Accounting firms are more likely to come under cyber attack during the end of financial year period, according to one global internet giant.
The high levels of data they hold during the tax season make accounting firms prime targets, said Chris Gibbs, managing director and regional vice-president of Akamai.
“Certified public accountants and accounting firms are increasingly the preferred targets during tax season as they hold a large amount of critical customer data for tax filing purposes,” said Mr Gibbs.
“Government tax websites and tax preparer websites are also under attack by criminals using credential stuffing, knowing that people will choose weak or recycled passwords.”
This increase in cyber attacks is reflected by the Australian Cyber Security Centre recording a 15 per cent increase in ransomware cyber-crime reports in the 2020-21 financial year.
Mr Gibbs said companies needed to review their cyber security because an attack could cause immense harm.
“As we approach the end of financial year companies need to proactively review and shore up their cyber security defences and policies as the impact a cyber attack has on a business can have devastating financial and reputational consequences,” he said.
Mr Gibbs said that the first thing companies need to do when under attack is to ascertain how serious the breach is.
“First determine the extent of the disruption which means verifying whether attackers have compromised the security of your backup systems and whether the malware has spread throughout the entire network,” he said.
“Next, companies need to isolate any affected devices as much as possible to prevent further spread.
“After isolating the infected machines from the network, businesses have some breathing room to figure out how they want to handle the attack and to analyse the ransomware.”
Accounting firms could do three things to shore up their business at the end of financial year, Mr Gibbs said.
The first was to move their company’s security stack to the edge.
A security stack refers to the tools, technologies and platforms that organisations have to protect themselves and the edge was the best place to block an attack.
“This is where threats, users and applications are, and moving the security stack to the edge ensures that attack traffic can be blocked right at its source, preventing access to its target,” said Mr Gibbs.
The second thing was to adopt a zero-trust approach. This meant always verifying an approach, no matter what the location, device or application being used.
Mr Gibbs described this approach as like the secret service.
“The zero-trust approach thinks and acts like the secret service – extremely vigilant, methodically checking credentials before allowing access – even when they recognise the person,” he said.
Finally, accountants should implement a security strategy that addresses internal and external threats so that if cyber criminals got past the first line of defence they would be stopped before reaching any valuable data.
Mr Gibbs said micro-segmentation was one method that companies could use to prevent client data loss.
“Micro-segmentation can play a pivotal role in alleviating the impact of infections that slip through the cracks,” said Mr Gibbs.
“Once advanced threats like ransomware penetrate a network, they start their move, exploring the infrastructure for vulnerabilities and high-value assets.
“Microsegmentation ring fences critical data and systems to prevent or mitigate the damage once an attack has begun.”
Akamai is a global provider of security, content delivery and edge applications, and serverless computing.