With all the news about foreign interference in the U.S. elections, is it any surprise U.S. businesses also face a threat from overseas hackers and cyber criminals? In a previous blog we’ve talked about why accounting firms are prime targets for cyber-attack because of the vast amount of personally identifiable information (PII) they store. In the last several years, Hold Security, a cyber security firm specializing in a service called Deep Web Monitoring, has traced several large scale hacks of financial services firms and other businesses back to foreign criminals. Specifically, when it comes to CPA firms, the hackers are looking to commit tax fraud for their financial gain. Some of these hacks make the news, like the breach of Deloitte that was discovered in 2017, but large firms are not the only the target. It is not the size of the firm that matters, but ease of opportunity.

So how are these criminals obtaining this sensitive data? Many times they are quietly gaining access to the system through viruses, data logging, and keyboard logging. Since many firms use similar software to manage their clients’ data, when a hacker finds a weakness they can then go on to exploit that against multiple firms. The average time is takes to discover a data breach is 206 days, more than enough time for cyber criminals to mine for the data they seek undetected.

Over the last several years the U.S. federal government has found evidence of hacks that can be traced back to China, Iran, and other countries. And while they try to prosecute the suspects in these cases and have issued indictments, they find it increasingly hard to bring them to justice. Often, the indictments are more of a political statement and a warning to other governments. U.S. officials will try to impose sanctions on countries that sponsor, or at the very least, protect hackers, in an attempt to get them to help with the prosecution of these cases. William Sweeney Jr., assistant director in charge of the New York Office of the FBI has stated, “we will look to publicly identify operators like this with indictments”, pursuing both criminal and civil proceedings to punish foreign and/or state-sponsored hackers.

It is more important than ever to have a robust cybersecurity plan in place. This includes employee education and consistently updated anti-virus and anti-malware software. In addition, there needs to be a response plan in the event of a data breach so that decisions are not made in the heat of the moment. As they say, the best offense is a good defense