January 4, 2023
This article was written by Brendan Horton, Analyst at FoxPointe Solutions Information Risk Management Division of The Bonadio Group.
As global cyberattacks continue to become more sophisticated, so should corporations' risk mitigation strategies. Of these high-stakes attacks, financial motivation is the most common reason for cybercriminals to target businesses, with the IBM "Cost of a Data Breach" report finding that the average breach in 2022 cost organizations up to $4.35 million in damages. With consequences this detrimental to business, it's critical that companies build a multilayered approach to cybersecurity with a number of experts involved to ensure effective prevention, detection, and response to cyber threats.
To create the most effective cyber-risk prevention and recovery team, companies must leverage financial and technology talent to collaborate on prevention strategies. While cybersecurity professionals focus on the who, what, where, and how of a potential breach, accountants can monitor the potential impacts to a corporation's funds and controls to determine priority functions and vulnerable financial business data that need safeguarding. This is typically done most effectively by forensic accountants who are trained in auditing and investigating risk factors within the finances of individuals or businesses. When these two roles find synergy, they can combat even the most complex of corporate cybercrimes.
Here are some of the ways these professionals can effectively work together to prevent and recover from highly intelligent attacks on financial data.
Proper prevention of financial cybercrimes takes a diversified skill set, tapping into financial and IT specialties to create the strongest possible defenses against breaches. For cyber professionals, this includes identifying and closing gaps in internal controls and technologies, and implementing the proper safeguards — from two-factor authentication programs to file encryptions and more. Meanwhile, forensic accountants are well-versed on corporate finances and have the ability to detect the misappropriation of funds before losses are incurred.
Cyber professionals are also invaluable assets to financial teams in alerting them to new threats as the digital landscape changes so that proper preventative measures can be implemented. For example, there is a new trend of hackers using Meta business accounts as an entry point to breach financial information. This typically involves the stealing of customer credit card and bank information when they make transactions through the social media platform.
Obviously, suffering from an attack of this kind can lead to a damaged reputation, monetary consequences, and a loss of consumer trust. Establishing open lines of communication between cyber professionals and those in charge of monitoring business transactions can mean that forensic accountants know what threats they need to be wary of and can make business decisions that are in the best interest of their clients and customers. Also, it can ensure quicker detection of odd transactional activity for early intervention.
Instituting safeguards to proactively defend financial information — and consistently reviewing and updating them — can help to keep corporate funds safe in an era where sophisticated cybercriminals can steal financial information at the click of a key.
Even the best laid plans can fail, especially when the enemy continues to get smarter and stealthier as technology evolves. That's the case when it comes to cybercrime, so planning to fail is just as important as working to avoid failure.
Collaboration between cybersecurity professionals and forensic accountants can ensure that swift, immediate defenses are deployed when an attack is executed and that the damage to a business's financial bottom line is as minimal as possible.
In the event of a breach, these professionals must work together to block the attacker and protect as much data and capital as they can. For example, a seasoned forensic accountant brings experience and knowledge of the many forms of corporate fraud, as well as the necessary steps to employ investigative techniques to spot trends and outliers in large data sets as they develop. Immediately upon noticing suspicious activity, they can alert their company's cyber team to quickly employ a variety of techniques to close the digital path to systems while they investigate.
While losses are not ideal, they are difficult to avoid once a cybercrime is effectively executed, even if it was caught and stopped quickly. Post-incident, it is the task of forensic accountants to calculate potential losses, assess and disclose accounting requirements, and assist the cyber team with evidence collection for insurance claim purposes.
Generally, forensic accountants and cybersecurity professionals have the same goal: to safeguard important information. When they use their unique skill sets to collaborate effectively, a corporation has the best chance of evading the consequences of a devastating cyberattack.