cybersecurity consultant at BeforeCrypt
Share this content

Accounting databases prime target for hackers


Cybersecurity consultant Jeff Stout examines why Accounting databases are a prime target for ransomware attacks.

8th Sep 2021
cybersecurity consultant at BeforeCrypt
Share this content

Accounting firms have been some of the most severely affected by ransomware attacks. In 2019, Wolters Kluwer was hit by a ransomware attack. This not only forced the company to shut down, but also forced all of its clients to suspend their operations shortly before an important tax deadline. 

Not long after, leading Canadian accounting firm MNP had to shut down for an entire week in the aftermath of a ransomware attack. So what is it that makes accounting firms such a desirable target for cybercriminals?

A ransomware hacker’s dream

Over the past decade, we’ve enjoyed major gains in productivity by digitising and automating more and more accounting processes, but this progress comes with a price. Generally speaking, accounting databases tend to be highly centralised, with most or all of the individual workstations in an organisation having direct contact with the database. 

This presents an attractive target to hackers for a number of reasons. 

More attack vectors: Since so many workstations in an organisation interact directly with the database, there are a large number of possibilities for gaining direct access to the database. If anyone with database access uses a weak password on their remote desktop protocol or falls for a phishing attack, the hackers can quickly gain direct access to the database, temporarily crippling an organization.

Lateral spreading: Once hackers are into the database, they can then gain direct access to other parts of the network, including backups. Once backups are encrypted, it becomes much more difficult to recover without paying a ransom.

A vast trove of sensitive data: Almost all companies are dependent on IT systems to some degree, but for accounting firms cut off from their database, this is especially true. An encrypted database means work grinds to a complete halt, and managers are left with a set of very bad options; either pay the attackers, or reach out to every single client, inform them that their data has been compromised, and possibly request additional copies to start again. 

There’s also a growing trend of hackers threatening to publicise sensitive data. Many companies have improved their backup procedures to counter the growing ransomware threat, so hackers are increasingly reliant on the threat of data leaks to extort cash from victims. The global average cost of a data breach has risen in recent years to nearly $4 million USD, so this is a rather effective threat, unfortunately. 

Accounting databases are attractive to hackers for other reasons, as well— they help hackers to scout for potential victims. Hackers usually rely on a company’s financials to determine how much of a ransom they will demand. If a company keeps substantial cash reserves on hand, they know how much they’ll be able to pay. 

Sensitive data such as names, national insurance numbers, addresses, and birthdates can also be sold off to other criminals on the dark web for use in identity theft.

Countering the threat

The severity of this danger points to the great importance of cybersecurity practices for accounting firms in particular. One of the most important steps to improving security is to minimise the number of users with direct access to the database. 

The majority of ransomware hacks today utilise some form of phishing, so phishing awareness training is essential. By limiting the number of employees with direct database access, phishing awareness courses can also be more targeted and effective. 

Other important practices that form part of good database security include using strong passwords, two-factor authentication, encrypting password hashes, and automatically locking access points after more than three attempts to gain access. Monitoring database activity for any irregularities and keeping up with data on all updates and patches are also essential. 

It’s also essential to encrypt all data stored in the database. If you do, hackers may be able to shut down your operations temporarily, but they will not be able to steal any usable data, which greatly reduces the potential damage resulting from a ransomware attack. 

Some of these steps may seem inconvenient at first, but a little bit of prevention is worth a great deal of cure. Accounting firms carry a great responsibility, and with the rising tide of cyber threats, a solid cybersecurity strategy is no longer optional.


Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.