IRS Attack Exemplifies the Compounding Dangers of Stolen Personal Data
It was reported this week that cyber criminals accessed the tax records of over 100,000 taxpayers directly through the IRS website by using illegally obtained security information. Global Digital Forensics provides professional cyber security solutions which can help businesses, and their employees, avoid becoming unwitting accomplices in attacks like these.
The IRS released an official statement on Wednesday, May 26th 2015, announcing that, “criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street address.”
“You don’t even have to be in the cyber security industry to have to think it was only a matter of time, especially after all the headline stories this year of mega-breaches which have exposed PII (Personally Identifiable Information) on an unprecedented scale,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, “just look at the Anthem breach earlier this year; that one alone affected 80 million people, putting huge amounts of personal data out there to be used, sold or traded by cyber criminals all over the globe. And Anthem was far from alone. That’s why absolutely every business plugged into the digital world has to do their part. An intrusion or breach may not only affect them, but customers, employees, vendors, investors, they can all be affected. And by extension, a security problem stemming from their customers, employees, vendors and/or investors can quickly become their problem too. Either way, it can prove devastating to any business of any size.”
Business reputation is always on the line
“When a customer gets notification that their personal information has been compromised, the first thing they tend to do is mumble some not very nice things about the organization that exposed them and then check their accounts to see if any real cash is gone, and there is an instant dose of relief if they find everything is thankfully still in order. As has become routine, the company then gives them credit and fraud protection for a year and everyone is supposed to go on their merry way. But sophisticated cybercrime rings know the routine too. They also have a lot of patience. Take the IRS hack. No one knows yet where the attackers got the personal information they used to walk right through the front door with a key in hand, but chances are good they didn’t even steal it themselves. There is an entire underground ‘dark web’ that deals in stolen credentials, like email accounts, passwords, Social Security numbers, credit card numbers and whatever else you can think of. And with things like Social Security numbers, those don’t get changed often. So in reality, cyber criminals can “bank” that kind of information and pull it out in two or three years, long after the free credit protection is gone, and unleash all kinds of trouble. So for hits on an organization’s reputation, it can be the gift that just keeps on giving. Social media is also a haven for cyber criminals, so those adorable pictures of your favorite pet Spike, that comment on your mother’s strange maiden name, or reminiscing about your favorite elementary school teacher can all give an acute criminal eye another piece of the puzzle to pretend to be you when security questions stand between them and the access they are after,” warns Caruso.
“The really sad thing is that more than nine out of ten times it’s something simple and basic that gets the snowball rolling downhill, like a simple phishing attack or outdated software security patches,” says Caruso. “We offer services like professional cyber threat vulnerability assessments and expert penetration testing to help businesses uncover weaknesses and substantially strengthen their cyber security posture. We know every client is unique and has different needs, but having been in the business of helping a wide variety of clients protect their most sensitive digital assets for over two decades, we also know how to help all kinds of organizations get the most bang out of their cyber security buck by not loading them up with services or solutions they simply don’t need. Overpricing and flat out gouging are unfortunately going to be prevalent in any industry that deals in emergencies, and new cyber security companies are popping up every day trying to get in on an exploding market. But we’ve seen our fair share of horror stories of organizations getting fleeced then abandoned by some of these self-proclaimed ‘security hotshots’ that promise the world and fail to deliver. We want to help clients work best within their available resources, because we want to be their partner for a long time to come. In the real world, cyber security is not something you do once, assessments and testing need to be performed regularly to have any hope of surviving and thriving in today’s cyber threat landscape, so doing the job right, with integrity, and at a fair price, is how we build relationships for the long haul.”
From professional vulnerability assessments and expert penetration testing, to deep scanning, emergency incident response and helping organization raise social engineering awareness enterprise-wide, Global Digital Forensics offers services and solutions that will fit the bill.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.