Seven cyber threats to CAs
The threat of cybercrime is ever present and constantly evolving.
Every year we see more high-profile companies falling victim to hackers, and new types of cybersecurity threat emerging.
You can find out how to prevent your company from coming under attack by attending the ICAS Conference 2017 on 20 September, in the meantime, here are the main cyberthreats that accountants need to be aware of:
Phishing (techniques using emails or a website to trick people into giving criminals bank account details or paying them money) is one of the most common types of cyber-attack. It can involve hackers and criminals impersonating clients of a business and requesting a payment.
Forty-three per cent of financial services organisations experienced phishing attacks in 2016, according to PwC’s Global State of Information Security survey.
2. Software attacks as a service
It’s getting easier to carry out cyber-attacks. Criminals can buy ready-made malware (malicious software such as viruses, worms and “Trojan horses” designed to damage a computer system) and DDoS (distributed denial of service) attack packages online on the “dark web”.
3. Malware that exploits software vulnerabilities
“Zero-day” cyber-attacks exploit a previously unknown security vulnerability in a software product. (They are called “zero-day” because there is no forewarning of the vulnerability and no time for the software’s author to fix it.) Malicious programs can attack by targeting vulnerabilities in your operating system and applications, says Ali Kennedy of Sophos, which makes security software.
4. Data loss through carelessness or bad luck
Losing a USB stick containing customer details, having a laptop stolen while out of the office or accidentally emailing a confidential file to the wrong recipient can result in fines and damage to the reputation of a business, says Ali.
5. Data privacy: the risk of fines
The latest data privacy rules, GDPR, present a new challenge for businesses – and an opportunity to ensure their house is in order. In May 2018, GDPR in the European Union will apply in the UK, giving people more control over personal information held on them by organisations.
6. Identity fraud
Identity fraud is a growing problem. A record 172,919 identity frauds were recorded in 2016, more than in any other previous year, according to Cifas, a not-for-profit organisation that aims to help prevent fraud.
Cybercrime is becoming more aggressive and confrontational, with an increase in the use of extortion, according to the National Cyber Security Centre and National Crime Agency.
“Ransomware” is the most common type of extortion. This can typically involve malware that encrypts the victim’s files and a demand for money before the decryption key is released.
Ransomware sometimes uses “locker” techniques that prevent the downloading of decryption tools. Alternatively, some variants copy and extract the files, and then delete the originals.