The U.S. Intelligence Service puts cyber crime as the number one threat that we face, moving past terrorism. In 2014, 39% of all cyber attacks affected financial institutions compared to 17% found in other industries, according to professional consultancy group, PwC.
These financial institutions include banks, mortgage lenders, insurance companies, and brokerage firms. A recent report by the AICPA (American Institute of Certified Public Accountants), the world’s largest member association with over 400,000 members representing the accounting profession, has identified the top five cyber crimes that CPA’s should be aware of.
Tax Refund Fraud: All a cybercriminal needs is a name and Social Security number in order to go through with his crime. This information can be accessed by either purchasing on the black market, e-mail phishing, or social engineering. The cybercriminal can then fill out the tax return and generate a large refund. The ACIPA encourages CPAs engaged in tax work to assess their privacy and security policies, and establish internal controls to keep client data secure.
Corporate Account Takeover: This is the most stealthy and costly type of attack. An electronic funds transfer such as ACH (Automated Clearing House) fraud or wire transfer fraud involved three key steps.
Log-in credentials are acquired illicitly. It may come as an email attachment or file transfer. When the user allows this malicious program to be downloaded and executed, the cybercriminal moves onto the next step.
Now that the cybercriminal has access to the victim’s computer, they can avoid the bank’s security features, allowing the criminal to move onto their third step.
The cybercriminal can transfer the funds from their victim’s account to an account of their own. A ‘money mule’ may be used to transfer the funds to a protected account, likely overseas and away from U.S. law and jurisdiction.
CPAs can help educate their clients about this type of cybercrime. CPAs in management accounting who hold a key position of responsibility for this kind of fraud must learn the vulnerabilities that come with online banking.
Identity Theft: This is a gateway to other cybercrimes and frauds. Once a criminal has a person’s information, they can financially benefit by the following ways:
- Opening a line of credit
- Purchase goods or services
- Rent or buy a home/apartment
- Receive medical care
- Obtain employment
Identity theft can be tricky because cybercriminals will sit on that information for some time before using it. According to the AICPA, 50% of identity theft goes undetected for at least one month and 10 percent remains undetected for two or more years. Due diligence must be practiced or lawsuits may occur. The AICPA found that ‘forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have laws regarding security breaches of personally identifiable information’.
Theft of Sensitive Data: Businesses may have sensitive data such as unencrypted credit card information, personal information, trade secrets, codes, customer, and employee information that lure cybercriminals. The theft of sensitive data can be costly for businesses, in both financial costs and public-image. Legal fees and increasing security measures are sure to follow.
Theft of Intellectual Property: Intellectual property, includes commercial, copyrighted materials like music, movies and books. These are at risk of being stolen. According to the FBI, preventing intellectual property theft is a priority for its criminal investigative program and they are focusing on theft of trade secrets and product infringements, such as counterfeit parts and other products that threaten safety. AICPA encourages CPA’s to work with their clients on being up to date on privacy and security reviews.
The AICPA encourages financial institutions to focus on earlier detection of cyber crimes by implementing monitoring systems and technologies for cyber security.
Axiom’s solutions come in different sizes and all Axiom solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, give us a call us at (800) 519-5070