadership to act on recommendations while ensuring that the auditing process does not disrupt operations.
The webinar garnered highly positive feedback from attendees, with many highlighting its relevance and depth. One participant noted, "Definitely the best lunch webinar I have attended this year". Others shared that such webinars are particularly useful for internal auditors, offering practical insights that help enhance their understanding of cybersecurity strategies.
