In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here’s an excerpt from his latest post:<\/p>\n
Last summer, internal auditors for the city of Atlanta warned officials that their IT systems could be easily compromised if they weren’t fixed immediately. The audit report minced no words, calling out the lack of resources (tools and people) available to address the “thousands of vulnerabilities” and characterizing the situation as a “significant level of preventable risk exposure,” according to media reports.<\/p>\n
The city apparently began to implement certain security measures, but it was a classic case of too little, too late. A ransomware attack \u2014 essentially digital extortion \u2014 crippled the city’s computer network and took many departments nearly into the dark ages of pen and paper. The breach even shut down Wi-Fi service at Atlanta international Airport. Fortunately, critical services such as those supporting emergency responders (and flights at the nation’s busiest airport) were not affected.<\/p>\n