Ransomware Attack Prevention and Controls

Verified

Added on 2020/04/07

AI Summary

This assignment delves into the WannaCry ransomware attack, considered one of the largest in history. It examines the malware's spread, impact on various sectors, and exploits vulnerabilities in older Microsoft Windows systems. The assignment further emphasizes the importance of implementing robust security controls to mitigate future ransomware attacks. These controls encompass application, general, physical access, and compliance measures designed to protect organizational data and assets.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: PROTECTION OF A FIRM’S ASSETS; INTERNAL CONTROLS 1
A Report on the Protection of Motherboards and More Pty Ltd.’s Assets (Data and Resources)
Through Effective Internal Controls:
(To the CFO Motherboards and More Pty Limited)
By
(Name)
Institution:
Tutor:
Date:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

PROTECTION OF A FIRM’S ASSETS; INTERNAL CONTROLS
Executive Summary
The report seeks to analyze the internal control weaknesses in the firm and suggest possible
solutions to safeguard the firm’s assets. Motherboard and More Pty Ltd.’s revenue cycle is laced
with inherent weaknesses in internal controls such as lack of segregation of duties, lack of
transaction supporting documents, lack of stock takes, and excessive sale on credit with no precise
credit sale policy. Such weaknesses pose grim weaknesses to the firm increasing the risk of fraud and
occasioning the loss of goods and delay in customer deliveries witnessed in the firm coupled with
high bad debts. Implementation of checks and balances, segregation of duties, and regular stock
takes would cushion the firm against future loses. As a second part, the paper suggests possible
application and general controls to prevent a ransomware attack in the firm as witnessed in the recent
ransomware attack. Such controls include but not limited to integrity and validity checks, input
controls, firewalls security, encryption, physical access control, and compliance with the internal IT
controls. The suggestion though does not provide a one-stop shop solution would provide a
reasonable security against future possible losses and threats.

PROTECTION OF A FIRM’S ASSETS; INTERNAL CONTROLS
Table of Contents
Executive summary................................................................................................................................2
Overview of the revenue cycle...............................................................................................................4
Internal control weaknesses, their impact, and possible solutions.........................................................4
Overview of the Ransomware attack....................................................................................................5
Appropriate controls to protect the firm from a potential Ransomware attack......................................5
Conclusion..............................................................................................................................................6
References..............................................................................................................................................7

PROTECTION OF A FIRM’S ASSETS; INTERNAL CONTROLS
Overview of the Revenue Cycle
The revenue cycle is initiated by the receipt of a customer’s order via the company’s website,
email, or telephone; after which, a picking ticket is generated. Goods are then picked against the
picking ticket and customers order and packed while generating a packing slip. It’s after this step that
the goods are ready for delivery and a sales order is generated. The delivery goes along with a bill of
lading. Invoicing then proceeds after the shipment of goods to the customer and according to the
shipment details after which the firm recognizes a liability for the goods sold on credit. From here
on, the cash collection begins where the customer may pay in cash or bank and according to the
terms of trade where a discount of 2% is offered for any payment made within three days. Amount
received in cash is then deposited to the bank. While all this is happening, the shipping department
also receives incoming deliveries from suppliers.
Internal Control Weaknesses, their Impact, and Possible Solutions
Internal controls weaknesses Impact of the weaknesses Possible solution
Lack of segregation of duties:
Use of the loading dock for
both the outgoing shipment to
customers as well as incoming
deliveries.
It increases the risk of fraud,
intentional manipulation,
unexpected error leading to
loss of goods, and delays in
delivery of goods to customers.
Besides, it weakens other
control procedures such as
physical checks.
The firm should implement
different docks for receiving
incoming deliveries and
issuing outgoing shipment.
This will enable a system of
checks and balances where the
two departments will check
against each other and reduce
the risk of fraud
Placing of orders without the
authenticating (supporting)
documents
Without legally binding source
documents it’s impossible to
defend a transaction. This has
led to customers denying
ordering and receiving goods
since there exist no source
documents to authenticate the
orders.
The firm should implement a
system where there has to exist
physical source documents
such as orders, delivery notes,
and bills of lading. Such
documents are legally binding
and make it impossible for
customers to deny deliveries
made.
Delivering goods without an
invoice.
That is, generating an invoice
after shipment.
Customers receiving the goods
without the delivery note and
invoices have led to them
denying receiving the goods
later which has led to most of
the credit sales being written
off as uncollectible
All deliveries should be
accompanied by both the
delivery note and an invoice.
The invoice should be
generated after the packing
according to the packing slip
and before delivery.
Upon receipt of the goods, the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

PROTECTION OF A FIRM’S ASSETS; INTERNAL CONTROLS
customer should sign both the
delivery note and the invoice
which immediately creates a
legally binding liability.
Lack of physical controls;
Failure to take stock counts for
two years
Failure to take stock counts
have led to the loss of goods
witnessed in the firm due to
possible fraud and theft by the
employees, failed deliveries,
and delivery of the incorrect
amount.
The stock is a very sensitive
item must be well guarded
(Mary, 2017). The firm should
institute a policy where
physical stock counts happen
on a monthly basis or after a
fortnight after which stock,
suppliers’, and shipping details
should be reconciled to check
against any loss of stock.
Making all sales on credit with
no precise credit sale policy
Credit terms increase the risk
of bad debts.
The firm should consider
selling some of the items on a
cash basis or instituting a
policy where a certain
percentage of the invoice
amount is paid either on order
or delivery.
Overview of the Ransomware Attack
Described by F-Secures' (a cybersecurity company) Chief Research Officer, Mikko
Hypponen, as the biggest ransomware outbreak in history, the malware locked computers thus
preventing access and demanded ransom from the victim if they were to gain back the access to the
computers. The malware which spread to several computers across the world owed to a self-
replicating software which took advantage of the vulnerabilities/weaknesses and bugs in the older
version of Microsoft Windows and organizations using such widows found themselves the greatest
victims (Moore and David, 2017). The most affected organizations were hospitals, large firms, and
government agencies. The cyber extortionist duped their potential victims into opening the malware
purportedly attached in their spam email as either orders or invoices. Several firms yielded to the
trick and the extortionists' ransom demands although it remains unclear on how many firms did so.
Appropriate Controls to protect the Firm from a Potential Ransomware Attack.
Application
controls
Validity checks
Configurable controls Such controls are defined at the system
generation point
Completeness and validity
checks
They check data being entered for validity and
completeness (Moore and David, 2017)

PROTECTION OF A FIRM’S ASSETS; INTERNAL CONTROLS
Authentication controls These controls provide an application system
authentication mechanism
Input controls They serve to ensure that data integrity feeds
into the system only from upstream sources.
Forensic controls They ensure scientifically correct data
General
controls
Backup and recovery
procedures
To ensure the firm’s operation run continuously
Integrity checks Checking that email and other data come from
secure sources
Encryption Coding of the firm’s data to ensure they are
unreadable by other sources
Physical access controls To prevent unauthorized access to both the
hardware and software including emails
Virus and malware scanning Scanning the computers for malware which
might cause loss of data
Firewall security To protect the firm’s internet and data from
external threats
In-depth white-listing and
blacklisting
Blocks unknown and unwanted applications
and installation of apps from unknown sources
Compliance with internal IT
policies
Such policies may limit usage of application not
supported by data loss prevention
Conclusion and Recommendations
The internal control weaknesses of Motherboards and More Pty Ltd pose a huge risk of fraud
and massive loss of revenue for the firm. As such, it is necessary to implement several internal
controls to safeguard the firm's assets and deter fraud in the firm. Besides, given the alarming rise of
cyber-attacks on organizations, it is advisable for the firm to implement several applications and
general controls to prevent loss and corruption of its data in future.

PROTECTION OF A FIRM’S ASSETS; INTERNAL CONTROLS
References
Mary, A. (2017). “Impact of effective internal controls in the management of Mother and Child
Hospital Akure, Ondo State”, Journal of Finance and Accounting 5 (1): 61-73
Moore, T., and David, P. (2017). “Special Issue: Strategic Dimensions of Offensive Cyber
Operations”, Journal of Cybersecurity 3(1): 2057-2093

1 out of 7

Ransomware Attack Prevention and Controls

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Cybersecurity and Revenue Cycle Analysis

Internal Controls and Ransomware Prevention

Strengthening Revenue Cycle Controls & Ransomware Protection

Mitigating Ransomware Attacks in Business

Enhancing Operational Efficiency and Security at Motherboards and More Pty Ltd

Ransomware Attacks: Prevention and Control

+13062052269

info@desklib.com