According to cyber security company CrowdStrike, accounting firms are attractive targets for cyber attackers as accountants hold a lot of valuable, personally identifiable data and financial information.
CrowdStrike’s director services APJ, Mark Goudie, said the accounting industry is experiencing “a wave of digitisation” and, with increased digital processes, there is a greater risk of cyber criminals targeting digital assets.
“It is imperative for organisations to have a mature process in place that enables them to respond to threats with speed and agility,” Mr Goudie said.
“Good cyber hygiene includes educating all accountants in the firm on strong password protection, implementing multifactor authentication (including email and remote vendor support), [and] connecting to secure Wi-Fi when working remotely.
“It should also involve ensuring all applications and software are patched and up to date.”
Mr Goudie said cyber attackers use a wide variety of tactics to gain access to a target’s data, from “traditional” email phishing — which can download viruses or ransomware into the system — to “malware-free” attacks which do not install any software on the victim’s machine.
“Attackers who deploy malware-free methods can compromise an organisation in several ways — using stolen credentials, an unsecured device connected to the internet or a system misconfiguration,” he said.
“They can then ‘live off the land’ and steal data from within the organisation’s systems as they blend in with the normal flow of business.
“The newest tactics in use today are email thread hijacking and spam campaigns, which steal content from the user’s email address and can use subject lines to recognise a thread; a reply is then formulated to the thread which drastically increases the likelihood of the recipient opening a malicious attachment or link.”
If a firm is breached
Mr Goudie said if an accounting firm experiences a ransomware attack, private client data could be held to ransom or even outright stolen.
“[This] would result in significant legal and reputational damage to the firm, with recovery costs far exceeding the cost of the ransom,” he said.
“To maximise their return, some of the ransomware gangs now publish stolen data for the companies that refuse to pay the ransom. Therefore, it is crucial for accounting firms to employ proper cyber hygiene and prevention measures that can effectively detect and mitigate threats.”
If a breach has been detected, CrowdStike’s advice is for organisations to concentrate on their ability to preserve, co-ordinate and respond.
Part of the response, according to Mr Goudie, is the “1-10-60 rule”, which says breaches should be detected in under one minute, investigated in 10 minutes, and contained and eliminated in 60 minutes.
“Accounting firms that meet this benchmark are much more likely to eradicate the adversary before an attack spreads across the firm’s entire network and can minimise organisational impact,” Mr Goudie said.
“Upon detection, it is crucial that accountants don’t swiftly disconnect from the affected network so that they can go ensure the evidence of the attack is preserved and log data can be collected.
“Internal communications across the firm must then be coordinated and key players from IT, security, legal, management and public relations must be kept informed of the status of the breach. Each will play a key role in the investigation of the breach and communication with regulatory agencies, the public and affected clients.”