The improper access and hijacking of information, the loss or damage of sensitive data, the attacks of hackers and the crash of digital platforms are dangers that companies of the country face day by day, and that according to a BDO study titled Impact of digital security incidents in Colombia, they cause losses of up to four billion pesos due to damage to assets and infrastructure, or penalties, fines and legal expenses.
Regarding this phenomenon and the large losses to which the organizations are subject, Jorge Guillermo Neira Bossa, Senior Advisory Manager of BDO in Colombia, says that prevention and timely detection are the answer, and points out that “nowadays, the IT audit is an obligation, more than a necessity, to avoid the loss of confidentiality of information, the intrusion of third parties into technology platforms, computer fraud, and even the destruction, damage or loss of information of companies.”
These threats are growing due to the implementation of new models and technologies that will necessarily become tools for business use.
According to the 10 technological predictions for 2019 report, published by BDO global, 5G as a new standard, the expansion of blockchain, artificial intelligence, the new European regulations, the change of the political and regulatory environment in the United States, the trade war between China and the US, cybersecurity, digital transformation that is no longer just for systems engineers in companies, training to close talent gaps, and “Coopetition” (Neologism that mixes the words cooperation and competition in the same term to define people or competing companies and at the same time collaborating among them), are already inevitable factors, and in this second semester of the year they will permeate from the personal level to the largest multinational companies in the world as they mature their digital transformation journeys, but at the same time they will be biggest headaches in terms of safety.
According to a study conducted by Colombia’s MINTIC, the Organization of American States (OAS) and the Inter-American Development Bank (IDB), in Colombia more than 60% of the organizations surveyed incurred costs of at least one million pesos for damages related to cyberattacks, while 20% of firms spent between 1 and 15 million pesos, 15% between 15 and 235 million pesos and 5% had to spend values of up to 4 billion pesos, as a consequence of cybersecurity incidents.
According to the BDO expert in Colombia, these “headaches” can be avoided or mitigated with prevention, thanks to two types of IT audits:
“One, a general IT governance audit which reviews aspects fundamentally focused on guaranteeing the security and continuity of the platform from the point of view of the specific controls that have been implemented and their functionality, as well as their relevance to the corporate strategy”.
“The other, a specific purpose audit, aimed at the review of specific aspects, usually required by the client, whether on aspects of processing, integration, access control, confidentiality or authorized personnel, among many other variables”.
Likewise, Neira Bossa affirms that the purpose of these audits is to “define the adequate and necessary controls that guarantee that the information can be accessed only by those who must do it and for the specific processes that are assigned to them, as well as to implement security mechanisms that prevent the access or intrusion of third parties. In the same way, the awareness and culture transmitted to the users of the information, who are in charge of this valuable asset of the companies, is fundamental”.
Finally, BDO in Colombia emphasizes that the IT audit is not only important to maintain the good development of the organization, but to improve its image both internally and externally, to verify and control the use of legal and secure computer platforms and, likewise, to manage operating costs in the different areas involved.