• Register
Return to: Home > Comments > The dark undercurrent that lies within accountancy

The dark undercurrent that lies within accountancy

Miles Tappin, VP of EMEA at ThreatConnect, explores the growing threat that cybercriminals pose to accountancy firms, and how the industry needs to unite to build an effective cybersecurity defence strategy


Across the accountancy sector there is a drive to modernise and benefit from the rise of new technologies from artificial intelligence to big data.

Increasingly, accountancy firms are exploring ways to use these new technologies to reduce the time spent on manual data-entry tasks so they can offer more consultative services. For example, by automating payroll functions, accountants can focus on offering more strategic services such as forecast modelling and cashflow predictions.

However, it is becoming clear that the pace of technological change is a double-edged sword: it enables innovation and change, but it is also a most destructive force and gives opportunistic cybercriminals new attack vectors.

Accountants are one of a business’s most trusted advisers, responsible for holding large amounts of private data on everything from a company’s financial performance to payroll data and M&A activity. As a result, they hold a goldmine of information that is attractive for cybercriminals – anything from intelligence about an upcoming merger and acquisition that can be used for financial gain to the taxation records of large corporates and high net worth individuals that can be sold to media outlets.

No room for error

The challenge for the accountancy sector is that there is fierce competition between lots of different firms that all use similar software. If a criminal finds a vulnerability that can be exploited, they have lots of potential victims.

For mid-sized firms the risk is even more pronounced. Without large security operations in place, keeping pace with the fast-changing technical developments, policies and procedures can be a challenge. Adversaries are getting smarter, scams are becoming more convincing and the global pandemic means workforces are dispersed, making it more difficult to ensure normal security practices are being observed.

To reduce complexity and simplify decision making, financial organisations need to unify processes and technology to harness the security intelligence that comes from across their own security programmes and external sources to drive down risk.

A sense of unity

No firm can tackle the problem alone. Experienced threat actors using advanced techniques are constantly targeting the accountancy sector, so the industry needs to come together as a whole to foster a sense of collaboration and data sharing.

There is a wealth of information available from accountancy bodies, such as Action Fraud, the Fraud Advisory panel, the National Crime Agency and HMRC that offer advice on suspicious trends and scams that are being seen. Accountancy firms need to share intelligence on the threats and hazards they are seeing with other firms, industry groups, government agencies and other relevant authorities, to build industry specific insights into cybersecurity threats and quickly pivot to gain more information on those specific threats and threat actors. By working together, a picture can be painted on threats coming from all manner of malicious activity, from malware and ransomware to phishing and software vulnerabilities.

Breaking down barriers

Having the right intelligence is not enough to ensure that intelligence is turned into action. Breaking down information and process silos across teams allows organisations to analyse and act on the most pertinent information. Everyone has access to the risk and threats that matter most, and orchestration and automation of response helps overwhelmed firms to prioritise response plans and improve efficiencies in their security programme.

Integrating internal security tools and technologies, while also connecting to external sources of intelligence, creates a single source of intelligence that feeds operations and enables organisations to direct action against the threats that matter most. The outcomes of those actions further feed intelligence, providing the ability to further refine the efficacy of the entire security lifecycle.

This approach provides a continuous feedback loop for the people, processes and technologies that make up the security programme. It also allows businesses to keep up with threat actors that are constantly adapting their methods to profit at the expense of others – something that will not stop anytime soon.

Ultimately, accountants have a responsibility to their clients to be vigilant of new and emerging risks in a digital age. Where cybersecurity used to be a classic back-office concern, it now needs to become a central part of IT strategies and a key pillar of both reputation and customer retention. Legislation, the cost of crime and the risk of reputational damage that a breach poses leave no room for failure.

Top Content

    HONG KONG NATIONALS: UNDERSTANDING VISA AND TAX WHEN MOVING TO THE UK

    Over 2 million Hong Kongers learned recently that they may soon be offered a route to UK citizenship following China’s introduction at the end of June of its controversial Security Law in the territory.

    read more

    SASB IMPLEMENTATION SERIES: COMMUNICATING ESG TO MAINSTREAM INVESTORS

    As part of a series of webinars, the Sustainability Accounting Standards Board (SASB) took a closer look at how to communicate ESG initiatives and progress to mainstream investors

    read more

    REPORTING AND COMPLIANCE: WHY WE NEED A DATA REVOLUTION

    Commerce no longer adheres to national boundaries: the largest international organisations to the smallest businesses operate in a global market. However, rules for corporate reporting and compliance do adhere to borders, write IMA’s Jeff Thomson and Liv A Watson

    read more

    CORONAVIRUS TIMELINE: REACTIONS FROM THE ACCOUNTANCY PROFESSION

    As the Coronavirus (COVID-19) continues to spread across the world, the International Accounting Bulletin and The Accountant will be collating all the latest news and updates from the profession on the pandemic’s impact.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.