Accounting Anomalies – Indicators of a Hacker?

Share Button

Companies investigating hacks put too much emphasis on technology and too little on business analysis. Organizations should look closely into accounting anomalies as they could be indicators of a breach.  In an article by Dune Lawrence in Bloomberg Businessweek, Jeffrey Johnson, President & CEO at SquirrelWerkz and recent presenter at The U.S.-China Economic and Security Commission (USCC) said “All this time we’ve been focused on the technology layer, but it’s just a means to an end.” “What we forgot to do was to focus on the business transactions.” In 2012, Johnson was asked to examine a breach at a U.S. chemical company. An earlier investigation by the FBI concluded that Chinese hackers had penetrated the company’s network using a phishing email and gained control of servers.  

Dune Lawrence explained that as Johnson began digging into the company’s business plans and operational data, it became clear the damage was more extensive and insidious. He uncovered evidence that the hackers were intercepting inbound orders, as well as outbound e-mails with price quotes and other terms. They also tampered with the ordering system for raw materials, causing production delays, and made off with valuable research related to a line of environmental products. The likely beneficiary of all the malicious activity emerged, Johnson says, when a Chinese firm made a low-ball offer for the U.S. company after its performance began faltering as a result of the hack.

Look closely at each financial statement line item for anomalies and ask for professional help to investigate if something seems to be amiss.

Read a recent article about Phishing emails here. For more information, please contact Aronson’s Melissa Musser, CPA, CISA, at 301.231.6200.

About Melissa Musser

has written 1 post in this blog.

Melissa Musser currently serves as a Manager in Aronson’s Nonprofit & Association Services Group, with 15 years professional experience, including eight years of public accounting with both a regional and Big Four firm. Her professional experience includes five years as a manager of corporate and IT internal audit where she has implemented major transformation initiatives, such as COSO 2013, data analytics, shared service centers and information security. Melissa specializes in providing assurance and consulting services for associations, faith based organizations, independent schools, and other nonprofit service organizations.

Comments are closed.

View Archives

Blog Authors