Nick Stride | August 2022
This article was current at the time of publication.
Accountants and their clients need to be on high alert to threats from cybercriminals. CPA Australia has a range of cyber security resources to help.
Cyberattacks rose sharply in the first quarter of 2022, and the Financial Markets Authority (FMA) is advising financial services firms to make cybersecurity a priority.
Government cybersecurity body CERT NZ recorded 2333 incidents in the March quarter.
Of the 167 affected organisations, 91 were reported by financial and insurance services firms.
At the CYBERUK 2022 conference in May, NZ National Cyber Security Centre (NCSC) Director Lisa Fong called a doubling of attacks by non-state actors the “top of the worry list” for New Zealand.
[These are ] “sophisticated tools in the hands of criminally motivated actors, which is a real change from earlier years,” Fong said.
In 2020-21 the NCSC recorded a 15 per cent rise in “incidents with a national impact” – broadly, those with a potentially high impact or affecting organisations of national significance such as financial institutions or those operating critical infrastructure.
Of the incidents reported to CERT NZ, the largest category of attacks was “phishing and credential harvesting” with 1370 incidents. Scams and frauds ranked second at 565 attacks and malware third at 228.
Phishing and new threats
Phishing tries to mimic authentic communication from a trusted source, usually through an email or short messaging service.
It’s low-cost, doesn’t require significant technical ability, and targets thousands of recipients rather than individuals. It relies on a few falling into the trap by exploiting emotional responses such as fear or urgency or using current events such as the Covid-19 pandemic to make communication seem plausible.
The FMA is reminding organisations under its regulatory umbrella that the terms of their licences require them to manage technology risks.
It says there “appear to be shortcomings in the cyber resilience and operational systems” among entities it licences, including underinvestment in technology and use of unsupported or legacy systems.
Financial Markets Conduct Act 2013 (the Act) entities licensed by the FMA must “have at all times adequate and effective systems, policies, processes and controls that are likely to ensure you will meet your market services licensee obligations in an effective manner”.
Souped-up protection for financial advisers
For financial advice providers, the FMA’s licence conditions prescribe specific obligations for business continuity and technology systems.
These include implementing information security that includes safeguarding the integrity, confidentiality, and availability of client information.
Auditors also fall under the FMA umbrella if they perform audits on the Act’s reporting entities such as NZX-listed companies, banks, insurers and credit unions.
The FMA recommends entities self-evaluate their cyber resilience against the US National Institute of Standards and Technology Cybersecurity Framework.
At a minimum, CERT NZ advises all firms to protect themselves by implementing two-factor authentication (2FA).
It says the international consensus is that nearly all account compromise attacks would be thwarted if 2FA was used.
“[0ur] data shows that in the first quarter of this year alone over 65 per cent of compromised accounts … could have been prevented if they had 2FA in place.”
The agency is also warning businesses and individuals to ensure they use strong passwords.
Business Technology Report 2023: AI and cybersecurity
5 September 2023 | Do businesses that adopt AI outperform those that don’t?
Published on19 min read time
IRD pushes into data matching to tackle black economy
Six-monthly merchant transaction information needed from banks and other payment providers
Protect your small business from cyber criminals
17 October 2022 | What you need to know about data breaches, email phishing scams and the importance of cyber insurance
Published on15 min read time
Why small business needs to understand cybersecurity risks
17 September 2021 | Expert advice you can action today
Published on32 min read time
Discussing CPA Australia’s Business Technology Report 2022
22 August 2022 | The findings are good news for those investing in technology and upskilling
17 min read time
Technology and cybersecurity
Technology improves business efficiency, cuts costs, improves service delivery and maximises profitability