Professional Documents
Culture Documents
Abstract
The purpose of this report is to review the cyber-threat landscape, to discuss
cybersecurity and its future trends and areas of concern, and to highlight
particular areas that are likely to have direct impact on the future of accountancy.
As computers are playing an ever-increasing role in what finance professionals
have to do on a daily basis, cybersecurity is becoming inextricably linked to
such fundamentally important tasks as protecting the safety and continuity of
the business, ensuring confidentiality of sensitive data and helping clients
understand and manage a wide range of cyber-risks. Other key considerations
are that cybersecurity is no longer a purely technical issue, and has become so
complex that there is no single third party that a business can fully rely upon
in order to stay secure.
Professional accountants and finance professionals have to step up to the
challenge and learn how to survive the tidal wave of cybercrime.
About ACCA
About IMA
www.imanet.org
faye.chua@accaglobal.com
Dr Raef Lawson
www.accaglobal.com
rlawson@imanet.org
The Association of Chartered Certified Accountants and Institute of Management Accountants, February 2016.
Table of contents
Acknowledgements
Foreword
Executive summary
1. Introduction
10
14
18
22
Conclusion
27
29
31
References
33
Acknowledgements
Dr Toa Charm
Alex Erchov
Dr Darren Hayes
Shariq Khwaja
Acknowledgements
Phil Talbot
Andrew Vorster
Foreword
Executive summary
1. Introduction
One of the first notable depictions of
cybercrime in popular culture was in a
1969 comic caper film called The Italian
Job, in which a gang of charmingly
inept British rogues managed to pull
off a gold bullion robbery.
The key part of the plan involved a clever, if slightly
weird, mathematician disrupting the traffic of central
Turin by planting a virus into the mainframe computer
that controlled the traffic lights; there was also an
accomplice whose hardware gadgets disrupted
closed-circuit television (CCTV) monitors. At the time,
all this must have seemed very funny and completely
improbable. Almost half a century later, crimes like this
are commonplace, and no one is laughing anymore.
State / Country
Company / Business
Individual
& Family
TYPES OF RISK
Operational
Reputational
Financial
Regulatory
Business itself
11
Western
Europe
Central &
Eastern Eur.
91%
74%
91%
Caribbean
North
America
73%
Middle
East
88%
79%
GLOBAL
South
America
85%
50%
Africa
86%
Figure 1.2: Percentage of respondents expressing concern about cybercrime (ACCA-IMA Survey 2015)
12
South
Asia
Asia
Pacific
85%
13
14
interesting story
IRS
CarPhone
Warehouse
Anthem
Hacking
Team
Carefirst
latest
Australian
Immigration
Department
British
Airways
Slack
Sanrio
Premera
TalkTalk
Securus
Technologies
tens of thousands
Experian
/ T-mobile
US Office
of Personnel
ManagementUS Office
of Personnel
Management
(2nd Breach)
76,000
750,000
Sony
Pictures
Community
Health
Services
Staples
Home
Depot
JP Morgan
Chase
Advocate
Medical
Group
2013
275,000
Central
Hudson
Gas & Electric
Kissinger
Cables
Adobe
Florida
Department
Crescent
Health
of Juvenile
inc. Walgreens
Justice
Evernote
Citigroup
Indiana
University
2012
Medicaid
2011
Accendo
Insurance
Co.
2010
Greek
government
LinkedIn,
eHarmony
Last.fm
420,000
Educational
Credit
Management
Corp
Colorado
government
Blue Cross
Blue Shield
of Tennessee
AvMed,
Inc.
CheckFree
Corporation
Affinity
Health
Plan, Inc.
Stanley of Motor
Smith Barney Vehicles
2008
Pictures
Sony
PSN
Honda Canada
New York
City Health
JP Morgan
Chase
Puerto Rico
Department
of Health
Health
Center
Gawker.com
Heartland
Data Processors
International
AT&T
Cybersecurity
Fighting Crimes Enfant Terrible
BNY Mellon
Shareowner
Services
Yahoo Voices
Three
Iranian
banks
GS
Caltex
Zappos
Washington
Post
US Law
Enforcement
Stratfor
935,000
Tricare
Tianya
Ohio State
University
Spartanburg
Regional
Healthcare
System
Southern
California
Medical-Legal
Consultants
760,000
RockYou!
Steam
US Army
398,000
South Shore
Hospital,
Massachusetts
Jefferson
County
Network
Solutions
573,000
Stanford
University
RBS Worldpay
University
of Wisconsin
- Milwaukee
US Federal
Reserve
Bank of
Cleveland
400,000
US Military
US National
Guard
800,000
US Dept
of Defense
Writerspace
.com
Sutter
Medical
Foundation
Triple-S
Salud,
Inc.
Seacoast
Radiology,
PA
ssndob.ms
Sega
System
Health
Net
Auction
.co.kr
TerraCom
& YourTel
Nexon
Korea
Corp
Embassy
Cables
251,000
NHS
Massachusetts
government
Eisenhower
Medical
Classified
Center
Iraq War
514,330
documents
Betfair
Washington
State court
UbiSoft system
South Carolina
Government
Massive
American
Restaurant
business
Depot
Oregon
hack Morgan Department
Health
Net
- IBM
China Software
Developer
Countrywide
Network
Financial
Corp
Ankle &
foot Centre
of Tampa
Bay, inc.
2009
KT Corp.
360,083
392,000
AT&T
250,000
Office
of the
Texas AttorneyNew York
General
State
Militarysingles.com
Electric
& Gas
Gamigo
Citigroup
Bethesda
Game Studios
Yahoo
Ubuntu
Japan
Emory Healthcare
Formspring
178.com
undisclosed
780,000
Dropbox
800,000
South
Africa
police
UPS
Vodafone
500,000
OVH
Apple
Nintendo
Living
Social
Global
Payments
Drupal
Scribd
Kirkwood NMBS
Community
College
Florida
Courts
Blizzard
Target
SnapChat
Apple
New York
Taxis
unknown
MacRumours.com
Ebay
D&B,
Altegrity
Neiman
Marcus
NASDAQ
European
Central
Bank
600,000
AOL
Twitch.tv
Korea Credit
Bureau
Dominios
Pizzas
(France)
2014
VTech
Uber
Mozilla
Japan Airlines
unknown
Ashley
Madison.com
Voter Database
500,000
400,000
Invest
Bank
unknown
Adult
Friend
Finder
mSpy
Kromtech
Yale
University
US Military
Virgina
Dept. of
Health
Virginia
Prescription
Monitoring
Program
531,400
University
of California
Berkeley
15
CVV 3-digit
bank a/c
security code details
$2
3
fullz
full package of
identifying info
(name, DOB etc)
5
credit card
(old)
credit card
(market flooded)
PayPal/
eBay account
10
10
27
20
health credentials
32
45
average
highest
16
17
18
Living in a fishbowl
19
20
21
22
Cyber insurance
Sharing information on
cybersecurity is still rare, possibly
because being better prepared
is perceived as somewhat of a
business advantage.
Faris Dean, Head of Business Services Department of
Bowden Jones Solicitors
23
24
25
26
Conclusion
Cybercrime has become a persistent
business risk and its impact is now
reaching across business and up to
C-suite and boardroom levels. Despite
its relatively tender age, it is potentially
the most devastating form of crime;
defending against it is by no means
easy and is no longer limited to solving
purely technical issues.
A chain is only as strong as its weakest link
27
28
29
30
31
32
References
BBC News (2015a)
US Centcom Twitter Account Hacked by Pro-IS
Group <http://www.bbc.co.uk/news/world-uscanada-30785232>, accessed on 2 October 2015.
BBC News (2015b)
Child Spy Firm Hit by Blackmailers <http://www.bbc.
co.uk/news/technology-32800238>, accessed on 2
October 2015.
BBC Technology (2015)
Not in Front of the Telly: Warning Over Listening TV
<http://www.bbc.co.uk/news/technology-31296188>,
accessed on 2 October 2015.
BIS (Department for Business, Innovation and Skills)
(2014)
2014 Information Security Breaches Survey: Technical
Report <https://www.gov.uk/government/uploads/
system/uploads/attachment_data/file/307296/bis-14767-information-security-breaches-survey-2014-technicalreport-revision1.pdf>, accessed on 2 October 2015.
Bloomberg (2015)
Iran Behind Cyber-Attack on Adelsons Sands Corp.,
Clapper Says <http://www.bloomberg.com/news/
articles/2015-02-26/iran-behind-cyber-attack-onadelson-s-sands-corp-clapper-says>, accessed on 2
October 2015.
ENISA (2014a)
An Evaluation Framework for Cyber Security Strategies
<http://www.enisa.europa.eu/activities/Resilienceand-CIIP/national-cyber-security-strategies-ncsss/anevaluation-framework-for-cyber-security-strategies-1/
an-evaluation-framework-for-cyber-security-strategies/
at_download/fullReport>, accessed on 2 October 2015.
ENISA (2014b)
ENISA Threat Landscape <https://www.enisa.europa.
eu/activities/risk-management/evolving-threatenvironment/enisa-threat-landscape/enisa-threatlandscape-2014/at_download/fullReport>, accessed on
2 October 2015.
Guardian (2015, Feb 2)
Tech Pioneer Phil Zimmermann Calls Camerons AntiEncryption Plans Absurd, Guardian (2 February)
<http://www.theguardian.com/technology/2015/feb/02/
encryption-phil-zimmermann-david-cameron?CMP=share_
btn_tw>, accessed on 2 October 2015.
Informationisbeautiful.net
Worlds Biggest Data Breaches, <http://www.
informationisbeautiful.net/visualizations/worlds-biggestdata-breaches-hacks/>, accessed 15 Febrauary 2016.
Krebs, B. (2015)
mSpy Denies Breach, Even as Customers Confirm It
<http://krebsonsecurity.com/2015/05/mspy-deniesbreach-even-as-customers-confirm-it/>, accessed on 2
October 2015.
McAfee (2014)
Net Losses: Estimating the Global Cost of Cybercrime
<http://www.mcafee.com/uk/resources/reports/rpeconomic-impact-cybercrime2.pdf>, accessed on 2
October 2015.
Munson, L. (2015)
Russia and China Sign Cyber Security Pact, Vow Not
to Hack Each Other, Naked Security (11 May) <https://
nakedsecurity.sophos.com/2015/05/11/russia-andchina-sign-cyber-security-pact-vow-not-to-hack-eachother/>, accessed on 2 October 2015.
NBC (2005)
Ex-AOL Worker Who Stole E-mail List Sentenced
<http://www.nbcnews.com/id/8985989/#.
VV93w0acHud>, accessed on 2 October 2015.
NIST (2014)
Cybersecurity Framework <http://www.nist.gov/
cyberframework/>, accessed on 2 October 2015.
PWC (2015)
The Global State of Information Security Survey 2015
<http://www.pwc.com/gsiss2015>, accessed on 2
October 2015.
Razumovskaya, O. (2015)
Russia and China Pledge Not to Hack Each Other,
Wall Street Journal (8 May) <http://blogs.wsj.com/
digits/2015/05/08/russia-china-pledge-to-not-hackeach-other/>, accessed on 2 October 2015.
Taylor, G. (2015)
James Clapper, Intel Chief: Cyber Ranks Highest
on Worldwide Threats to U.S., Washington Post
(26 February) <http://www.washingtontimes.com/
news/2015/feb/26/james-clapper-intel-chief-cyber-rankshighest-worl/?page=all>, accessed on 2 October 2015.
US Congress (2015)
H.R.1560 Protecting Cyber Networks Act <https://
www.congress.gov/bill/114th-congress/housebill/1560>, accessed on 2 October 2015.
White House, The (2015)
State of the Union Address, 2015, <https://www.
whitehouse.gov/the-press-office/2015/01/20/remarkspresident-state-union-address-january-20-2015>,
accessed on 2 October 2015.
ACCA
IMA
29 Lincolns Inn
Fields London
WC2A 3EE
United Kingdom
+44 (0)20 7059 5000
www.accaglobal.com
10 Paragon Drive, #1
Montvale, NJ
07645
USA
+1 201 573 9000
www.imanet.org