Securities and Exchange Commission (SEC) has issued a press release and reporting advising public companies to review and recalibrate internal accounting controls to consider cyber threats. SEC stated the report is based on an investigation of business email compromises (BECs), more commonly known as “spearphishing” (targeted electronic messages tricking users to share confidential information) attacks, at nine public companies across a broad range of industries that resulted in a cumulative loss of almost $100 million. The SEC communicated that the frauds lasted up to nine months in some cases and the attackers posed as company executives or vendors and often were detected only after intervention by law enforcement or other third parties.
There are several controls that are very effective ways to help thwart attacks of this type, including performing proactive test spearphishing, internal penetration testing, advanced user security awareness training and implementing security monitoring agents that react to anomalies and watch the data traffic and alert your cybersecurity team. For more information on how to implement these controls and the processes and scope of work needed to have real assurance of operating effectiveness, contact our experience CyberSecurity experts here.
To see the full report…. https://www.sec.gov/news/press-release/2018-236
Carl Cadregari is an executive vice president based out of our Rochester, NY office.
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.