By Keiter CPAs
Understanding cybersecurity threats and mitigation strategies
In today’s digital age, cybersecurity has become a critical concern for businesses of all sizes. During Keiter’s 2024 CPE seminar, Scott McAuliffe, Risk Advisory Services Partner, and Chris Moschella, Risk Advisory Services Senior Manager, discussed several key aspects of cybersecurity, focusing on common attack vectors, trends, and effective mitigation strategies.
Trends regarding cyber attacks
Multiple trends and insights were shared from the IBM Security 2023 Cost of Data Breach Report to showcase various attack vectors used by cybercriminals.
Phishing, Business Email Compromise (BEC), and Social Engineering remain some of the most common cyber threats, with 54% of attacks originating from end-user vulnerabilities.
Ransomware is still significant concern, especially as attackers increasingly target email systems and exploit weak authentication protocols. Nearly 1 in 4 cyberattacks result in ransomware incidents.
Detailed scam scenarios
The seminar provided detailed scenarios of common scams, including vendor record scams, wire fraud scams, and data theft. These scenarios illustrated how attackers exploit vulnerabilities within organizations to steal money and sensitive information.
Vendor record scam: This scam involved a hacker gaining access to an employee’s email account and sending fraudulent payment instructions to update vendor records. The hacker then receives the payments intended for the legitimate vendor.
Wire fraud scam: In this scenario, a hacker impersonates a company executive and sends urgent wire transfer requests to the finance department. The urgency and authority of the request often leads to the transfer being completed without proper verification.
Data theft: This scam involved a hacker posing as an internal auditor and requesting sensitive payroll information. The hacker then used this sensitive employee information for malicious purposes.
Mitigation strategies
To combat these threats, the seminar highlighted several key mitigation strategies:
- Security awareness training: Regular training sessions for employees to recognize and respond to phishing attempts and other cyber threats.
- Multifactor authentication: Implementing multifactor authentication to add an extra layer of security for accessing user accounts.
- Internal controls: Establishing robust internal controls, such as strong password controls, user access reviews, and conducting regular audits.
- Advanced technical solutions: Utilizing advanced technical solutions like endpoint protection, sophisticated firewalls, and network monitoring to detect and prevent cyberattacks.
The importance of cyber insurance
The seminar also discussed the role of cyber insurance in mitigating the financial impact of cyberattacks. Having a comprehensive incident response plan and involving legal and insurance professionals quickly can help organizations recover more effectively from a cyber incident.
Conclusion
The 2024 Fall Risk Advisory Services CPE session provided valuable insights into the evolving landscape of cybersecurity threats and the strategies businesses can employ to protect themselves. By staying informed about the latest trends, providing security training, and implementing robust security measures, organizations can better safeguard their assets and maintain the trust of their customers.
Learn how Keiter can help your business mitigate cyber security risks.
About the Author
The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.