• Register
Return to: Home > Comments > The dark undercurrent within accountancy

The dark undercurrent within accountancy

Miles Tappin, VP of EMEA at ThreatConnect, explores the growing threat that cybercriminals pose to accountancy firms, and how the industry needs to unite to build an effective cybersecurity defence strategy

Across the accountancy sector there is a drive to modernise and benefit from the rise of new technologies from artificial intelligence to big data.

Increasingly, accountancy firms are exploring ways to use these new technologies to reduce the time spent on manual data-entry tasks so they can offer more consultative services. For example, by automating payroll functions, accountants can focus on offering more strategic services such as forecast modelling and cashflow predictions.

However, it is becoming clear that the pace of technological change is a double-edged sword: it enables innovation and change, but it is also a most destructive force and gives opportunistic cybercriminals new attack vectors.

Accountants are one of a business’s most trusted advisers, responsible for holding large amounts of private data on everything from a company’s financial performance to payroll data and M&A activity. As a result, they hold a goldmine of information that is attractive for cybercriminals – anything from intelligence about an upcoming merger and acquisition that can be used for financial gain to the taxation records of large corporates and high net worth individuals that can be sold to media outlets.

No room for error

The challenge for the accountancy sector is that there is fierce competition between lots of different firms that all use similar software. If a criminal finds a vulnerability that can be exploited, they have lots of potential victims.

For mid-sized firms the risk is even more pronounced. Without large security operations in place, keeping pace with the fast-changing technical developments, policies and procedures can be a challenge. Adversaries are getting smarter, scams are becoming more convincing and the global pandemic means workforces are dispersed, making it more difficult to ensure normal security practices are being observed.

To reduce complexity and simplify decision making, financial organisations need to unify processes and technology to harness the security intelligence that comes from across their own security programmes and external sources to drive down risk.

A sense of unity

No firm can tackle the problem alone. Experienced threat actors using advanced techniques are constantly targeting the accountancy sector, so the industry needs to come together as a whole to foster a sense of collaboration and data sharing.

There is a wealth of information available from accountancy bodies, such as Action Fraud, the Fraud Advisory panel, the National Crime Agency and HMRC that offer advice on suspicious trends and scams that are being seen. Accountancy firms need to share intelligence on the threats and hazards they are seeing with other firms, industry groups, government agencies and other relevant authorities, to build industry specific insights into cybersecurity threats and quickly pivot to gain more information on those specific threats and threat actors. By working together, a picture can be painted on threats coming from all manner of malicious activity, from malware and ransomware to phishing and software vulnerabilities.

Breaking down barriers

Having the right intelligence is not enough to ensure that intelligence is turned into action. Breaking down information and process silos across teams allows organisations to analyse and act on the most pertinent information. Everyone has access to the risk and threats that matter most, and orchestration and automation of response helps overwhelmed firms to prioritise response plans and improve efficiencies in their security programme.

Integrating internal security tools and technologies, while also connecting to external sources of intelligence, creates a single source of intelligence that feeds operations and enables organisations to direct action against the threats that matter most. The outcomes of those actions further feed intelligence, providing the ability to further refine the efficacy of the entire security lifecycle.

This approach provides a continuous feedback loop for the people, processes and technologies that make up the security programme. It also allows businesses to keep up with threat actors that are constantly adapting their methods to profit at the expense of others – something that will not stop anytime soon.

Ultimately, accountants have a responsibility to their clients to be vigilant of new and emerging risks in a digital age. Where cybersecurity used to be a classic back-office concern, it now needs to become a central part of IT strategies and a key pillar of both reputation and customer retention. Legislation, the cost of crime and the risk of reputational damage that a breach poses leave no room for failure.

Top Content

    Brazil: regulation and technology form basis for recovery

    Opportunities in the capital markets and the ever-growing influence of technology are expected to have a significant impact on the Brazilian accounting profession over the next 12 months, writes Paul Golden.

    read more

    Mentoring support and the opportunity to delegate

    Jon Lisby will be known to many from his former role as CEO of Kreston International. Here, he explains the background to his new venture, Global Alliance Advisory Services (GAAS), and how he aims to offer support to alliance CEOs.

    read more

    Global by name, global by nature

    Stephen Heathcote became chief executive officer of PrimeGlobal on 1 June 2019. Robin Amlôt met him to discuss the various new challenges that he has taken on, and his ambitions for the association.

    read more

    ARGA team, assemble!

    The new top team has been named that will see in root-and-branch reform at the Financial Reporting Council (FRC) as it transforms into the Audit, Reporting and Governance Authority (ARGA). Will the new duo be as dynamic as some are hoping? Robin Amlôt reports.

    read more


    As the Coronavirus (COVID-19) continues to spread across the world, the International Accounting Bulletin and The Accountant will be collating all the latest news and updates from the profession on the pandemic’s impact.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.