The Growing Threat of Ransomware What Accountants, Their Clients, and Security Professionals Need to Know

Authors

  • Patrick Ryle
  • Robin Hicks
  • Kenneth Shemroske
  • Mark McKnight University of Southern Indiana
  • Brett Bueltel

Abstract

Objectives This paper is designed to prepare accountants to meet the dangerous challenges posed by ransomware. Prior Work Business operating conditions concerning ransomware have never been more dangerous. In confronting these dangers, prevailing data protection regimes have proven frighteningly inadequate. This paper explores ransomware’s potential impact, and the institutional, organizational, and cultural approaches necessary in the preparation and prevention of such attacks. Approach This paper presents a review of the development of the threat of ransomware outlines several steps accountants can take to prevent such incidents from occurring, and outlines steps accountants can take after a security failure in the face of a ransomware attack. This paper highlights the importance of devoted preparedness., Results This paper implores accountants to take the threat of ransomware seriously, to understand that cyber-attacks are unpredictable and that the time to prepare is now. Implications We examine post-incident mitigation considerations and the ongoing organizational, professional, reputational, and financial consequences of a successful ransomware attack. Value This paper’s contribution provides an examination of ransomware awareness, steps that must be taken in preparation, and the costs of failure in a context unique to accounting and tax professionals.

References

Abrams, L. (2020), “Leading accounting firm MNP hit with cyberattack”, available at: https://www.bleepingcomputer.com/news/security/leading-accounting-firm-mnp-hit-with-cyberattack/ (accessed 13 August 2020).

Anderson, E. (2020), “January report identified BST as hacking victim”, available at: https://www.timesunion.com/business/article/Computer-breach-exposes-some-Community-Care-15067744.php (accessed 9 September 2020).

Bose, R. (2019), "How can airlines protect their customers and data from evolving cyberthreats?", available at https://securityintelligence.com/posts/how-can-airlines-protect-their-customers-and-data-from-evolving-cyberthreats/ (accessed 7 June 2020).

Cheng, C., Flasher, R., and Higgins, J. P. (2019), “Accounting firm data breaches: One state’s records”, available at: https://www.journalofaccountancy.com/issues/2019/jun/accounting-firm-data-breaches.html (accessed 7 June 2020).

Choong, P., Hutton, E., Richardson, P. S., and Rinaldo, V. (2017), “Protecting the brand: Evaluating the cost of security breach from a marketer's perspective”, available at https://www.articlegateway.com/index.php/JMDC/article/view/1644/1561 (accessed 8 January 2021).

Cohn, M. (2019), “IRS offers guidance to CCH users on tax extensions after outage”, available at: https://www.accountingtoday.com/news/irs-offers-guidance-to-wolters-kluwer-users-on-tax-extensions-after-cch-outage (accessed 9 August 2020).

Coveware (2020), “Ransomware costs double in Q4 as Ryuk, Sodinokibi proliferate”, available at: https://www.coveware.com/blog/2020/1/22/ransomware-costs-double-in-q4-as-ryuk-sodinokibi-proliferate (accessed 9 August 2020).

Cropley, J. (2020), “Class-action lawsuits sought over community care physicians data breach”, available at: https://dailygazette.com/2020/06/17/class-action-lawsuits-sought-over-community-care-physicians-data-breach/ (accessed 11 August 2020).

Davis, J. (2019), “Ransomware costs on the rise, causes nearly 10 days of downtime”, available at: https://healthitsecurity.com/news/ransomware-costs-on-the-rise-causes-nearly-10-days-of-downtime (accessed 7 June 2020).

Dev, A. and Rao, V. (2018), “Quantification of cybersecurity risk”, available at

https://rmajournal.org/rmajournal/april_2018/MobilePagedArticle.action?articleId=1364305#articleId1364305 (accessed 8 January 2021).

Diana, C. (2020), “Another class action suit filed over BST, community care ransomware attack”, available at: https://www.bizjournals.com/albany/news/2020/08/05/bst-community-care-ransomware-lawsuit.html (accessed 9 September 2020).

Fazzini, K. (2019), “A malware attack against accounting software giant Wolters Kluwer is causing a ‘quiet panic’ at accounting firms”, available at: https://www.cnbc.com/2019/05/08/wolters-kluwer-accounting-giant-hit-by-malware-causing-quiet-panic.html (accessed 7 September 2020).

Francis, R. (2016), "The history of ransomware", available at https://www.csoonline.com/article/3095956/the-history-of-ransomware.html (accessed 7 June 2020).

Katyal,N. K. (2001), “Criminal law in cyberspace”, 149 University of Pennsylvania Law Review, pp. 1074-1075.

Kovacs, E. (2019), “Information services giant Wolters Kluwer hit by malware attack”, available at: https://www.securityweek.com/information-services-giant-wolters-kluwer-hit-malware-attack (accessed 7 September 2020).

McAndrew, E. J., Phan, K., and Sargsian, Z. A. (2017), “FTC settles GLBA enforcement action against TaxSlayer stemming from 2015 data breach”, available at: https://www.natlawreview.com/article/ftc-settles-glba-enforcement-action-against-taxslayer-stemming-2015-data-breach (accessed 7 June 2020).

Morgan, S. (2017), “Cybercrime damages $6 trillion by 2021”, available at: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/ (accessed 7 June 2020).

Ng, A. (2017), “Malware now comes with customer service”, available at: https://www.cnet.com/news/ransomware-goes-pro-customer-service-google-25-million-black-hat/ (accessed 7 June 2020).

O'Neill, P. H. (2020), “Ransomware may have cost the US more than $7.5 billion in 2019”, available at: https://www.technologyreview.com/2020/01/02/131035/ransomware-may-have-cost-the-us-more-than-75-billion-in-2019/ (accessed 9 August 2020).

Phan, K., & Morehead, K. (2020), “FTC holds workshop on GLBA

safeguards rule”, Consumer Finance Monitor, available at: https://www.consumerfinancemonitor.com/2020/07/20/ftc-holds-workshop-on-glba-safeguards-rule/ (accessed 17 September 2021).

Popper, N. (2020), “Ransomware attacks grow, crippling cities and businesses”, available at: https://www.nytimes.com/2020/02/09/technology/ransomware-attacks.html (accessed 7 June 2020).

Raver, C. M. (2019), “A ransomware attack could devastate your company. Will your insurance cover it?”, available at https://www.natlawreview.com/article/ransomware-attack-could-devastate-your-company-will-your-insurance-cover-it (accessed 6 June 2020).

Rule, C. (2019), “The confidentiality of a client’s tax return information”, available at: https://www.cpajournal.com/2019/11/05/the-confidentiality-of-a-clients-tax-return-information/ (accessed 5 July 2020).

Ryle, P.M., Jie, K.Y., and Gardiner, L. R. (2021). “Gramm-Leach-Bliley gets a systems upgrade: What the FTC’s proposed safeguards rule changes mean for small and medium American financial institutions”, The EDP Audit, Control, and Security Newsletter, available at https://www.tandfonline.com/doi/abs/10.1080/07366981.2021.1911387 (accessed September 16, 2021).

SANS Security Awareness. (2017), “Passwords”, available at: https://www.sans.org/security-awareness-training/ouch-newsletter/2017/passphrases (accessed 7 June 2020).

Schlesinger, J. and Day, A. (2018), “Cybercriminals now targeting tax pros to cash in on fraudulent returns”, available at: https://www.justice.gov/tax/stolen-identity-refund-fraud (accessed 7 June 2020).

Schultz, T. (2019), “The ROI of security awareness training”, available at: https://www.infosecinstitute.com/blog/the-roi-of-security-awareness-training/ (accessed 5 July 2020).

Security Magazine. (2019), “Cost of ransomware related downtime increased more than 200 percent”, available at: https://www.securitymagazine.com/articles/91107-cost-of-ransomware-related-downtime-increased-more-than-200-percent (accessed 11 August 2020).

Sheridan, B. (2015), “Cyber liability: A growing concern for CPA firms”, available at: https://www.macpa.org/cyber-liability-a-growing-concern-for-cpa-firms/#0 (accessed 7 June 2020).

Solomon, H. (2020), “Toronto accounting firm hit by ransomware”, available at: https://www.itworldcanada.com/article/toronto-accounting-firm-hit-by-ransomware/432049 (accessed 11 August 2020).

Thakur, K. (2018), “Test your cybersecurity knowledge”, available at: https://www.njcu.edu/about/blog/2018/08/final-exam (accessed 11 August 2020).

The Wall Street Journal. (2015), “Security expert Marc Goodman on cyber crime”, available at: https://deloitte.wsj.com/cio/2015/05/12/security-expert-marc-goodman-on-cyber-crime/ (accessed 5 July 2020).

Whitney, L. (2020) “Honeypot reveals tactics used by cybercriminals to deploy ransomware,” available at: https://www.techrepublic.com/article/honeypot-reveals-tactics-used-by-cybercriminals-to-deploy-ransomware/ (accessed 4 July 2020)

Downloads

Published

2023-12-29

How to Cite

Ryle, P., Hicks, R., Shemroske, K., McKnight, M., & Bueltel, B. (2023). The Growing Threat of Ransomware What Accountants, Their Clients, and Security Professionals Need to Know. The Journal of Accounting and Management, 13(3), 55–74. Retrieved from https://dj.univ-danubius.ro/index.php/JAM/article/view/2025

Issue

Section

Articles