Accountants 'very attractive' target for cyber criminals

Today, the Australian Cyber Security Centre (ACSC) released its 2017 Threat Report, revealing that 47,000 major cyber security incidences occurred over the past financial year, a 15 per cent increase from the year before.

Deakin University Centre for Cyber Security Research deputy director, Professor Matthew Warren, said accountants were a prime target because of the level of data they had on hand.

“Accountants would be a very attractive attack group in terms of the fact that they could be defrauded of information about both them and their customers,” said Professor Warren.

Professor Warren also urged accountants to educate their SME clients on the financial toll a cyber attack would have on their business as a motivator to prioritise cyber security.

“A business, for example, with a denial of service attack could cost up to $180,000 to recover from that attack, and if it were affected by malware, it would cost up to $450 to recover from those attacks,” said Professor Warren.

“The average time to recover from a cyber attack was 23 days so again for small businesses it can take a long time for them to recover.

“[Accountants can help] in terms of working with SMEs to develop strategies, to give advice, to help determine return on investments in cyber security, and in terms of giving advice on the systems perspective that SMEs should have in place.”

The ACSC report also detailed how an Australian small business with contracting links to national security projects was hacked in November 2016, leading to a significant amount of stolen data.

“A defence contractor who was an SME, his computer systems were hacked and files stolen which had data of national importance in terms of secret information so it highlights that attackers focus on the weakest link,” said Professor Warren.

“Smaller businesses have limited budgets and resources because they are a smaller organisation, they have a lack of technical knowledge and they have a lack of cyber security awareness in terms of the threats and they don't have any governance processes in place.”

While noting that cyber criminals were getting more sophisticated in their approach, Professor Warren said accountants and SME owners could undertake simple measures to prevent breaches.

Businesses should enable automatic patch ups for their operating systems, ensure that all important data is backed up, use cloud based email systems and data storage, and set up strong authentication procedures for systems, according to Professor Warren.

Professor Warren will be speaking on this topic, and more, at the Institute of Public Accountants’ National Congress in November.