Comments from Secure Channels and Proficio on IRS Hack
Richard Blech, CEO and Co-Founder of Secure Channels:
“The IRS notes this issue does not involve its main computer system that handles tax filing submission; that system remains secure,” I would not consider this to be an accomplishment considering what was stolen was 100,000+ taxpayers’ SSN’s and personal sensitive data – a virtual treasure trove to steal identities. To get this sensitive data from the “Get Transcript,” the hackers tried over 200,000 times. So apparently the IRS is lacking security alert systems for being breached, proper authentication using biometric-multi-factors and deep encryption for all customer sensitive data. Had the breached taxpayers’ sensitive information been encrypted, even if the hackers somehow bypassed a strong multi-factor authentication requirement, this would be a non-news event as the hackers would have left with completely useless, non-decryptable data. As long as the IRS treats security as an afterthought and takes comfort that only the taxpayers were affected, this problem will continue and they will continue to be a target.”
Brad Taylor, President and CEO of Proficio:
“The underlying weakness in the IRS and other government website portals is they rely on knowledge-based authentication (KBA). The answers to questions like what is your address and SSN# can be purchased from cyber crime sites or just researched on the Internet. The IRS needs to add more context to their challenge questions and monitor attempted access for suspicious behavior like multiple sign-ups from the same IP address.”
About Secure Channels
Secure Channels’ robust, state-of-the-art PKMS2 encryption renders all types of data fully protected and unreadable. eliminating any potential for back door access and mining – by governmental agencies and even by Secure Channels’ own systems and personnel. It is recognized as being orders of magnitude more secure than all known commercial security industry encryption methods.
About Proficio
Proficio is a leading Managed Security Service Provider (MSSP) changing the way organizations meet their IT security and compliance goals. It provides the most advanced cloud-based solutions and advanced expertise, insight, experience and unrelenting passion, monitoring and scanning critical assets to defend enterprise networks and applications from cyber-attacks and protect compliance.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.