Cybersecurity for CPAs: Phishing through the cracks

As accounting firms are increasingly targeted with cyber attacks, cybersecurity has become essential for every professional. Between data breaches, phishing attacks and malware, criminals are increasingly going after the sensitive financial data held by accountants. The modern accountant, then, must take their cyber defenses seriously for the sake of themselves and their clients.

With this in mind, we present the latest edition of our monthly series, Cybersecurity for CPAs. This regular feature will bring you the best cybersecurity stories from Accounting Today, as well as lessons drawn from real-life cybersecurity incidents, plus stats and charts to help you better understand the current landscape. It's our hope that readers will be able to use the news and insights offered in this feature to make their own firms safer in an increasingly dangerous world.

For last month's Cybersecurity for CPAs, click here.

Cybersecurity Tales: Phishing through the cracks

p1afk42fia1lbclrlc9qv84qpe8.jpg
E-mail symbol printed on a piece of paper hooked on a fishing hook. Phishing and data protection concept.
Ivelin Radkov/Ivelin Radkov - Fotolia
This month's tale involves a major accounting and business software company that, among many other services it offers, even provides cybersecurity guidance. This did not stop it, however, from falling victim to a ransomware attack that cost millions in cash and disrupted operations for both itself and its many clients. 

The attack, initiated via a phishing exploit (a very common technique), involved exploiting the built-in functionalities of a client's systems: the attackers targeted an employee with privileged credentials, who unwittingly provided them with extensive access and control over the network. Once the attackers were in, they were able to encrypt every computer, server and network file share, which effectively ground down the entire company's operations to a standstill. 

Not wanting the infection to spread, once the company became aware of the issue it immediately shut down service to a wide array of platforms and applications, a move that served to disrupt operations for not only themselves but the numerous accounting firms that relied on them. 

Still, the attackers knew they had the company in a vulnerable position. They demanded a kingly ransom from the firm's leaders. Faced with the intense pressures to resume operations as soon as possible, management reluctantly took the step of paying the ransom. While they were able to negotiate the figure slightly downwards, the entire incident still cost the company millions of dollars. This amount included the costs for remediation efforts and the payment of the ransom.

This real life example was brought to you by Show Up Show Out Cybersecurity, founded by former MMA fighter Sedric Louissaint. "The incident highlighted the vulnerability of accounting firms to such attacks and the need for robust cybersecurity measures, including regular data backups, system updates and patches, and employee training on recognizing and avoiding potential cyber threats," he said. "Accountants and accounting firms face a broad array of cybersecurity challenges. To mitigate these risks, they should have a comprehensive cybersecurity strategy that includes regular risk assessments, data encryption, network security, employee training, and an incident response plan."

May's top cybersecurity stories

U.S. gets middling rank in cybersecurity; Belgium No. 1 - The U.S. is not number one for cybersecurity. It's not even in the top 10. Worldwide, it ranks, with a score of 69.94, number 44 — not terrible, but not great either. It ranks below Thailand and above Paraguay.

Nevada takes No. 1 spot for cybercrime risk – You are more likely to be a victim of cybercrime in Nevada than any other state.

A stolen payment card number costs just $7 - Stolen payment cards for sale on the dark web are extremely cheap, with the price on the open market averaging only around $7.

Cybersecurity Stat Shot

Top 5 priciest payment card information by country

DENMARK - $11.54
JAPAN - $11.07
PORTUGAL - $11.07
UKRAINE - $11.02
SLOVENIA - $10.83

Source: NordVPN
MORE FROM ACCOUNTING TODAY