The Background

In August 2023, RSM conducted an internal audit for an industrial manufacturing company in Bangkok. In addition to the operational processes, RSM was also engaged for the internal audit of IT general and application controls such as antivirus software, firewall settings, password configurations, user access review and change management processes.

The internal audit identified lapses including unencrypted hard disks, uninstalled antivirus, lack of follow-up on antivirus warnings and poor server room security. Management had assessed these identified lapses as lower risk and hence did not prioritise rectifying them.

As there was no immediate rectification, the Company was compromised by ransomware two months after the internal audit. Upon investigation, it was discovered this attack could have be prevented if the one of the vulnerabilities had been rectified. As a result of the ransomware attack, the Company had to restore to an older backup version and reinput a month’s worth of transactions.

After completing internal audits for the other ASEAN subsidiaries, RSM reported to the Headquarter that this was not an isolated incident, as similar lapses were identified across other subsidiaries. These recurring lapses in IT practices stem from a weak control environment, particularly the Group IT team's inadequate oversight over the implementation of IT security measures in its overseas subsidiaries. 

Following the ransomware incident, RSM and the Group IT team introduced a self-assessment IT checklist for the overseas subsidiaries to evaluate their own IT control readiness. This new IT checklist incorporated the best practices that RSM had recommended and is currently serves as a baseline for establishing the IT security requirements for the overseas subsidiaries.

 

Five key IT Controls that industrial manufacturing companies should adopt

Drawing from the mentioned checklist, we recommend the adoption of the following IT controls:

IT controls

Recommendations to adopt

Multi-factor authentication

2-factor authentication should be adopted whenever possible, i.e., bank portal or virtual private network access.

 

Firewall, anti-virus and end-point detection and response software

IT should monitor the warning/critical status and investigate if necessary. This software should also be updated as required.

Business continuity planning (“BCP”)

Establish a BCP committee to oversee and ensure IT disaster scenarios are identified and BCP exercises are conducted to ensure staff are well trained in times of cyberattacks.

Data Backup

The backup data server should be located away from the operating server. Backup restoration testing should also be performed regularly.

Disk encryption

Hard disk encryption software should be installed, especially on laptops.

 

Key Takeaways

Cyberattacks have become increasingly frequent, and the damage can be substantial unless companies take the time to enhance their IT security measures against all potential threats. Additionally, a swift response is critical to safeguard against cyber threats effectively and to minimize any losses that the company might incur. With cyber threats constantly evolving, IT control against these threats is an ongoing process that companies need to consistently stay on top of.

To find out more about our Industrial Manufacturing Practice and how we can help, please contact our specialists: