Cybersafety Connections August 2021 Vol#28  

  • Cybersecurity niche fine-tuning to Social Engineering and Employee Training Plus Incidence Response and Breach Coaching.  
  • It is not a matter of “if “but “When” for cyber attacks according to cybersecurity experts.  
  • Limiting ransomware damages by hackers through preventive and detective controls.   

Microsoft 365 Stock Images

Cybersecurity Niche Fine Tunning  

When I built the blog and started blogging 7 months ago, I felt like I did not know what I was getting myself into, that I was way out of my league not being an IT professional, a developer, a programmer, or an engineer. Thank goodness for the AICPA and community of experts, the area of specialization as an accountant/CPA/CFE is becoming clearer. I don’t necessarily see myself getting lost in excel spreadsheets as an accounting and finance professional. The cybersecurity niche centers around Social Engineering and Employee Awareness Training as well as Incidence Response and Breach Coaching. We are talking about Before and After a cyberattack. This clarity would not have been possible without this podcast “In a preview of an ENGAGE 2021 panel, Journal of Accountancy senior editor Neil Amato speaks with Steven Ursillo, CPA/CITP, CGMA, partner, risk assurance and advisory national leader at Cherry Bekaert, about how firms of any size can identify, prepare for, and take advantage of cyber advisory opportunities.”  

It is Not a Matter of If but When  

Cybersecurity experts say it’s not a matter of if you get hit by a ransomware attack—it’s when. That means no industry or company is safe. I started with the belief that Small-to-Midsized Businesses (SMBS) needed more assistance with cybersecurity prevention and detection training and awareness since cyberattacks, data breaches and hacks caused 60% of SMBs casualties within six months of the attack. Small and midsized businesses lack the financial resources and skills to fight against cyberattacks. Big businesses may have the resources to pay the ransom and continue operations after a cyberattack. Does my belief still hold true?  

Limiting Ransomware Damage by Hackers  

There has been a spate of ransomware attacks with the most recent being the 4th of July holiday weekend supply chain ransomware attack on Kaseya Ltd a software provider that was the point of intrusion to hundreds of businesses in the U.S. Companies are beefing up cybersecurity and there are preventive and detective controls to put in place to limit damage from ransomware attacks. This is referring to Before and After measures. Most cyberattacks are carried out through phishing and social engineering which explains why the interest in that niche.  

Some of the preventive and detective measures are;  

  • Evaluation of Governance and Risk Management and Controls related to cybersecurity.  
  • Examination of Cybersecurity measures for network and individual systems.  
  • Readiness Planning to detect the attack and how to respond.  
  • Education and Training of employees on phishing attacks.  
  • Having Backup that is stored in a secure location.  

 This is somewhere to start. Each bullet point might be a niche that requires a different set of cybersecurity skills/expertise.We will continue to build on these basic steps.  

Subscribe to get the latest post.