4/12 - The IIA, in response to an attempted ransomware attack discovered the week of November 22, made the prudent decision to immediately take our websites and other interconnected systems offline. This was done to protect the integrity of the entire system and safeguard all data, including that of members and customers.
While the decision to go offline may have created a disruption in services to members and customers, we are increasingly confident that:
- Our actions successfully blocked any attempt to further access our systems; an
- Member, customer, and other data was not compromised.
Cyberattacks can occur anytime, anywhere. No organization is immune. That’s why, even with extensive safeguards already in place, it was crucial that we thoroughly review and analyze all of our systems.
- This is a time-consuming but absolutely mission-critical process.
- A cyberattack such as this one can leave hidden vulnerabilities.
- Protection and the integrity of our systems and websites are our top priorities.
Our actions before the attempted attack and since are proactive and reactive, and involve internal and external expertise in the fields of cyber security and forensics.
- Incident Response Plan encouraged/supported quick mobilization.
- We believe sophisticated firewalls and other safeguards that were already in place averted a more serious intrusion of mission-critical systems and data.
- In response to the attempted attack, we began a thorough 24/7 scan of our systems, checking carefully for any potential or hidden vulnerabilities, and adding additional safeguards.
During the outage, we immediately began reviewing customer-critical services, including exam and training schedules, to fully understand the impact on those who rely on these important services.
- Our priority in this area was to communicate as soon as we were able and offer information about possible options, including rescheduling of exams.
- Due to the investigation, initial information was limited to guard against further harm.
Online exams originally planned for 25-30 November are being rescheduled, with registrants notified directly.
- There was no impact on exams scheduled at test centers
- Online exams scheduled from 1 December forward are occurring as planned.
- If someone was scheduled to take an exam during this period and has not yet received a communication about rescheduling, they should contact our service provider Pearson VUE directly at www.pearsonvue.com/iia/contact.
- We have extended the deadline to take the CIA Challenge exam to 31 December 2020.
Online training sessions currently scheduled are occurring as planned.
We are pleased to report that more of our websites are coming back online every day, with nearly a dozen areas fully restored, including:
An up-to-date list of restored sites with links can be found on our website maintenance page at www.theiia.org and www.globaliia.org. It is further updated as new areas are brought online.
We know how important it is for all our members and customers to have 24/7 access to IIA services and products, that’s why we are working round-the-clock to bring every website and supporting system back online as quickly as possible.The IIA is fully committed to providing a secure and well-monitored system for all member and customer engagements. Thank you for your understanding and patience. Further questions should be directed to IIA HQ Customer Relations: CustomerRelations@theiia.org.
2/12 - I would like to update you about our recent website outage and thank you for your patience and understanding.
Last week, we put all websites into “maintenance mode” after receiving automated system alerts of an attempted ransomware attack. While the decision to go offline may have created a disruption in services to members, we are increasingly confident that our actions, combined with our existing firewalls and other safeguards, successfully blocked any attempt to further access our systems and that member, customer, and other data was not compromised.
Those existing security systems and procedures, including a fast response from our IT team, quickly isolated the situation and averted any serious harm. However, we want to ensure a safe and secure environment for all users, not only now but going forward. That’s why we have taken the opportunity, while our systems have been down, to conduct thorough and repeated system scans for any vulnerabilities and also to implement additional safeguards at the recommendation of cyber security and forensic experts, to assure a comprehensive approach to the situation.
This morning, after numerous scans and analysis, we began bringing up certain systems, including:
- The IIA’s Certification Candidate Management System (CCMS)
- OnDemand Training
- International Conference 2020 OnDemand Sessions
- IIA Bookstore
- New-user registration and password reset
Additional services will be brought online over the next few days, including full restoration of our websites. We are providing direct links to restored services on our website maintenance page at www.theiia.org and www.globaliia.org.
The impact of the outage, I’m sorry to say, did mean the postponement of certain testing and training programs. Those previously registered for exams during this period will be contacted to reschedule at no cost and we have extended the testing window through the end of the year. If someone was scheduled to take an exam during this period and has not yet received a communication about rescheduling, they should contact our service provider Pearson VUE directly at www.pearsonvue.com/iia/contact.
We know how important it is for you to access IIA services and products. We are committed to providing a secure and well-monitored system for all member and customer engagements. Again, thank you for your understanding and patience.
Richard F. Chambers CIA, QIAL, CGAP, CCSA, CRMA | President and Chief Executive Officer | The Institute of Internal Auditors
30/11 - We want to provide an update on the status of IIA websites and integrated systems. As you know, we temporarily took down our websites and other systems for important maintenance. While we had hoped to bring everything back online quickly, we have elected to use the opportunity to also upgrade system security and select applications to ensure the continuation of a safe and secure environment for our operations and for our members and customers. We know this may be an inconvenience for you and your members, but as a 24-hour, global organization, we also know there is no optimal time for such work. Our priority is to minimize the interruption as much as possible.
Because of how our systems are integrated, certain services also are interrupted by the outage, including the Certification Candidate Management System (CCMS) and Institute Center. Online exams originally planned for 25 November through 29 November are being rescheduled, with registrants notified directly. There is no impact on the exams scheduled at a test center. Online training sessions currently scheduled for the week of 30 November will occur as planned, with attendees providing access information.
We apologize that we are unable to provide a firm date for when systems will be restored, but we will keep you posted.
26/11 - The IIA is currently experiencing technical issues affecting all of our websites, CCMS and other platforms. This has prompted us to place certain sites in “maintenance mode” and may affect scheduled online exams. Rest assured, our IT team is working diligently to resolve the problem and restore all sites as quickly as possible. The following IIA systems and websites are affected: