Defusing the threat of ransomware through internal controls : an analysis

Abstract

Purpose: This research set out to assess whether Maltese entities have the appropriate controls in place to prevent ransomware. Thus this study aims to establish the internal control mindset in Malta and whether this mindset is implemented in IT in order to prevent or mitigate the impact of ransomware. Design: Sixteen interviews were conducted with entities from various backgrounds to explore varying degree of internal control mindsets, and thus different IT control policies. Findings: The findings indicate that Maltese entities give extensive importance towards internal controls. It also became apparent that entities established their own set of controls based on recognised frameworks adjusted to their needs, something that academics consider very important. Moreover, all participants seemed to have proper IT controls in place that are presented in literature as the most useful to prevent/mitigate ransomware. Conclusions: Although the mentioned findings were made and the general situation is positive, there are still some areas where improvement is possible, such as, better training to employees and better communication of controls. Value: Considering that ransomware has become a massive cyber attack with returns being reported to have exceeded $1billion in 2017 alone, it is important that possible safeguards are identified. Although there is already literature suggesting what controls should be in place to prevent/mitigate ransomware, the Findings of this study confirm such controls and it was also possible to identify certain areas of improvement, as presented in the Conclusion section.