This article was originally featured on Insightful Accountant. Read the original article here.
This article was written by Brendan Horton, Analyst at FoxPointe Solutions Information Risk Management Division of The Bonadio Group.
Financially motivated cyber-attacks are becoming increasingly sophisticated and severe as attackers exploit new vulnerabilities in today’s digital age. Unfortunately, these criminal activities often go undetected until extensive damages are incurred. For example, according to the IBM “Cost of Data Breach Report,” the average breach in 2022 cost organizations up to $4.35 million in damages.
As a result, organizations must strive to remain vigilant and work to build multilayered security teams to best prevent, detect and respond to these complex attacks in today’s ever-changing threat landscape.
To create the most effective cybersecurity team, companies must leverage both financial and technology talent. While cybersecurity professionals are well-versed in preventing, detecting and responding to intrusions and security breaches, a seasoned forensic accountant brings valuable experience and knowledge to the many forms of corporate fraud, as well as the necessary steps to employ investigative techniques to spot trends and outliers in large data sets.
At their core, the competencies and characteristics of cybersecurity professionals are much like those of a forensic accountant, with the primary difference being the focus of safeguarding technology systems versus financial information.
As a result, the work of these professionals is often intertwined, creating a natural need for collaboration and teamwork.
Here are some of the many ways that cybersecurity professionals and forensic accountants can effectively work together to prevent and recover from highly intelligent attacks on financial data.
Prevention
Effective prevention of financial cyber crimes takes a diversified skill set, tapping into both financial and IT specialties to create the strongest possible defense against security breaches. For cybersecurity professionals, this involves designing and implementing processes, controls, and systems based on industry standards set by the National Institute of Standards and Technology (NIST) to mitigate the risk of cyber criminals gaining access to critical information.
This may include implementing two-factor authentication programs, file encryptions and more. These activities are certainly essential to preventing cybercrimes; however, forensic accounts can add supplemental value and help ensure a stronger defensive line against cyber-attacks by searching for financial anomalies, unusual trends and misappropriation of funds before any losses are even incurred.
Recovery
While cyber professional and forensic accountants can work together to institute safeguards to proactively defend an organization’s financial data, no organization is safe from cybercrime in today’s complex risk landscape. In the event of a security breach, financial and IT professionals must collaboratively work to ensure swift defenses are deployed and the damage to a business’ bottom line is as minimal as possible.
More specifically, cybersecurity professionals must promptly employ a variety of techniques to close the digital path to systems. In addition, forensic accountants can work to provide insights into how the breach impacted an organization’s business controls and funds. This is done by calculating potential losses, assessing and disclosing accounting requirements and assisting with evidence collection for insurance purposes.
Ultimately, whether the focus is on pre-incident controls and processes, active investigations or post-incident remediation, organizations can benefit from having personnel with diversified skills available to them.
Possessing a strong defensive line and having forensic accountants working alongside your cybersecurity team can help your organization in the fight against profit-seeking cyber-attacks by rapidly closing internal control and technological gaps, implementing safeguards, and adequately preventing or detecting the misappropriation of funds before losses are incurred.
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.