march2021 - 7

COVER STORY

for financial services organizations
and CPA firms specifically. Next,
having effectively set the stage, I'll
call out a set of evolving competencies that should be top of mind for
finance firms, and walk through a
few ways for finance pros to action
them today.

TAKE A - GULP! - GOOD
LOOK AT THE NUMBERS
Just how bad is the situation with

cybersecurity right now? What are
the latest numbers in the context
of financial services organizations
generally, and CPA practices specifically? Let's start with the numbers.
* Data breaches at CPA firms have
risen by more than 80 percent in
recent years - and they've also
changed in kind. For example, more
than 40 percent of those breaches
now represent attacks involving
ransomware and/or extortion.
* Small to medium-sized accounting
f ir ms have been identif ied as
particularly compelling targets for
cybercriminals. Why? They have
access to sensitive client data,
they often serve as connectors or
gateways to larger, more prominent
organizations and they seldom have
the advanced IT infrastructure
of banks and larger f ir ms. It's
a combinat ion that has global
cybercriminals licking their chops.
* Despite the clear and present danger,
not to ment ion the increasing
frequency of cyber attacks, however,
it is the exception to the rule for
cybercrime to result in arrest and
prosecut ion. In the context of
identity theft, for example, only
one identity thief is convicted for
every 20,750 victims, according to
analysts.
Why the seeming leniency on
the part of law enforcement? The
fact is, many of these criminals
are based overseas. While the U.S.
has extradition treaties with many
countries, there are almost an
equally large number - more than
76 countries, including China and
Russia - with which we do not.
Put two and two together and the
baseline obstacles to successful
prosecution aren't difficult to spot.
None of which in any way lets
organizations off the hook, of
course. (If anything, the effect is
just the opposite.) Given that reality,
however inconsistent it may seem to
potential industry targets, what can
financial services firms do to shore

up their capabilities going forward?
That's the topic I'll turn to next.

EVOLVE YOUR
CAPABILITIES
In light of the latest developments,
this may be at the dawn of an
entirely new breed of finance professional: the finance-IT hybrid.
These professionals will bring to
the table overlapping yet separate
competencies, with skill sets
that intersect and cross-pollinate
between accounting and IT.
Yet, while the need for such
skilled professionals is clearly
quite pronounced, as we have just
discussed, where are hiring managers to find them? They aren't exactly
out there in droves, a point which
brings me to two recommendations.
First, in the interim, close
collaboration between these two
departments - finance and IT - is
going to remain essential for bestin-class risk and threat mitigation
practices today. Organizationally,
this should be a focus area.
Second, there are exciting
opportunities for seasoned finance
professionals to start evolving these
capabilities on their own, and CPAspecific training programs are one
route to get there. The American
Institute of Certified Public Accountants (AICPA) already offers several,
for example.
What can you do with this sort
of training? What does it look like
in practice?
* Audit and assess the end-to-end
state of an organization's existing
cybersecurity risk management
program, identifying any gaps and
probing for weaknesses.
* Build out more robust controls
across the finance function.
* Develop and implement advanced
training to increase the organizat io n's o v e r a l l c y b e r s e c u r it y
readiness.
* Create threat detection and response
protocols, thereby empowering key

MARCH 2021 ■

stakeholders to take action and
mitigate losses in the event of a
potential breach.
* Work consultatively with other
business heads, providing advisory
services and ensuring strategic
alignment across all areas of the
organization.
And that's just the tip of the
iceberg. As these training programs
continue to evolve and become
more sophisticated, I'm excited to
see how CPA practices and other
financial services organizations
grow and change in turn.

FINAL THOUGHTS
CPA practices, accounting firms
and financial services organizations are increasingly wise to the
ways of cybercriminals. They're
proactively partnering with IT and
business leaders to take preventative action, mitigate risk and avoid
costly breaches.
In that vein, they would also
be wise to view the latest developments in cybersecurity as not only
an emerging threat but also an
emerging opportunity. Those that
are able to demonstrate advanced
technical capabilities as part of
their core accounting function
should stand to gain a distinct
competitive advantage - in fact,
it could position them head and
shoulders above the rest.
With more than 22 years' experience in
the staffing industry, Jodi
Chavez is president of Tatum, where she oversees
the field organization and
provides direction. Jodi is
responsible for continuing
to transform Tatum into
a data-driven organizational search and consulting firm helping
clients select the key financial talent they
need to execute their business strategies.

www.CPAPracticeAdvisor.com

7
http://www.CPAPracticeAdvisor.com
march2021

Table of Contents for the Digital Edition of march2021
