Cyber threats change all the time, and cybersecurity has to change with them. Unfortunately, it’s difficult to predict the next big cybersecurity trends. Some experts have tried it nonetheless, and despite some ambiguity, their projections make one thing clear for accounting firms: Cybersecurity will continue to be increasingly difficult to manage.
That’s because threat actors, those people who are out to steal your clients’ data and bring your firm to its knees, are always coming up with new ways to carry out attacks. Plus, they’re making some of their go-to methods more effective and potentially more damaging for your firm. As a result, firms are likely to face even more government regulation of security and will probably need to rethink—again—their core security strategies.
Earlier this year, two expert sources, Security magazine and the noted analyst firm, Gartner, laid out cybersecurity predictions for the rest of 2022 as well as for 2023. This blog post looks at five recent predictions that are the most likely to affect accounting firms and what your firm needs to do to prepare for when speculation becomes a reality.
Cybersecurity predictions and new cybersecurity threats
Cybercriminals using deep fakes.
Although they still sound like something from science fiction, deepfakes are very real and poised to become a problem for all kinds of businesses. Advancements in artificial intelligence have made creating deepfakes easier and have helped cyberattackers create deepfakes that are increasingly believable.
Deepfakes are a much more convincing form of phishing attacks that are much harder to stop. Many computer users have learned to spot suspicious emails, but deepfakes bring data theft into new platforms. The voice message you get from a client, for example, might not really come from a client. Or worse—a threat actor could spoof your voice in an attempt to scam your clients while posing as you.
Those examples don’t even get into visual deepfakes, which can fool face-recognition software and even introduce fraud into video communications. Your firm needs to be diligent about double-checking anything and everything with clients. Don’t trust a recorded message of any kind. Speak with clients live via phone or video to confirm requests, especially if they seem unusual. Also, make sure your clients are on the lookout for messages from you that seem odd.
Your firm also needs a solid backup and recovery strategy should a deepfake—or any kind of attack—actually work. An attack that results in lost or ransomed data can be devastating. But if you can get access to your data quickly after an attack, your firm is much more likely to come through relatively unscathed.
Ransomware becoming more destructive.
Yes, really. It’s bad enough that cyberattackers are so successful at using ransomware to steal client data and sell it back to firms, sometimes just taking the money and not giving back access to the data. But now, threat actors have a whole new weapon in their ransomware arsenal: destroying your firm’s systems and hardware.
Security magazine goes into detail:
“Attackers sometimes combine ransomware with distributed denial-of-service (DDoS) with the intention of overwhelming IT security teams. If they add Wiper malware, it creates added urgency for companies to quickly cave to ransom demands. This type of malware is particularly insidious because it could not only wreck data but destroy systems and hardware—as criminals tried to do at the Olympic Games in Tokyo. It’s only a matter of time until destructive capabilities like Wiper malware are added to ransomware toolkits.”
For your firm, this destructive capability in the hands of cyberattackers makes several elements of security even more critical than they were before. For starters, employees absolutely must know how to recognize and avoid phishing attacks that can launch ransomware and malware into your systems. Training them is essential. They also need to use strong passwords and not repeat passwords from application to application.
Multifactor authentication is also essential for preventing attackers from easily accessing your firm’s—and therefore your clients’—data. Introducing a second device to logins significantly increases your level of security and decreases a threat actor’s chances of pulling off a successful attack.
Again, backup and recovery are important here, too, along with the ability to recognize a ransomware attack as soon as it happens. Even successful attacks will result in minimal information sent to cybercriminals if firms can detect the attacks immediately and stop them from doing damage. Many attacks can go unnoticed for weeks or months, slowly draining a firm of its lifeblood of client data. Stopping the bleeding before it starts is essential.
Increased government regulation.
Gartner puts the numbers in stark terms:
“Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover five billion citizens and more than 70% of global GDP.”
In the US, firms already have to comply with the IRS “Security Six,” a set of cybersecurity regulations. It’s possible, though, that the Security Six will be just another in what could become a long list of security requirements. As attacks increase in number and severity, government bodies are likely to require financial institutions of all kinds to meet increasingly stringent standards.
Of course, any firm that stops at just meeting the demands of the Security Six isn’t doing enough to protect itself, anyway. The IRS requirements really represent a minimum standard for cybersecurity. But as governments catch up with the seriousness of security threats, they’re likely to lean on firms more and more to protect client data.
Firms need to have enough flexibility in their security strategies to be able to deal with government regulations—both domestic and otherwise—as they happen. The best way to do that is to work with a security partner that can change on the fly when necessary and manage security so the firm itself doesn’t have to. You and your employees are busy enough just doing your jobs.
Consolidation of IT security services with one vendor.
Here again, Gartner lays out the numbers:
“By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE (security service edge) platform.”
The strategy of using different vendors for different aspects of security, sometimes referred to as “best-of-breed,” is going by the wayside.
Gartner continues by noting that “vendors are offering an integrated security service edge (SSE) solution to deliver consistent and simple web, private access and SaaS application security. Single-vendor solutions provide significant operational efficiency and security effectiveness compared with best-of-breed solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.”
Finding a trusted partner to manage multiple aspects of security, then, is essential for accounting firms. A provider that can offer cloud access and a full slate of security offerings will set your firm up well for the future.
Cybersecurity becoming a prerequisite for doing business with vendors and third parties.
One more from Gartner:
“By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.”
Just as your clients’ data is only as safe as your firm’s cybersecurity setup, you have to consider how secure the companies you do business with are. That includes not only clients but strategic business partners ranging from freelancers and consultants to the people who provide you with office supplies or snacks.
Consumers learned in 2022 how severe the effects of supply chain disruption can be, and security works similarly. Your firm is part of a security chain with every other company with which you do business. Any weak link in the chain can expose everybody involved.
You need to know how secure your clients and partners are before you give them any level of access to your IT systems. If they’re partnered with a cloud security provider the way your firm should be, they should be safe. You can even recommend a security partner to those businesses that don’t have one.
Achieve Smart Security Management with Rightworks
Your firm needs to be able to handle whatever happens next in cybersecurity. You can do it with Rightworks. Smart Security Management represents a new model for handling security—one where firms take a holistic approach to security both inside and outside of the cloud, all with a single vendor. And who better to help you achieve this than Rightworks—a leading provider of cloud and security services with more than two decades of experience?
Rightworks security tools allow firms to prepare for the cybersecurity challenges to come by enabling them to train employees, implement a flexible and comprehensive security strategy, and minimize and mitigate the impact of cyberattacks. Your firm can achieve Smart Security Management by adopting the right set of solutions, including:
- Secure and reliable cloud hosting that safeguards your data with end-to-end redundancy across all systems.
- A comprehensive, secure device solution to safeguard your most critical data.
- An employee education program that provides best practices for staying safe online.
Are you ready to take your firm’s security strategy beyond where it is today? Contact Rightworks.