Cybersecurity for CPAs: Phishing through the cracks

This month's tale involves a major accounting and business software company that, among many other services it offers, even provides cybersecurity guidance. This did not stop it, however, from falling victim to a ransomware attack that cost millions in cash and disrupted operations for both itself and its many clients. 

The attack, initiated via a phishing exploit (a very common technique), involved exploiting the built-in functionalities of a client's systems: the attackers targeted an employee with privileged credentials, who unwittingly provided them with extensive access and control over the network. Once the attackers were in, they were able to encrypt every computer, server and network file share, which effectively ground down the entire company's operations to a standstill. 

Not wanting the infection to spread, once the company became aware of the issue it immediately shut down service to a wide array of platforms and applications, a move that served to disrupt operations for not only themselves but the numerous accounting firms that relied on them. 

Still, the attackers knew they had the company in a vulnerable position. They demanded a kingly ransom from the firm's leaders. Faced with the intense pressures to resume operations as soon as possible, management reluctantly took the step of paying the ransom. While they were able to negotiate the figure slightly downwards, the entire incident still cost the company millions of dollars. This amount included the costs for remediation efforts and the payment of the ransom.

This real life example was brought to you by Show Up Show Out Cybersecurity, founded by former MMA fighter Sedric Louissaint. "The incident highlighted the vulnerability of accounting firms to such attacks and the need for robust cybersecurity measures, including regular data backups, system updates and patches, and employee training on recognizing and avoiding potential cyber threats," he said. "Accountants and accounting firms face a broad array of cybersecurity challenges. To mitigate these risks, they should have a comprehensive cybersecurity strategy that includes regular risk assessments, data encryption, network security, employee training, and an incident response plan."

U.S. gets middling rank in cybersecurity; Belgium No. 1 - The U.S. is not number one for cybersecurity. It's not even in the top 10. Worldwide, it ranks, with a score of 69.94, number 44 — not terrible, but not great either. It ranks below Thailand and above Paraguay.

Nevada takes No. 1 spot for cybercrime risk – You are more likely to be a victim of cybercrime in Nevada than any other state.

A stolen payment card number costs just $7 - Stolen payment cards for sale on the dark web are extremely cheap, with the price on the open market averaging only around $7.

Top 5 priciest payment card information by country

DENMARK - $11.54
JAPAN - $11.07
PORTUGAL - $11.07
UKRAINE - $11.02
SLOVENIA - $10.83

Source: NordVPN