CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Watch and learn as IRS turns to YouTube to share wealth of knowledge

Watch and learn as IRS turns to YouTube to share wealth of knowledge
January 15, 2016

sh_taxes online_750

The Internal Revenue Service released the first of a series of YouTube videos providing information on how taxpayers can protect their tax and financial data. The IRS is coordinating with state tax revenue departments and the tax industry on producing the videos as part of a Security Summit initiative, which includes a public awareness campaign known as “Taxes. Security. Together.” aimed at combating taxpayer identity theft and tax refund fraud by educating taxpayers and providing them with tools to stay safe online. The first video includes tips from four state officials reminding taxpayers to check their online accounts for problems, look for secure sites when shopping online, and be careful to avoid phishing scams. More videos will follow. Find the videos here: Source: Accounting Today

Well, that’s one way to lower ID theft investigations

sh_drivers_280New figures show that the number of identification theft investigations fell by 30 percent in California after a program allowing undocumented immigrants to apply for driver’s licenses was implemented in 2015. Documents told investigators that ID theft committed by undocumented immigrants for the purpose of obtaining driver’s licenses is acceptable so long as the ID was not also used in a crime. How investigators determined whether the ID was used in a crime is unclear. From July 2013 to June 2014, there were 4,400 reported cases of ID theft. But when Assembly Bill 60 — the legislation that introduced the driver’s license program for undocumented immigrants — was implemented in January 2015, the number of reported cases, measured from July 2014 to June 2015, fell to 3,100. The drop likely comes from the latter half of the fiscal year when DMV investigators were reportedly told to ignore past cases of ID fraud discovered from undocumented immigrant applicants. Source: The Daily Caller

An industry devoted to cracking industry systems

A U.S. cybersecurity official says authorities have seen an increase in attacks that penetrate industrial control system networks in the past year, and said they are vulnerable because they are exposed to the Internet. Industrial control systems are computers that control operations of industrial processes, from energy plants and steel mills to cookie factories and breweries. “We see more and more gaining access to that control system layer,” said Marty Edwards, who runs the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, which helps U.S. firms investigate suspected cyber attacks on industrial control systems as well as corporate networks. Interest in critical infrastructure security has surged since late last month when Ukraine authorities blamed a power outage on a cyber attack from Russia, which would make it the first known power outage caused by a cyber attack. Source: Reuters

Sounds like we need a closer eye on the nukes

sh_nuclear_280The nation’s unclassified nuclear computer systems are vulnerable to successful cyber attacks because “generic” security contracts don’t make it clear who’s responsible for keeping an eye on them, federal watchdogs said. The Nuclear Regulatory Commission’s cybersecurity center isn’t “optimized to protect the agency’s network in the current cyber threat environment,” the NRC’s inspector general office’s said. The NRC’s classified systems are separate and weren’t addressed in the inspector general’s report. The finding comes at a time when the number of reported “computer security incidents” at the NRC is rising at almost twice the rate of the federal government as a whole, it said. The “incidents” aren’t detailed, but the inspector general said they include unauthorized access to unclassified NRC systems, injection of malicious code, “social engineering” attacks to obtain passwords and personal information and unauthorized scans and other access attempts. The NRC had no comment. The inspector general said agency officials had stated their “general agreement” with its findings and recommendations, the results of an investigation that was conducted from July to November. Source: NBC News

You’d think that not doing this would be obvious

Niagara County, N.Y., clerk Joseph Jastrzemski warns motorists against posting photographs of their driver’s license on social media after the state DMV warned the practice was leading to identity theft, particularly among the young. “Your state-issued driver license contains some of the very same information that identity thieves look for: addresses, birth dates, signatures,” Jastrzemski said. “In the wrong hands, this information can lead to things like damaged credit and the inability to get loans for people who did nothing more than post what they thought was an innocuous picture on Facebook.” Source: Niagara Frontier Publications

Charitable instincts take a turn

sh_donations_280The Internal Revenue Service has dropped proposed regulations after charities from the American Red Cross to the YMCA bombarded the agency with negative comments. The rules would have established a new reporting regime to substantiate gifts to charity of more than $250 in which charities would collect donors’ Social Security numbers. In the preamble to the proposed regulations, Substantiation Requirement For Certain Contributions, the IRS noted the risk of identity theft because the charities would be collecting the donors’ SSNs and storing them for some time. Charities said it would subject board members to lawsuits, it would invite scamsters, and it would hinder charitable giving. Source: Forbes

Accepting the inevitable and preparing for it

Companies are beginning to accept that they will be compromised, so the demand is growing to know just how often and how deep, says ForeScout CEO Michael DeCesare. “Cyber adversaries are typically organized, well-funded, persistent, sophisticated and notably more coordinated by the year, but most firms are relying on technologies that were not designed or built to deal with this kind of threat,” he told Computer Weekly. Successful cyber attacks on companies such as Sony and Target, which are well resourced and well invested in security systems, are evidence of this failure to cope. DeCesare believes the security industry is in the process of a “massive transformation” in response to fundamental changes in the nature of cyber attackers. Source: Computer Weekly

They’re going to look! Up in the sky!

sh_aviation_280Europe’s top air-safety official said he is hiring a group of high-level computer experts to identify and combat looming cyber threats to aviation. Intended to be a kind of digital SWAT team for hacking attacks, the initiative launched last month goes beyond U.S. efforts and is the most dramatic example of the European Aviation Safety Agency’s increasingly aggressive approach to such risks. The aim is to quickly provide technical assistance to carriers or national regulators anywhere in Europe in the event of a cyber attack, said Patrick Ky, the agency’s executive director, in an interview. The move also is part of a broader campaign by the agency, which serves 32 member states, to expand its authority beyond traditional safety regulations. “We think the aviation system is quite vulnerable to cyber attacks,” Ky said. Source: The Wall Street Journal

They’re making it, but not in a good way

sh_manufacturing_280The greatest cyber vulnerability might be in manufacturing. “By raw numbers, and by the numerous manners of attacks, manufacturing is the most targeted area now, even compared to financial services,” said Chet Namboodri, senior director of Global Private Sector Industries at Cisco. “Financial services gets more press, but industrial networks get more attacks.” Rockwell Automation and Cisco have been working to create practices that protect industry against cyber threats. Industrial Automation and Control System networks generally are open by default. The openness supports technology coexistence and device interoperability. That openness also allows for vital data exchange between plant operations and the organization’s enterprise system. Yet openness also requires that IACS networks be secured by configuration and architecture to defend the perimeter as well as defending the system internally. Many organizations and standards groups recommend segmenting business system networks from plantwide networks by using an Industrial Demilitarized Zone. Source: EE Times

Sharing knowledge to bolster defenses

Pentagon officials have completed a classified assessment of the effectiveness of enterprise cybersecurity tools at defense agencies, and the assessors are sharing lessons with the military services, according to an official at the Defense Information Systems Agency. “We’re looking at the existing tools — whether it’s a sensor that’s at the boundary or it’s an endpoint or it’s a Web content-filtering capability,” said John Hickey, a cybersecurity risk management executive at DISA. “And we look at those different tools, and we say, ‘What is the threat that they’re defeating, and what is the value of that threat?’ ” Officials at DISA, the Defense Department CIO’s office and the National Security Agency conducted the classified assessment, which he described as an initial step in making sure defense officials weren’t getting a “stale” view of their networks. The military services will follow suit with their own assessments of enterprise cybersecurity tools, Hickey added. Source: FCW

Your car might not be vulnerable to hacking—unless …

sh_jeep hackFiat Chrysler cars were the only ones vulnerable to the cybersecurity defects that prompted the recall of 1.4 million vehicles, according to federal regulators. The conclusion ends a five-month investigation into whether other automakers also had left their vehicles exposed to the same security shortcomings that allowed hackers to remotely hijack a Jeep last year. The National Highway Traffic Safety Administration explained its findings in documents posted to its website. The Jeep hack in July demonstrated that researchers could take control of a car on the highway while stationed in a house 10 miles away. The two researchers manipulated the air conditioning, toggled on the windshield wipers, and then cut the car’s transmission. The bug apparently was in the vehicle’s radio system. Source: The Hill

Staking their claims, more frequently

Almost half of respondents to an insurance industry study have made a claim for cyber breach. The study, commissioned by Wells Fargo Insurance, found that 85 percent of the top 100 U.S. middle-market companies ($100 million-plus annual revenue) have purchased cyber insurance, and 44 percent have made a claim. While the level of firms with policies has soared, their readiness for a cyber attack is often still lacking. “While companies recognize the need for cybersecurity and data privacy insurance, purchasing coverage is not a complete solution. It’s also important to recognize that other factors, including testing incident response plans, employee awareness training, and following established privacy policies, are all critical components of an overall risk management program,” said Wells Fargo’s Dena Cusick. Source: Insurance Business America


The post Watch and learn as IRS turns to YouTube to share wealth of knowledge appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started