• Current students
      • Student centre
        Enrol on a course/exam
        My enrolments
        Exam results
        Mock exams
      • Course information
        Students FAQs
        Student induction
        Course enrolment information
        F2f student events
        Key dates
        Book distribution
        Timetables
        FAE elective information
        CPA Ireland student
      • Exams
        CAP1 exam
        CAP2 exam
        FAE exam
        Access support/reasonable accommodation
        E-Assessment information
        Exam and appeals regulations/exam rules
        Timetables for exams & interim assessments
        Sample papers
        Practice papers
        Extenuating circumstances
        PEC/FAEC reports
        Information and appeals scheme
        Certified statements of results
        JIEB: NI Insolvency Qualification
      • CA Diary resources
        Mentors: Getting started on the CA Diary
        CA Diary for Flexible Route FAQs
      • Admission to membership
        Joining as a reciprocal member
        Admission to Membership Ceremonies
        Admissions FAQs
      • Support & services
        Recruitment to and transferring of training contracts
        CASSI
        Student supports and wellbeing
        Audit qualification
        Diversity and Inclusion Committee
    • Students

      View all the services available for students of the Institute

      Read More
  • Becoming a student
      • About Chartered Accountancy
        The Chartered difference
        Student benefits
        Study in Northern Ireland
        Events
        Hear from past students
        Become a Chartered Accountant podcast series
      • Entry routes
        College
        Working
        Accounting Technicians
        School leavers
        Member of another body
        CPA student
        International student
        Flexible Route
        Training Contract
      • Course description
        CAP1
        CAP2
        FAE
        Our education offering
      • Apply
        How to apply
        Exemptions guide
        Fees & payment options
        External students
      • Training vacancies
        Training vacancies search
        Training firms list
        Large training firms
        Milkround
        Recruitment to and transferring of training contract
      • Support & services
        Becoming a student FAQs
        School Bootcamp
        Register for a school visit
        Third Level Hub
        Who to contact for employers
    • Becoming a
      student

      Study with us

      Read More
  • Members
      • Members Hub
        My account
        Member subscriptions
        Newly admitted members
        Annual returns
        Application forms
        CPD/events
        Member services A-Z
        District societies
        Professional Standards
        ACA Professionals
        Careers development
        Recruitment service
        Diversity and Inclusion Committee
      • Members in practice
        Going into practice
        Managing your practice FAQs
        Practice compliance FAQs
        Toolkits and resources
        Audit FAQs
        Practice Consulting services
        Practice News/Practice Matters
        Practice Link
      • In business
        Networking and special interest groups
        Articles
      • Overseas members
        Home
        Key supports
        Tax for returning Irish members
        Networks and people
      • Public sector
        Public sector presentations
      • Member benefits
        Member benefits
      • Support & services
        Letters of good standing form
        Member FAQs
        AML confidential disclosure form
        Institute Technical content
        TaxSource Total
        The Educational Requirements for the Audit Qualification
        Pocket diaries
        Thrive Hub
    • Members

      View member services

      Read More

      Members

      View member services

      Read More
  • Employers
      • Training organisations
        Authorise to train
        Training in business
        Manage my students
        Incentive Scheme
        Recruitment to and transferring of training contracts
        Securing and retaining the best talent
        Tips on writing a job specification
      • Training
        In-house training
        Training tickets
      • Recruitment services
        Hire a qualified Chartered Accountant
        Hire a trainee student
      • Non executive directors recruitment service
      • Support & services
        Hire members: log a job vacancy
        Firm/employers FAQs
        Training ticket FAQs
        Authorisations
        Hire a room
        Who to contact for employers
    • Employers

      Services to support your business

      Read More
☰
  • Find a firm
  • Jobs
  • Login
☰
  • Home
  • Knowledge centre
  • Professional development
  • About us
  • Shop
  • News
Search
View Cart 0 Item

Members

☰
  • Members Hub
  • Members in practice
  • In business
  • Overseas members
  • Public sector
  • Member benefits
  • Support & services
  • Home/
  • Members/
  • Members in practice/
  • Toolkits and resources/
  • Helpsheets/
  • Cyber security
☰
  • Members in practice
  • Going into practice
  • Managing your practice FAQs
    • Practice management
    • Strategic leadership
    • Develop your firm
    • Members' complaints adviser
  • Practice compliance FAQs
    • Practice compliance services
    • Audit compliance and investment business review
    • Workshops and professional training with a difference
  • Toolkits and resources
    • Helpsheets
      • Helpsheets archive
      • Buying, selling and merging your practice
      • Alternate arrangements
      • Cyber security
    • Practice Matters
      • Practice Matters articles
    • Practice News webinars
      • All Practice News webinars
    • Practice Consulting CPD webinars
  • Audit FAQs
  • Practice Consulting services
    • Testimonials
    • Our team
    • Free services
    • Practice networks
    • Members in practice committee
    • Practice consulting fees
    • Terms of business
    • Other client services
      • Abhaile Scheme
  • Practice News/Practice Matters
  • Practice Link
    • Practice Link application

Cyber security

Cybercrime and the steps to take to counteract a cyber attack

What is cybercrime

By 2023 almost one in five Irish businesses have experienced a cyber attack or data breach, according to new research by professional services firm Aon. Cyber attacks are the malicious attempts to damage, cause disruption, gain unauthorised access to computer systems, networks or devices via cyber means. Most cybercrime is committed by cybercriminals or hackers who want to make money. However, occasionally cybercrime aims to damage computers or networks for reasons other than profit. Far too often, successfully managing cyber risk only becomes a priority after a cyber incident has occurred.

Cybercime is becoming more prevalent since the Covid-19 Pandemic, the adoption of hybrid and remote working across many organisations introduces new challenges as employees can access company networks from a various locations and devices. This in turn provides hackers with new opportunities to exploit weaknesses in software, hardware and people actions. Also economic and geopolitical disruption in (global increase in cost of living, Russian/NATO tension, climate emergency and energy security)  recent years has also led to the increase in Cybercrime. The HSE became all too aware of this issue when they were subjected to a cyberattack in May 2021. It resulted in months of disruption in the health service.

Prior to the Covid-19 pandemic cybercrime was present but were we all aware of the disruption it could cause. My colleague Conal Kennedy wrote an article titled The growing threat of Cybercrime to accounting practices in the February 2017 edition of Practice Matters. Subsequent to this, the HSE attack in 2021 caused people to sit up and ask could this affect them. The reality is that any organisation no matter what size could be subjected to a cyber attack. The response of the Government and business to this threat for a long time had been inadequate, leaving them often to play catchup in the wake of attacks. But there are signs Government agencies and society in general are starting to address get a handle on the issue with more urgency. Much of this has been led by the National Cyber Security Centre (NCSC), an agency that was found badly under-resourced after the HSE attack.

This article sets out the major types of cybercrime and some steps firms should take to prevent a cyber attack.

Types of cybercrime

The three most common types of cybercrime include:

Email and internet fraud, otherwise known as phishing. (Phishing campaign messages may contain infected attachments or links to malicious sites, or they may ask the receiver to respond with confidential information). Research conducted by IBM states that 41% of cyber attacks start with phishing. The emails may not personalised, contain incorrect grammar and spelling mistakes. 

We all think it won’t happen to us, but for example, during a busy tax deadline an email arrives you click on the email and then realise once you have done this it is a phishing email.  However, it is too late you have passed on confidential information, and this could result in weeks of disruption, culminating in a significant loss of income to the firm. 47% of organisations suffer reputational damage after a phishing attack (source: Egress’s email security Risk Report 2023)

In April 2023 Bank of Ireland issued a warning to its customers in respect of fraudulent e-flow messages that many of them were receiving.  The fake message was requesting that individuals pay their travel toll charges.  The link in the message brought people to a fake site and in turn allowed the hackers to collect personal information and monies from individuals.

Ransomware attack/cyberextortion (demanding money to prevent a threatened attack). The hackers have infiltrated your system and all computers in your office have been attacked, you can no longer access your system and clients’ data.  The hackers are demanding a ransom to be paid within a number of hours or your data will be destroyed or released on the darknet.  You need to make the decision whether to pay this amount, normally in cryptocurrency, to the hackers.  In 2022 64% of organisations that were infected with ransomware paid the ransom. One important point to be aware of:, once you pay the ransom the hackers, who operate on the Dark Web, can in turn post your details and you could be subjected to another attack.

The biggest ransomware cyberattack in Ireland to date was on 14 May 2021, in which the HSE suffered a major cyber-attack that caused all its IT systems nationwide to shut down, resulting in months of disruption for the Health Service.  More recently in February 2023 Munster Technological University in Cork also suffered a ransomware cyber attack. The University refused to pay the ransom and the gang knowns as “Blackcat” who allegedly stole 6GB of data, released this to the Dark Web.  The University secured a High Court injunction to prevent the sale and public use of this data.  In addition, the attack caused many days of disruption for the University and its’ students.  

A malware attack is where a computer system or network is infected with a computer virus or other type of malware. A computer compromised by malware could be used by cybercriminals for several purposes. These include stealing confidential data, using the computer to carry out other criminal acts, or causing damage to data. Again, a malware attack can cause significant disruption to firms, as you will require the services of professionals to destroy the viruses, resulting in significant financial and time loss for the firm.

Other types of cybercrime

Other types of cybercrime include:

  • Cyberespionage hackers access government or company data,
  • Identity fraud where personal information is stolen and used,
  • The theft of financial or card payment data and theft and sale of corporate data.
  • Password infiltration- 96% of the most common passwords can be predicted by hacking tools in less than one second.

Cybersecurity steps you should take

Effective cybersecurity in the workplaces is essential to reduce the risks of cyber-attacks and threats. Staff education-in the area of cybercrime/security is key. Organisations should have their own processes and procedures in place. These should include

  • Regular monitoring of systems
  • Use and update anti-virus software
  • Using data breach detection tools and
  • Testing system vulnerabilities.

It is important to be aware that, even with all the correct procedures in place, an attack is still possible. Don’t ever think it can’t happen to your firm.  

Your staff are your biggest asset. However, research conducted notes that 95% of cyber security breaches are as a result of human error. Once they are educated and vigilant they can help you  to can prevent cyber-attacks. They should be taught to follow the firms guidance and report anything suspicious immediately.  Ensure they are trained to

  • Use strong passwords, and change these regularly, a strong password is over 13 characters in length and contains letters (upper and lower cases), numbers and symbols. It is important that the passwords are changed regularly
  • Notice a change in passwords not authorised by them
  • Never open attachments in spam emails or emails from people you do not know.
  • Do not click on links to untrusted websites or websites that you are not familiar with.
  • Never give out confidential personal information unless the link is secure
  • Contact companies directly about suspicious requests, if you become suspicious that a client/company is requesting personal information make sure to pick up the phone and contact them.
  • Report immediately to the IT team or IT provider if their computer is running slowly, notice deletion of computer files not carried out by them or find payments that were not authorised by them.
  • Training in itself is not sufficient, of course. It is important that you test your controls. Carry out regular reviews of compliance. Engage with IT professionals to send test phishing emails to your firm and review the results.

Another protection that cybersecurity insurance is something firms should be considering. Many policies pay out for ransomware attack . To date we understand that there have been no claims by third parties such as clients of firms in relation to cybercrime in Ireland. The main policy claims relate to ransomware/damage to the system. However, with cyber-attacks on state agencies already resulting in breaches of data, this too could happen to smaller/medium firms. You may not suffer a direct financial loss because of the breach, but third parties may want compensation if their data has been compromised.

So in summary the importance of effective, up-to-date, cyber security cannot be overstated and it is important you take a threat of a cyber attack seriously. Staff awareness is crucial and can prevent a possible cyber-attack. The key is to be vigilant as a cyber attack can cause a significant loss of profits and weeks or even months of disruption to a firm and significant reputational damage. So therefore STOP, THINK and CHECK and don’t be afraid to report something to your IT department or IT provider, as your prompt actions could protect you.

The latest news to your inbox

Please enter a valid email address You have entered an invalid email address.

Useful links

  • Current students
  • Becoming a student
  • Knowledge centre
  • Shop
  • District societies

Get in touch

Dublin HQ

Chartered Accountants
House, 47-49 Pearse St,
Dublin 2, D02 YN40, Ireland

TEL: +353 1 637 7200
Belfast HQ

The Linenhall
32-38 Linenhall Street, Belfast,
Antrim, BT2 8BG, United Kingdom

TEL: +44 28 9043 5840

Connect with us

Something wrong?

Is the website not looking right/working right for you?
Browser support
CAW Footer Logo-min
GAA Footer Logo-min
CCAB-I Footer Logo-min
ABN_Logo-min

© Copyright Chartered Accountants Ireland 2020. All Rights Reserved.

☰
  • Terms & conditions
  • Privacy statement
  • Event privacy notice
  • Sitemap
LOADING...

Please wait while the page loads.