Part Two: The future is online
Emmy Hawker takes a deep dive into cyberspace, assessing how prepared accountancy firms and practices are for the ever-growing threat of cyber-crime
Part one of this two part long-read series investigated the current issues accountancy faces when it comes to cyber security. However, it is important to question how this will continue to evolve.
According to the current trajectory of growth, the technology sector is going to maintain that surprisingly steadfast status as a vast empire—the driving force behind innovation across the globe.
The accountancy sector is not exempt from this growth, as technology becomes more ingrained in day-to-day processes.
Nonetheless, the full capabilities of technology still have not been fully realised by industry. With cyber-crime, there is absolutely no room for complacency.
“We are becoming very connected digitally, and, if you think about business and enterprises, everybody is thinking about digital transformation—how can we use digital transformation to give us that competitive edge?”
Steven Connors from Haines Watts provides an excellent example when speaking with Accountancy Age. What would happen if a cyber-criminal managed to hack into the systems that control the notice board displays at Paddington station? This is not a cyber-crime that would be expected, or even considered to be a high-risk issue, but the knock-on effects of this could take hours – even days – to resolve.
It is the same with more conventional cyber-crime; criminals are constantly coming up with new ways to threaten online systems.
The next generation that is now moving into employment is coming armed with a high level of appreciation for the various benefits technology can bring, but are they aware of the risks?
A huge change that was officially launched by HMRC for VAT earlier this month was Making Tax Digital (MTD). Such a monumental shift onto online servers is certainly not without risk.
Having taxation data all in one place – and thus being able to track and update that information instantaneously – eliminates the various hazards that can occur through a paper-based system.
Michael (Mo) Stevens, CEO at Shearwater plc (Xcina), believes that “MTD will make tax collection more efficient, and the move to the digital world is positive for any business.”
“I think the bottom line is [that] you will be a victim of some form of cyber-attack at some point. The question is not: How do you avoid the attack? The question is: How much damage does it do? How fast will you recover?”
Nonetheless, such radical change is generating feelings of concern, and the online threats have been raised with Accountancy Age when looking into this topic.
“A large proportion of UK businesses will not be equipped to handle the digital record keeping and the reporting required, and this could leave them open to attack from cyber criminals,” Stevens warns.
However, the CEO of Accodex, Chris Hooper, disagrees with this argument. He says: “It’s easy to assume that MTD will increase the volume of cyber-crime.”
He continues: “That being said, HMRC has got just as much – if not more – at stake in managing the risk. These risks, with the right security measures, are easily mitigated. I am cautiously optimistic that we won’t have an increase in cyber-crime as a direct result of MTD.”
This is very much a case of the benefits outweighing the risks with the introduction of MTD for VAT as HMRC begins the process of moving businesses online.
Sheila Pancholi, partner and IT risk, security, and control specialist at RSM UK, believes that the UK is “going to see an increase in cyber-crime.”
“We are becoming very connected digitally, and, if you think about business and enterprises, everybody is thinking about digital transformation—how can we use digital transformation to give us that competitive edge?” she continues.
When speaking with industry, it has become clear that a change in mindset is necessary. However, this becomes an issue when the industry in question is naturally more risk-averse, and therefore not as quick to adapt the practices and methods that have worked for them for many years.
“Cyber breaches are not a new [problem]—it has been a significant issue for years, and it’s not going away.”
KPMG’s UK head of technology, Paul Taylor, says: “I think the bottom line is you will be a victim of some form of cyber-attack at some point. The question is not: How do you avoid the attack? The question is: How much damage does it do? How fast will you recover?”
If an accountant looks at their internal infrastructure and reforms it as if there will be a cyber-attack, rather than if, then it is likely that they will be far more cautious when working with data.
Taylor continues: “[it is important to segment] your network to make sure that, if someone attacks you, they can’t just get everywhere all at once. Patching and keeping yourself up to date, as well as working with your supply chain is very important.”
Connors concludes: “I think cyber security has got to become more important to the accountancy sector—there is no single source [or] golden thread.”
The endless possibilities that the online world provides people with has proven to be something of a double-edged sword.
In accountancy, there are clear benefits, such as: immediate access to data, clear internal audit trails, the simplification of the taxation process, and the ability to connect with both present and future clientele.
“We live in a world of global crisis.”
The negatives can become a permanent headache if the time is not taken to learn how to properly handle situations that can arise online, such as cyber security breaches.
“Cyber breaches are not a new [problem]—it has been a significant issue for years, and it’s not going away,” Stevens claims.
On a wider scale, however, there has been a vast increase in the amount of media coverage across the globe surrounding allegations of advanced technology being used to interfere in foreign affairs and democratic decisions. Cyber warfare is still a very new concept and the world is struggling to adjust.
As Fraser Nicol from Scott-Moncrieff says: “We live in a world of global crisis.”
If governments and regulators around the world do not ensure that effective barriers are put in place, then global cyber security will only become more precarious.
The main problem is finding the resources to efficiently and effectively stay on top of every single attack—anyone can get access to the internet or malware. Cyber-criminals are far more difficult to trace as they are less likely to leave physical evidence behind.
“Large-scale attacks could bring down corporations—even governments.”
“Even if we look back on something like WannaCry—it affected both public sector and large corporate sector organisations,” Pancholi tells Accountancy Age. “We are now so reliant on technology that, something as large-scale as WannaCry could bring down something like our central power stations, for example. The likelihood of that kind of attack is very high now.”
Steven Connors from Haines Watts adds that “many of the large national institutions – some of our biggest banks, etc. – very much rely on what are called ‘legacy systems’—old IT systems. A lot of the skills needed to manage those systems reside in an ever-decreasing number of people, and they are not as well protected because they are not modern technology. It would only take one concerted attack to spark a major crisis.”
“Certainly, large-scale attacks could bring down corporations—even governments,” Mo Stevens agrees.
However, he theorises that large-scale threats are less of a concern for accountants themselves: “What we are talking about with accountants and other small businesses is often low-level extortion, stealing, and identity theft that can go under the radar for months, conducted by lone individuals out to make a criminal living.”
With the number of cyber-attacks that happen everyday in the UK, it can often seem as if businesses are fighting an uphill battle.
The UK is leading the way in their fight against cyber-crime, but accountants need to do more to make sure they are just as aware of the existing threats and how they can deal with them.
Nonetheless, technology is here to stay and, with it, a new age of criminal activity—it is up to the board members and executives in UK businesses to piece together their long-term strategies, ensuring that both employees and clients are protected online.