Companies Must Understand Cyberthreats Better, Analyst Says

The Accounting Policy & Practice Report ® provides financial accounting policy makers, advisors, and practitioners with the latest news, expert insights, and guidance on emerging, evolving,...

By David R. Jones

Financial services providers could be particular targets for cyberattacks, a digital-systems analyst warned.

Richard Horne, a partner for cybersecurity at PricewaterhouseCoopers LLP, said that defense companies and nuclear power plants also could be marked for efforts aimed at breaching their electronic security systems.

“Cybersecurity has an impact on corporate value,” he told the Meet the Experts conference Nov. 20. Companies and agencies need to understand and manage their exposures to hackers.

Understanding Exposure

Companies must grasp the dangers they could face if hackers compromise financial-reporting data, Horne said, including whether their financial data could be corrupted and how resilient their financial-data systems are in the wake of attacks.

The risk of a breach at an accounting firm or other financial services supplier could be lateral as well, with intruders seek to gain access to data on clients as well as information on the provider itself.

Horne said a destructive attack might cause substantial financial-reporting problems as data is wiped out or corrupted, noting that Notpetya by Russian hackers delayed some Ukrainian companies’ in publishing their financial statements.

Human Factor

“Often attacks focus more on people and processes than on technology,” Horne said, “as attackers are looking to exploit the greatest weaknesses.”

This means hackers might zero in on obtaining passwords and other means of access to systems, which can occur when an employee uses the same user name and password across multiple accounts, or when employees fail to reset their passwords on a regular basis.

Financial-services and other companies need to erect safeguards against cyberattacks, he said, by:

  •  thoroughly understanding their potential vulnerability to hackers;
  •  embedding cybersecurity concerns into major corporate decisions;
  •  determining how to ameliorate attacks, including restoring data that’s been destroyed or corrupted; and
  •  arranging an independent review of cybersecurity systems.

To contact the editor responsible for this story: S. Ali Sartipzadeh at asartipzadeh@bloombergtax.comTo contact the reporter on this story: David R. Jones in London at http://correspondents@bloomberglaw.com

Copyright © 2017 Tax Management Inc. All Rights Reserved.

Try Accounting Policy & Practice Report ®