ICAEW.com works better with JavaScript enabled.

ICAEW cyber round-up: February 2023

Author: ICAEW Insights

Published: 27 Feb 2023

In the first of a new monthly series providing ICAEW members with the most interesting cyber stories from the last month, including phishing alerts, MFA, and Cyber Essentials updates.

Cyber news: phishing on the rise; Twitter ends SMS authentication; Malicious XLLs

As SNP MP Stewart McDonald shared how his emails got hacked by a Russian group, it’s a timely reminder that phishing attacks are becoming more targeted and more sophisticated. Finance professionals are particularly at risk of this type of attack, because of the often valuable information they have access to, that hackers could use to make substantial financial gains. The National Cyber Security Centre (NCSC) has shared more information on this type of attack, and what to look out for.

Meanwhile, multi-factor authentication (MFA) has been in the news recently, as Twitter has announced that SMS authentication will be disabled for the majority of users next month. Having some sort of additional authentication on your social media accounts is strongly recommended, so this article from the Guardian explores what alternatives are available.

The NCSC has also recently warned of the risk posed by malicious Excel add-ins, or XLL files. Hackers have moved away from using Excel macros to carry out attacks since Microsoft largely blocked macros from untrusted sources last year. ICAEW Excel Community contributor Simon Hurst explores a bit more about what this means for Excel users.

And as ChatGPT continues to draw attention from a cyber perspective, what impact will chatbots have on cybersecurity? Can we rely on the same defences as before, or is a different approach required?

Threats and risks: hospitality and charities on alert

NCSC has issued an alert to the hospitality sector. Criminals are increasingly targeting restaurants and hotels, posing as IT providers in an attempt to gain access to their systems and steal customer data. Ensuring appropriate MFA is in place, as well as training all staff to be aware of the risks and how to identify genuine IT suppliers, will play a key role in reducing the risk.

A Cyber Threat Report for the UK Charity Sector has also been published, exploring current threats to the sector, and how charities can get help.

For more current issues, read the latest NCSC Threat Report here.

Cyber security updates: Cyber Essentials updated; 10 steps to cyber security

An important update is coming to the Cyber Essentials and Cyber Essentials Plus certification programmes, which should ensure they continue to meet the requirements of UK businesses. Launched at Chartered Accountants’ Hall in 2014, Cyber Essentials sets out a core set of security requirements that organisations can be certified against. This year, the technical requirements are being updated in April, with more details on the NCSC website.

As more and more organisations turn to low- and no-code technology solutions, it’s worth being aware of the top 10 security and privacy risks associated with low/no-code development platforms.

Finally, as ever, NCSC’s 10 Steps to Cyber Security remains a useful guide for organisations of all sizes to ensure they are protected.

Webinar on-demand

Watch our recent webinar, Why cyber security makes good business sense, featuring the latest insights from City of London Police and the Love Business Hate Fraud campaign.

Got an interesting cyber story for us? Email ian.pay@icaew.com

Recommended content

Podcasts
Accountancy Insights Podcast
Accountancy Insights Podcast

Hear a panel of guests dissect the latest headlines and provide expert analysis on the top stories from across the world of business, finance and accountancy.

Find out more
Newsletter
A megaphone
Stay up to date

You can receive email update from ICAEW insights either daily, weekly or monthly, subscribe to whichever works for you.

Sign up
Daily summaries
Three yellow pins planted into a surface in a row
News in brief

Read ICAEW's daily summary of accountancy news from across the mainstream media and broader financing sector.

See more
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250