Triumfant’s John Prisco Talks IRS Breach on Knowledge@Wharton SiriusXM


The data breach at the IRS that left the personal information of 104,000 taxpayers in the hands of thieves was the topic of the May 28 Knowledge@Wharton program broadcast on BusinessRadio Channel 111, SiriusXM.  Triumfant’s President and CEO John Prisco joined host Dan Loney to discuss the breach, how it happened, what it means for the future of government agencies and how this breach impacts the average individual.

The unprecedented surge in online tax scams by increasingly sophisticated criminals, potentially backed by the Russian government, has challenged the IRS to respond quickly to get ahead of the fraudsters, especially during this year’s tax season after hackers targeted TurboTax, the country’s largest online filing service. Tax officials estimate that the government has lost billions of dollars in recent years to fraudulent refunds filed by hackers who steal personal information on tax returns, then use it to claim a refund in a taxpayer’s name before they file.

Loney: How notable or worrisome is the IRS breach?

Prisco: The IRS breach indicates a more difficult and worrisome problem:  companies (and government agencies) don’t practice enough cyber hygiene to prevent these types of breaches.  Had the IRS had two-factor authentication in place, this breach wouldn’t have occurred. Now the public is paying the price.

This breach was really a perfect storm.  Not only do you have the information obtained by very patient adversaries but also the hack on tax preparation software.  TurboTax was too complacent and didn’t have enough security measures built into their software to properly guard against skilled adversaries.

Loney: How difficult is it to put in two-factor authentication?

Prisco:  Not difficult at all.  Many banks do it today, where they send a text message to your phone with a code to complete your transaction, login or filing.  We’re seeing with recent breaches, the IRS and Anthem breaches in particular, that very rich and personal information like Social Security Numbers, medical records, email addresses, credit card numbers, are being targeted. I think we’re going to see this same data being used by perpetrators in years to come.  Adversaries are skilled and patient. But this can be avoided, if prudent steps are taken by the good guys to make it harder for the bad guys to succeed.

Loney: So if companies aren’t fully vested in IT security, they are missing the ball?

Prisco: Very true. We see examples of major breaches occurring on a monthly basis and they will continue to occur. Take a look at the Sony hack for example.  It was almost a ‘man amongst boys’ scenario.  North Korea had very sophisticated capabilities and Sony was running outdated, unsupported, and unpatched Window XP machines.  Once again ignoring basic cyber hygiene and making it very easy for the attackers to not only take huge amounts of data but also cripple systems like payroll.  If companies aren’t invested at the CEO or Board level in taking proper security measures, it can be a disaster for the company.

Loney:  The IRS said it will contact the 104,000 taxpayers whose information was compromised, as well as the 100,000 for whom attempts were unsuccessful. The first group will be offered credit monitoring, while the second will be warned that thieves have their personal information.  Is this enough?

Prisco:  Unfortunately this seems a lot like taking home the home version of the game when you lost on the gameshow. The problem isn’t going away.  We’re tossing 20th century technologies at 21st century adversaries.  The class of security products used today, like anti-virus, relies on prior knowledge or signatures.  This is effective in only 20-25% of attacks.  The future of cybersecurity is dependent on new products entering the market now.  These products can analyze large data sets, leverage machine learning and examine the behaviors taking place on the endpoint to take action based on these behaviors.  As long as we continue to use old technology, it will be easy for adversaries to beat us.

Loney: What recourse is there for the IRS?

Prisco: Besides installing stronger security systems and flagging anything suspicious in a taxpayer’s return, from addresses that didn’t match up with what the government had on file to large deductions for self-employed people, they should also be looking at machine behaviors.  If there’s more frequency than normal with the Get Transcript function on their web site, this is an indicator of possible malicious activity. Something could be amiss requiring further investigation.  I like to say, “never send a human to do a machine’s job.”  Install endpoint security software that continuously monitors machine behavior, investigates anomalous activity and preforms automatic remediation.

Loney: It seems like we’ve only reached the tip of the iceberg and have a far way to go to claim victory, if at all?

Prisco: If you look at BYOD, the Bring Your Own Device to work phenomena, it gets a lot of media attention for being a possible security gap.  But the truth is mobile devices aren’t often targeted yet because it’s so easy to penetrate a regular work computer.  Here again, companies don’t practice basic hygiene like patching their systems.  Take for example Microsoft’s decision to end support for Windows Server 2003.  It’s like ringing the dinner bell for hackers.  If you are running Windows Server 2003, expect it to be hacked.

Loney: Is it understood among large companies that security needs to be their #1 priority?

Prisco:  A small percentage of companies feel and act that way.  Most companies run a skeleton security crew.  They don’t have the sufficient staff or budget to properly prevent targeted attacks from occurring.  Security is really viewed as a cost center vs. a strategic necessity.  Attitudes need to change if we are to be triumphant against hackers.


About The Triumfant Blog
This Blog is about all things Triumfant

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: