Cybercrime is emerging as one of the most dangerous threats to public safety and organisations of all types. In 2019, India witnessed many cases of cyberattacks, including information leak of 6.7 million users of an LPG brand Indane, Facebook database leak, and spyware Pegasus hacked into phones of around 1,400 users including Indian journalists and activists. As enterprises increasingly rely on digitally collecting and storing data, their vulnerability to hacks escalates enormously. And the rapid pace of technological change is the cybercriminal’s greatest ally.
Why is Cybercrime a Problem for Chartered Accountants?
Cybercrime is a threat to everyone within an organisation, but finance and accounts departments should be particularly concerned. Financial assets are at risk of being targeted by hackers, and in addition, many Chartered Accountants face multiple knowledge gaps when it comes to cyber and computer systems.
According to a report drafted by IMA (Institute of Management Accountants) and ACCA (Association of Chartered Accountants), 91% of respondents in South Asia and 85 percent globally expressed concern about cybercrimes. As per a report by PwC titled ‘Cyber Security India Market: What lies beneath’, over 67% of BFSI respondents have cited cyberthreats owing to digitisation for cyber security expenditure. As custodians of vital financial data, accountants can and must be key members of the company’s defence strategy against cybercrime.
Why are Chartered Accountants Well-Placed to Tackle Cybercrime?
Chartered Accountants possess professional strengths and qualifications that make them ideal for cyber risk management. First, they know how to quantify the costs and comparative cost-effectiveness of different security measures.
This is an essential skill when threats come from so many different directions and organisations cannot always afford to defend every front at once. A cybersecurity strategy must prioritise areas of vulnerability and commit resources to them.
This perspective of finance professionals also helps to protect them against scams related to “scareware” when cybercriminals trick individuals or companies into buying unnecessary protective software.
“Chartered Accountants always has his or her mind on the comparison of costs and benefits; this serves well in any function, but especially so when it comes to managing cyber risks”.
Second, Chartered Accountants typically possess required industry knowledge and understanding of the overarching strategy and end-to-end operation of the business for which they work. The rapid technological change that has impacted the finance and accounting profession has compelled Chartered Accountants to constantly upskill and retrain.
Though they are not IT-focused, Chartered Accountants can comprehend basic cybersecurity knowledge that allows them to contribute toward their organisation’s defences.
Finally, Chartered Accountants are typically leaders in the control process that ensures risks are mitigated and have a well-deserved reputation for always being concerned with safety for their clients and employers. Chartered Accountants, then, are well-placed to step into the role of proactively guarding the interests of their clients and organisations in an era when rapid technological change is creating ever greater risk.
How Can Chartered Accountants Contribute to Cybersecurity Strategy?
With these professional strengths in mind, Chartered Accountants must become actively involved in planning their company’s strategy for countering cybercrime. This process should begin at the top: CFOs must become intimately acquainted with the business of Chief Information Security Officers (CISOs) and share valuable information and knowledge.
“CFOs who can effectively manage IT issues will have an edge over their peers and be in high demand”
The same logic can apply to all other levels of finance and accounts departments. Current professionals have an opportunity to act as a bridge from the finance and accounts department to the IT department of their organisation, while accounting students can boost their eventual employment opportunities by studying IT as it relates to the finance and accounts function.
Chartered Accountants, within organisations can play an active role in estimating the financial impact of cyberattacks and advising senior leaders on company-wide preparedness. They can also define risk management strategies and identify where to commit resources to counter the most important threats.
Finally, Chartered Accountants can leverage their familiarity with compliance issues to stay ahead of legal and regulatory measures that increase liabilities or penalties for organisations in the event of data breaches.
Career Path in Cyber Security:
Here are some popular careers I cyber security for Chartered Accountants:
- Ethical Hackers
Ethical hacking provides a way to determine the security of an information technology environment from a technical point of view. In the context of “ethical hacking”, hacking refers to breaking into computer systems. It can be assumed that hacking is illegal, as breaking into a house would be. At this point, “ethical” comes into play. Ethical has a very positive touch and describes something noble which leads us to the following definition of ethical hacking: Ethical hacking describes the process of attacking and penetrating computer systems and networks to discover and point out potential security weaknesses for a client which is responsible for the attacked information technology environment. Ethical hacking can be categorized as a security assessment, a kind of training, a test for the security of an information technology environment.
- Cybersecurity consultant
A cybersecurity consultant is responsible for protecting sensitive data that come from these different aspects of the digital world. They evade security risks and prevent cyber-attacks. As we grow heavily reliant on technology, or rather as the role of technology grows more involved every day, the risks to the security of our data have increased as well. This creates a demand for Cybersecurity Consultants that can help businesses protect their data against security risks. Chartered Accountants can closely work with IT Team to give professional suggestions and guidance to IT teams. Estimating costs and categorizing integration issues for IT project teams.
- Computer Forensics Analysts
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. Chartered Accountants can provide following services in Cyber Forensics
1. Disk, network and mobile forensics
2. Malware analysis—static and dynamic
3. Digital forensics readiness assessment
4. Network log correlation and predictive analytics
- Data Governance and Classification Audit
Evaluates the processes management has put in place to classify data, and develop plans to protect the data based on the classification. Chartered Accountants can guide organization about data privacy.
- Social Media Risk Assessment
Collaborates with the IT organization to assess the social media activities that would create the highest level of risk to the organization. Evaluates the threats to the organization’s information security through the use of social media. This audit may be combined with a social media governance audit to then confirm policies have been designed to address the highest risks to the organization. Audit Considerations.
Does the organization understand what risks exist related to social media?
How well are the identified risks managed?
- Cyber Security Trainer
Chartered Accountants can teach Information Security, Incident Management, Security Device Management, Ethical Hacking, Data and Information Management, Install, configure and troubleshoot information security devices, Data Leakage and Prevention, Information Security Policies, Procedures, Standards and Guidelines, Information Security Management Roles and Responsibilities, Information Security Performance Metrics. Risk Assessment, Configuration Review, Device Log Correlations, Data Backup.
As a Cyber security trainer CAs can work with Colleges to Teach Cyber security to students, Police department and CBI.
Nice article… Thanks for sharing
Yes , I agree with you.