SAIs AND THE CYBERSECURITY CHALLENGE
Penetration testing as a defence mechanism against cybercrime
The increase of information systems has brought with it many new developments to increase the efficiency and effectiveness of business processes. But, it has also brought major challenges. Among the most concerning is the concern of cybersecurity in organisations and government institutions and the threat of cyber-attacks against productivity systems.
In defence against these cyber threats, organisations need cybersecurity expertise to detect, prevent and investigate cyber threats.
One aspect of defensive mechanism in cybersecurity is conducting penetration testing. Penetration testing is the practice of testing a computer system, network or web application to find ‘holes’ or security vulnerabilities that can be exploited by hackers. Penetration testing is generally used to detect the following:
As Supreme Audit Institutions (SAIs), it is our duty to support public sector institutions to stay cyber safe by having the proper cybersecurity measures in place. The importance of this was emphasised during the 2018 AFROSAI-E Governing Board meeting which included several presentations and plenary discussions on the topic of cybercrime and digital disruption.
How can SAIs do this? By having:
It is however still the full responsibility of the public sector institutions to ensure they are safe from cyber-attacks. At the very least, this requires them to ensure that:
Both SAIs and public sector institutions should champion hands-on cybersecurity expertise for ICT professionals to detect, prevent and investigate cyber threats. Penetration Tests without action plans to address vulnerabilities is fruitless. It is therefore critical to track and ensure all actions are indeed implemented.
Article by Chikondi R Pindeni, SAI Malawi
AFROSAI-E has developed several capacity building programmes to support member-SAIs in addressing the challenges of cybersecurity. Among these is the IT Audit Champions Programme, consisting of three modules. For more information, you can contact the AFROSAI-E IT Audit Manager, Fredrick Bobo at firstname.lastname@example.org