Industry Insights

How Payroll Companies Can Reduce Risk of a Cyberattack

January 31, 2022


Alon Mantsur

CEO, Cybrella

How Payroll Companies Can Reduce Risk of a Cyberattack

Payroll companies are no stranger to being cybersecurity targets and victims. When large profile cyberattacks make the headlines, businesses and their customers notice. The splashy headline serves as a notice, and then it all fades into the background until the following high profile hit. The residual problem is that hacks and breaches in a payroll company's cybersecurity can have effects and problematic consequences that last months after the attack.

Ultimate Kronos Group's workforce management software service (Kronos Private Cloud), which serves small businesses to large corporations nationwide, suffered a ransomware attack in December 2021. Thousands of its customers' employees reported right away that their paychecks were short by hundreds and thousands of dollars. Kronos stated that they expected (at the time) to be back online by the end of January 2022.

Even if that happens, the problems this cybercrime caused will undoubtedly continue for months to come. Already employers using the cloud-based service have struggled to manage schedules and track hours. That means the various HR departments will have to put in additional effort to manually reconcile records pre- and post-attack. This backlog could also create delays in issuing W-2s and other tax-based activities. And we haven't even mentioned the damage to the reputation of Kronos and their clients' companies.

Uptick in Cybercrime During Pandemic

The Kronos attack is a perfect example of how bad an attack on a payroll company can be. Not only did the attackers gain monetarily, but they also accessed mountains of sensitive data (e.g., financial and health information) that could either be harvested for more attacks or sold on the Dark Web to other criminals.

Payroll companies have been embracing the use of cloud-based software-as-a-service (SaaS) technologies for some time. They offer many financial and operational benefits due to their ease of use. This has been especially true during the COVID-19 lockdowns, where working remotely was a matter of survival. Many companies place themselves at risk when not implementing proper cybersecurity measures to their newly created cloud-based services and solutions. Because payroll services are rich criminal targets, if one company suffers a successful data breach, it is the equivalent of attacking multiple companies. In fact, the overall financial services industry was the most attacked in 2020, making up 23% of all cyber attacks.

The pandemic caused companies to transition to remote workforces and gifted cybercriminals with an uptick in targets: people living, working, and playing online more than ever.

Common Cybersecurity Threats Payroll Industry Faces

The payroll industry is a lucrative target for cybercriminals. Just in the United States alone, the industry is worth $58.3 billion. That makes them more vulnerable to cybersecurity threats because they store sensitive data about their employees, such as social security numbers, bank account information, and salary information. Payroll companies need to understand the cyber threats they are at risk of encountering. They can include:

Software Supply Chain Attacks target software to gain access to source code, so attackers can manipulate and distribute malware to control or disrupt applications and accounts. As part of larger financial and administrative systems and processes, payroll companies are vulnerable to these types of attacks because they must possess high amounts of personally identifiable information (PII) to maintain their functionality. Stolen PII data is then used to form attacks.

· 66% of Supply Chain Attacks exploit customers' trust in their suppliers.
· The number of software supply chain attacks tripled in 2021.

Ransomware is malware that encrypts files on devices and renders any files and the systems that rely on them unusable. Malicious actors then demand ransoms in exchange for decryption, and they don't care who or when they hit. (Just before last Christmas, GameStop and Whole Foods employee paychecks were impacted by a ransomware attack.)

· The average cost of a Ransomware attack is $1.8 Million and was forecasted to be $20 Billion by the end of 2021.
· In 2021, a ransomware attack occurred about every 11 seconds.

Data Breaches are incidents where sensitive, proprietary, confidential information, including PPI, is stolen or taken without the knowledge or authorization of the system's owner. This can occur on-premise or in the cloud.

· The average cost of a data breach is $4.24 Million. Q3 2021 recorded up to $281 Million lost.
· 48% of businesses store sensitive data on cloud-based services and platforms.
· Breached and stolen customer records and accounts are in the millions.

IoT and Remote Services are mechanical and digital device systems (smartphones, tablets, PCs) interrelated and connected to apps, smart home appliances, objects, animals, or people. In 2021 there were 1.51 billion breaches of Internet of Things (IoT) devices. With the rise in the remote workforce, employees increasingly use any number of devices to access their payroll and administrative services.

· 57% of IoT & Remote Services are vulnerable to medium or high-severity attacks.
· IoT devices average of 5,200 cyberattacks every month.

Why Cybercriminals Target the Payroll Industry

The Kronos attack affected large organizations like FedEx, PepsiCo, Whole Foods, and public entities such as Prince George's County, Maryland, and the University of Utah.

But cybercriminals don't only target large companies like Kronos. From November 2018 to January 2019, KPMG Mexico, a payroll service provider, had 41 clients' payroll data exposed from an unsecured database.

And you don't have to be the direct target of a cybercrime attack for your company or your customers to be impacted. For example, in November 2019, a thief broke into a car and stole a hard drive containing payroll data that included names, bank account details, and the last four digits of social security numbers of 29,000 current and former Facebook employees. In January 2020, the Meadville Medical Center's payroll system was breached in Pennsylvania, exposing employees' and dependents' personal data and information.

It's beyond a doubt that if payroll companies do not reconfigure their security measures to adjust to the new cybersecurity needed for the technologies of today and the future, they put themselves at risk. In fact, payroll companies offer cybercriminals much in the way of being prime targets.

Cybercriminals hide fraud in the noise of large amounts of financial transitional traffic and gain from payroll companies breaches. The Kronos attackers did not go for the big score — they chose to take just a small amount of money from many paychecks hoping people would not notice slight deviations.

But there can be more to an attack than smashing and grabbing cash. Payroll companies have some of the highest concentration of personal data available, like PPI. Some payroll companies also offer insurance and health care administration; not only are personal details like names, addresses, and banks available, health and even tax details are there for the taking.

Criminals who access such a high quantity and quality of sensitive data have the perfect storm for fraud opportunities for days and months. Cyberattacks are costly, and the recovery efforts can last for months.

How to Reduce the Risk of a Successful Cyberattack

Through years of experience in the field, Cybrella has learned that many payroll companies are not sufficiently versed in the best practices (or cyber hygiene) necessary to ensure the safe handling of cloud and network exposure, access management, and critical data.

Small payroll companies struggle with cyber hygiene often due to staffing limitations. In many cases, they don't have the capacity or specialization to implement a comprehensive cybersecurity program, leaving their systems vulnerable to cyberattacks.

The first step in any cybersecurity journey should be to develop a cybersecurity framework to follow, such as that developed by the National Institute Standards of Technology (NIST).

Cybrella NIST Cybersecurity Framework

A company can achieve this framework by implementing these four critical elements:

1. Build a Company-Wide Cybersecurity Program

Payroll companies who think that security means simply setting up software firewall, antivirus and spam control software are wrong. Payroll companies need high-level planning and execution expertise to develop company-wide cybersecurity programs that identify new and existing risks and vulnerabilities, prioritize them, then create a plan to fix, enhance, and train staff.

Typically, a Chief Information Security Officer, or CISO, is the best bet for overseeing detailed and effective cybersecurity program planning and implementation. But a full-time CISO can be expensive for most smaller companies, and genuinely effective ones may be hard to find due to the shortage of talent in Information Security.

Instead, payroll companies can be better served by partnering with a company that offers a CISO As a Service program specially designed to assist small-to-medium businesses in developing a right-sized security program that integrates all aspects of cybersecurity and can grow over time as needed.

2. Conduct Security Assessment

Perform deep-dive security assessments of the company's existing IT solutions, especially new technologies like cloud-based) that can identify risks and vulnerabilities before they become a reality. Use the risk assessment to help develop and have ready mitigation plans should a cyber threat occur.

3. Monitor and Manage

A Security Operations Center (SOC) helps businesses monitor their online security and protect themselves from potential cyberattacks by providing round-the-clock environment monitoring. SOCs cover a wide range of digital assets, such as personal data and trade secrets. Like CISOs, these can be expensive and out of reach for some smaller payroll companies but can be outsourced to a third party.

Security Operations Center service (SoC As a Service).

4. Implement Incident Response Plan

Once IT solutions and infrastructures are deployed, return to your security program framework to develop and execute processes and procedures for incident response plans, playbooks, and remediation plans to keep track of environments. Make sure to use Lesson Learned sessions to improve security programs continuously.

Cybrella Can Help You Stay Cyber Secure

These are just a few ways a company can reduce the risk of a cyberattack. If you're a payroll company that doesn't want to become a victim of cybercrime, Cybrella has the experience and knowledge to help you protect your company. Cybrella provides cutting-edge cybersecurity solutions that include cyber risk management, security training, and holistic cloud security services for SMBs, large enterprises, and governmental agencies. Our solutions specialize in delivering technology-agnostic third-party and proprietary solutions tailored to meet customer-specific requirements.

Contact us today at to learn more about how our experts can work with your business to help you gain a clear understanding of potential cybersecurity risks and the actions necessary to help reduce or prevent them.



Related Posts