Accountants are a prime target for Cybercriminals

Introduction

Cybersecurity must become a higher priority for accounting firms, they underestimate the threat they face from cyber-attacks, believing that high profile financial organizations are the more obvious targets.

Tax time comes annually, and at different times for Businesses than for individuals. Some of the attacks are focused on the On-Line Tax services, and other cybercriminals focus on attacking Firms directly. Accounting firms are a prime target for cybercriminals because they serve a large number of businesses as well as individuals. Breaching a single firm can amass several hundred clients of the accounting firm’s private information.

Accounting firms are subject to some key fundamental security requirements; the first is ensuring the integrity of their own internal cybersecurity posture to look after their own and their clients’ data, and secondly, ensuring that they can offer their clients a level of insight into their abilities to prevent cyber-attacks and cyber fraud through auditing. Most importantly, employing an MSP or using an annual scan is not effective in stopping these attacks.

The threat landscape

The threat landscape is now relatively well known. Accounting firms are routinely being targeted by cybercriminals and from multiple angles. The threat actors include:

⦁ Nation-states (government backed cybercriminals)
⦁ Organized Cybercriminals
⦁ Hacktivists
⦁ Insider threat - Malicious Intent, Incompetence, Negligence
⦁ Script kiddies

Cybercriminals employ a variety of methods of attack that range from phishing and social engineering to exploitation of network or system vulnerabilities.

 

Evidence shows the greatest threat to these organizations, and those in the financial sector comes from their employees within the organization – the Insider Threat. Whether malicious or unintentional, the Insider Threat can provide a path for criminals to complete a successful data breach or attack on a personal network. An employee may fall for a targeted phishing email and accidentally download malware on to the IT systems of their organization.

IT Security Solutions was called onsite to investigate and protect an accounting firm that had a breach of the Computers and Tax information for many of its companies expecting a refund. The cybercriminals exploited the Cell Phone and Laptop of the firm’s Partners, giving the cybercriminals access to the Cloud-based Software solution which was being used to file the tax reports.

Focus on the Managed Service Providers

The Accounting firm utilized multiple Managed Service Provides to keep the equipment running and file the tax returns electronically. While the MSPs provided a service to the accounting firm, they were unable to protect the firm from the unseen cybercriminals.

The IT MSP and insurance company brought in an organization from Chicago to investigate the break-in. After several reviews of finding nothing, the cyber organization declared that the accounting firm was free of Viruses! While the owners of the company thought that this was a victory, we quickly demonstrated that the business was not free of cyber threats.

The ITS Safe™ security appliance immediately found malicious activities that started before the attack, which included access for the cybercriminals to the computers inside the network as well. Additionally, we were able to identify access from over 36 countries, already inside the network. All of these unwanted connections were stopped immediately after connecting the ITS Safe Security Appliance to the network.

What went wrong?

Many of the activities in the Accounting firm seemed to indicate that the Insurance plan and using outside services would benefit and protect them. This didn’t happen, as the firm expected. The Insurance did not find the original problem, they only paid investigators that checked the box using tools that did not fond or correct the problem.

The MSP helped the organization maintain the computers, but lacked a definite understanding of what cybersecurity is, and how to do it well. Multiple failures in logging may have identified that an issue occurred, but they were not prepared to stop or block the cybercriminals from getting what they wanted (the firm’s clients, and their money).

Because the firm also permitted the partners to use their Cell Phones on the firm’s WiFi, the traffic from the infected Cell Phones had another pathway into the network. Even with Logging turned on, the MSP would have never seen the threat of the activities to get inside the network.

Deferring the responsibility did not work here, the accounting firm suffered significantly from the breach, the lost clients, and respect from existing clients. Financially they also lost due to expenses incurred for the breach which the Insurance did not pay as well. Even though the IRS recovered the refunds, the loss of reputation which was built is the hardest thing to earn back.

All told they were expecting to pay out more than $100,000.00 in the first year. This did not include all of the clients they lost due to the data breach.

ITS Safe™ Detects, Protects and Destroys Intruders.

Cybersecurity must become a higher priority for accounting firms. In an increasingly complex and digital world, the cyber threat is growing and targeting businesses of all sizes. To lessen the likelihood of successful cyber-attacks against themselves and their clients, firms need to identify when cybercrime is happening. In IT Security Solution Executive’s experience, firms that raise their understanding and awareness will be in a better position to mitigate against these cyber risks.

The nest way to raise their understanding and Awareness it to display the security Dashboard of the ITS Safe security appliance so that everyone can identify the current security of the firm at the moment. When everyone is a member of the security team, everyone wins.

IT Security Solutions, Inc. is a technology company with 25+ years of cybersecurity domain expertise catering to businesses of all sizes. The solutions offered range from technology security audits and penetration testing to continuous network scanning. The company recently launched ITS Safe™, a proprietary managed security solution that detects the cybercriminals inside the network - the largest IT security challenge facing businesses today. The ITS Safe platform is an in-line tool that augments your existing infrastructure thereby eliminating switching costs while adding another layer of security. The Company’s mission entails protecting clients and vulnerabilities so they can focus on what they do best - growing and managing their day-to-day business. Contact us today to eliminate the cybercriminals inside your network, and protect your business from the costs of data breaches.

Request a Schedule For Free Consultation