BUILDING A STRONGER CYBER SECURITY WORKFORCE

According to Randy Vickers, Today’s cybersecurity landscape is an ever-changing environment where the greatest vector of attack is our normal activities, e-mail, surfing, online gaming, etc. Cyber security never sleeps nor takes holidays.

ACCA and PWC in a recent research found out that technology has four established pilar viz: Analytics, Cloud, Collaboration and RPA (Robotic Processing Automation)

According to that research, a fifth emerging technology pillar is Cybersecurity. The reason for this emerging trend is due to the fact that businesses are increasingly taking their processing and data storage to the cloud (there is no sign of this trend reversing)

internet of businessesThe fact that technology has become synonymous with business makes it a business CRIME not to have cyber security savvy workforce. To be secure online, one has to think like a hacker- thinking like a hacker is one of the soft skills that one picks up in the course of acquiring cyber security skills.

It is a well established fact that business technology has come to stay. Companies regardless of their sizes are gradually automating processes and this has created much vulnerability that can be leveraged upon by hackers to cause havoc to the bottom line of businesses.

Building a stronger cyber security workforce is a strategic decision that serious minded companies are not taking lightly.

New generation analysts and investors have found a way of adding cybersecurity awareness of a company as one of business valuation matrix.

‘Cybersecurity should no longer be viewed as a technical issue, but as a business risk issue, an ongoing risk which is constantly changing and evolving,’ says Wootliff

WHY SHOULD  ANY COMPANY FOR THAT MATTER CARE?

Earlier this year, the Information Security Forum released its latest research on nine major threats CEOs and CFOs should be aware of over the next two to three years as a result of technology change. The report, Threat Horizon 2019: Disruption. Distortion. Deterioration, identifies three major areas of concern:

  • disruption – from overreliance on fragile connectivity
  • distortion – as trust in the integrity of information is lost
  • deterioration – when controls are eroded by regulation and technology.

Companies need to begin thinking about cybersecurity less as a purely IT-managed risk and far more as a strategic business issue,’ says the Consumer Loss Barometer report by KPMG, published last August.

And that is the way it should be, because cyber attacks cost business worldwide as much as US$450bn in 2016, according to Steve Langan, CEO at Hiscox Insurance.

And while larger businesses may have the resources to weather the damage even in the long haul, for smaller businesses, cyber attacks can be impossible to overcome, with nearly 60% of small companies going out of business following a hack, according to the United States House Committee on Small Business.

WHAT IS IN IT FOR ME AS A STAFF?

Cybersecurity upskilling is now a requirement for occupying C-suits and being on the board of most Fortune 500 companies after a report that the CFO of €3bn-revenue German cable manufacturer Leoni had been tricked into transferring €40m into an unknown bank account because of business-email compromise (BEC) scam.

In a digitalized world that we now live in, cyber security literacy is an essential survival skill at workplace. Employers will always keep their most valued employees regardless what the economic situation might be. Cybersecurity skill according to March 2017 ACCA research is ranked in top 10 sought after skills- so what is wrong with getting it.

The best way to build a strong cyber security workforce is through education hence, this presentation. The method to be adopted in this presentation is to explain some selected cyber security terms (including basic threats), explain what they mean and then proffer best practices that can be adopted in order to minimise the likelihood of them occurring.

Basic Cybersecurity Terms

  • Ransomware (Wannacry): This is a crytoworm that was released on Friday, 12th May 2017 targeted at computers running on windows operating systems. It automatically encrypts all data on the infected system and other vulnerable systems on the network.

 

“The attack began on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of the United Kingdom’s National Health Service (NHS), Spain’s TelefónicaFedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide. Shortly after the attack began, Marcus Hutchins, a 22-year-old web security researcher from North Devon in England, who blogs as “MalwareTech”, discovered an effective kill switch by registering a domain name he found in the code of the ransomware.

 

This greatly slowed the spread of the infection, effectively halting the initial outbreak on Monday, 15 May 2017, but new versions have since been detected that lack the kill switch. Researchers have also found ways to recover data from infected machines under some circumstances.” Wikipedia

 

  • Phishing: this form of attack is primarily delivered through email and instant messaging. “Phishing is the attempt to obtain sensitive informationsuch as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim. According to the 2013 Microsoft Computing Safety Index, released in February 2014, the annual worldwide impact of phishing could be as high as US$5 billion” Wikipedia

 

We have 3 types of Phishing VIZ:

  1. Spear: this kind of phishing attack is targeted as specific individuals in a company like the CEO, FD/CFO, CRO, etc
  2. Clone: this is a kind of man-in-the-middle attack whereby legitimate and previously known email containing an attachment is intercepted, and its content replaced with malicious codes and links
  3. Whaling: Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks.

 

In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue.

 

Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern. Whaling phishers have also forged official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install special software to view the subpoena.

 

  • Cybersecurity: this is referred as the protection of anything that is potentially exposed to the internet.
  • DDOS: DDOS stands for Distributed Denial Of Service attack. Attackers send too much traffic to the systems of the target to keep it too busy in such a way that it cannot process legitimate business functions. Application layer DDOS attack and the persistent DDOS attack are the most common types.
  • Time bomb: as the name implies, this kind of malicious code only manifests at specified time. It may lay dormant on a system without being detected.
  • Logic bombs: this type of attack is triggered by the occurrence of an event. Disgruntled employees usually carryout this type of attack
  • Worm: A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe ground for replication. According to Avast (an anti-virus company), Computer worms are nasty bugs that self-replicate and slow your computer to a crawl. Common ways of transmitting worms include attachments, file-sharing networks and links to malicious websites.
  • Viruses: A computer virus consists of segments of code that perform malicious actions. The code attaches itself to the existing programs and takes control of that program’s access to the targeted computer.

 

According to Wikipedia, A computer virus is a type of malicious software program (“malware“) that, when executed, replicates itself by modifying other computer programs and inserting its own code. Infected computer programs can include as well, data files, or the “boot” sector of the hard drive. When this replication succeeds, the affected areas are then said to be “infected” with a computer virus.

Spyware: Spyware is software that aims to gather information about a person or organization without their knowledge that may send such information to another entity without the consumer’s consent, or that asserts control over a device without the consumer’s knowledge.

“Spyware” is mostly classified into four types: adware, system monitors, tracking cookies, and trojans.

  • Scareware: have you ever seen a pop up on your computer screen saying that a virus has been detected on your system that you should run their software to remove it. The aim is to trick you into running a program that contains virus.
  • Adware: marketers and advertising firms use adware programs to collect user information that will enable them deliver relevant adverts. However, some people with motive gather these information foot-printing purpose and ultimately lunch attack.
  • Malware: this is a broad name for all kinds of malicious codes- including a virus.
  • Rootkit: A rootkitis a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. The term rootkit is the combination of “root” (the traditional name of the privileged account on Unix-like operating systems) and the word “kit” (which refers to the software components that implement the tool). The term “rootkit” has negative connotations through its association with malware. Rootkit is dangerous because it is very difficult to detect. It resides in the kernel of the computer operating system. Removal of firmware rootkit entails replacement of hardware.
  • Spam: we are all familiar with one form of spam or the order. Spam represents all unsolicited messages that are sent to us. Major email clients have devised ways of auto filtering out spammy messages. Spam messages contain dangerous contents and links.
  • Botnets and zombies: botnets are malicious codes that act as proxies. Black-hat guys use this to turn infected computers into zombies that are subsequently used to launch DDOS
  • Firewall: the term “firewall” originated from fire fighters. Firefighters make ring of fire some distance form bush firm so that the fire naturally dies when it gets there. In the context of information technology, firewall is a set of rules that controls how packets flow in and out of a network.
  • Zero day attack: a zero day attack is a kind of attack that causes massive damage before the attacker gets the chance to respond.
    • Social engineering: this is used to describe what happens when attackers tricks users into willingly giving out sensitive information. Spoofing of email addresses and IP addresses are major ways of masquerading in social engineering.
    • Identity theft: this happens when a person’s personal detail is used to impersonate the person. The perpetrators of this act usually use the stolen identity to either commit fraud, take massive loan or buy expensive item on credit
    • Pharming: Pharming is a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
  • 20 General systems security tips:
    1. Use a password to get system out of sleeping mode
    2. Use password to share folders
    3. Never re-use a password
    4. Correct and consistent use of firewall
    5. Timely deployment of patches
    6. Make your password as complicated and unique as possible
    7. Update your password regularly
    8. System hardening
    9. Virtual Machine for some tasks
    10. Never write down your password- keep it far from your desk if you must do
    11. Don’t use dictionary words as passwords
    12. Regularly check the privacy settings on your social media accounts
    13. Enable a two-factor authentication (where possible)
    14. Have an updated antivirus and antimalware software install
    15. Always install OS updates
    16. Never click on any link – especially in an email
    17. Regularly update your browser
    18. Use of firewall to hide network name from broadcaster
    19. Never share password
    20. When you forward email to others, ensure that you have checked the contents of the mail and that it is suitable to be forwarded.

    Purpose of Cyber Security

    • CIA of cyber security: All efforts in the area of cybersecurity is to ensure that information is confidential, have some integrity and is available as at when needed.

I AM NOW A QUALIFIED ACCOUNTANT – WHAT NEXT?

A newly qualified ACCA accountant came to me last weekend and said “I am now a qualified accountant, what next?” I told him I will get back to him shortly. But on second thought I said “put your-self in the driver’s seat of data driven … [Continue reading]

Tips on Doing Business without Government Help during Recession

8 Quality Management Principles

Research suggests that the people who survive disasters are the ones who locate the life jackets and fire exits, followed safety drills or paid attention to cabin crew pre-flight workouts. It is a sad reality that Nigeria has found itself in … [Continue reading]

Functions and Duties of Forensic Accountants

functions and duties of forensic accountants

This article about the functions and duties of forensic accountants is in response to the question asked by one of the readers of Accountant-Next-Door after I wrote on how accounting cycle can help in forensic accounting. I have written two … [Continue reading]

Accounting Cycles- Preventing Fraud by Understanding Accounting Cycles

Accounting Cycles

Introduction Forensic Accountants in their bid to successfully fight fraud often falls back to exploring accounting cycles in order to understand how fraud can be perpetrated. This is to say that for one to understand how fraudulent activity is … [Continue reading]

Meaning and Uses of Branch Accounting

Branch Accounts

What is a Branch Accounting? A branch accounting is a system of accounting where branch transactional activities are kept separate from each other.   There are two methods of branch accounting. In the bid to prepare records that provides … [Continue reading]

Advantages and Disadvantages of Using Debt Factoring

Debt Factoring

Advantages and Disadvantages of Using Debt Factoring Advantages and disadvantages of using debt factoring must be considered before a decision is made on whether to use it or not. This is very important as doing this analysis will provide … [Continue reading]

Fundamentals of Trial Balance

A Trial Balance

This article on the fundamentals of trial balance is in response to the question asked by a Facebook fan of AccountantNextDoor on our page. ‘Tell me more about trial balance’ was the question.   What is a Trial Balance? A trial balance is a … [Continue reading]

How to Set Strategy for All Types of Business

How to set strategy

Every other business decision will be seamless if one understands how to set strategy. A lot has been said about strategy in business and management arena that the term strategy has become so many things to so many people. A football analyst for … [Continue reading]

Tips on how to become a better Accounting and finance manager

The tips on how to become a better accounting and finance manager that you are about to read in this article are what has worked for me as an accounting and finance manager. Managing an accounting and finance department does not have to be stressful … [Continue reading]

Accounting Treatment of Borrowing Costs in Accordance with IAS 23

Accounting treatment of Borrowing costs

Accounting treatment of borrowing costs is the subject matter of IAS 23. IAS 16 which deals on property, plant and equipment (PPE) made provisions surrounding how tangible non-current assets (TNCAs) are treated.   It among other things … [Continue reading]

What are Business Integration Models? | Examples of business integration models

Business Integration Models

Business integration refers to all the linkages that exist between various activities and processes of a company in such a way that value is added. In a nutshell, business integration models are those management accounting tools that enables business … [Continue reading]

Hybrid Accountants | How to Become a Hybrid Accountant

Hybrid Accountant

Hybrid accountants are finance professionals with top notch accounting knowledge and in depth commercial and operational awareness backed by the power of Information Technology.   Hybrid accountants are increasingly getting involved into … [Continue reading]

Strengths and Weaknesses of Different Budget Systems

Advantages and disadvantages of budget systems

Decision makers need to understand the strengths and weaknesses of different budget systems so as to ensure that optimal decision is being taken at all times. Organizations will not improve if budgets are set in the wrong way.   A major … [Continue reading]

Dealing with What Gets Measured Gets Done Syndrome

What gets measured gets done

What gets measure gets done is a popular phrase amongst performance management experts. Managements and staff will tend to concentrate on only those aspects of a business that they know are being measured and monitored. Examples of when this … [Continue reading]

Small Business Application of ISO 9001:2005 8 Quality Management Principles

8 Quality Management Principles

Small Business Application of ISO 9001:2005 8 Quality Management Principles ISO 9001:2005 amongst other things recommends that at the very minimum, quality management systems should include 8 quality management principles which we will be … [Continue reading]

What is Blockchain? Is it Another Cloud Computing or Big Data Concept?

Blockchain

Anyone who has been following trends in technology and finance for a while now would be wondering if this blockchain would be yet another cloud computing or bigdata or even the internet of things.   Fintech engineers are yet at it again to … [Continue reading]

Planning your PhD in Accounting and Finance

Planning your PhD in Accounting and Finance

Planning your PhD in Accounting and Finance can be so frustrating if one does not follow a systematic approach from the very beginning. This article is in response to the question asked by one of our followers on Facebook page. Most of the tips in … [Continue reading]

How Small Businesses Can Prevent Workplace Accidents

Preventing Workplace accident

Entrepreneurs must know how small businesses can prevent workplace accidents as a matter of fact. Employers of labour have the primary responsibility of making sure working environment is safe. One of the most important assets of a business is its … [Continue reading]

Nightmare of Accountants and how to avoid them

Accountants nightmare

Nightmare of Accountants and how to avoid them Nightmare of accountants can be anything ranging from family issues to simply not getting the accounts to balance. In today’s post, I will be sharing my personal experience on those things that gives … [Continue reading]

10 Factors Affecting Transfer Prices in Multinationals

Multinational transfer pricing

Today we will be looking at 10 factors affecting transfer prices in multinationals. We all know that transfer pricing can be abused by mutational in their bid to evade taxes (or avoid taxes) thereby improving profit for their owners. But there is a … [Continue reading]

Copy Guarded by IamShekhar's WP-CopyGuard.
%d bloggers like this: