Government agencies have been in the cybersecurity limelight more than federal IT leaders are probably comfortable with, especially ever since the infamous breach of the Office of Personnel Management in 2015. Lately, it would seem that the feds luck hasn't faired much better: Both the FBI and the Department of Homeland Security reported data breaches that collectively may have affected 29,000 government employees.
But the most pressing news in the area of government cybersecurity is an update regarding a data breach of the Internal Revenue Service that occurred in 2015. Recent findings suggest that the incident was far greater in scope than initially understood.
The IRS encounters the Hydra of cyberattacks
In May 2015, the IRS reported that as much as $50 million in tax refunds had been fraudulently claimed by hackers, and that as many as 100,000 tax payers had their Social Security numbers and other personal information compromised. A few months later, the IRS reported that the breach actually affected more than three times that amount, with an estimated total of 334,000 tax payers having had their information stolen.
Now, six months and more than 600,000 tax fraud attempts later, the IRS has once again doubled the 334,000 figure, claiming that as many as 724,000 tax payers may have been impacted by the data breach. Like the heads of the mythical Hydra of Greek lore, the attack numbers seem to double every time the situation appears to be under control. At this point, there's only speculation as to who may be responsible for the cyberattacks, but sources have reported that IRS investigators believe Russian cybercriminals are the culprits.
This much is known: The breach was executed through manipulation of the IRS's "Get Transcript" program, which allows people to view their tax history online. According to CBS, the IRS believes that the hackers were able to procure personal information needed to access these online accounts through other websites, such as online banking and IRS-approved tax preparers. Not surprisingly, the incident has left a bad taste in the mouths of many American taxpayers.
"The IRS is frankly not doing enough to protect us," Steve Weisman, identify theft expert and seniors lecturer at Bentley University, told CBS. "The very fact that it takes them so many months to even analyze the depth of the problem shows you that there are probably more identity theft that is going on."
Stronger breach detection and analysis is needed
Currently, there's no concrete way of knowing if this event could have been preempted, or the scope of it could have been more quickly ascertained. Nevertheless, Weisman's words do raise an important issue in modern cybersecurity that is plaguing the full spectrum of industries, and now, American taxpayers: a lack of focus on detective defenses and security analysis.
Many organizations are under the impression that they're doing everything they can to ward off cyberattacks by deploying firewalls and beefing up perimeter security. The problem is, building a fortress is only half the battle.
The network's interior must be diligently monitored for all and any suspicious activity. This could be user login requests coming from foreign countries, such as Russia or China. It could be unusually large data transfers after normal business hours. Administrators need a way to map out and monitor all of this activity to ensure that cyberattacks and fraud are caught early, entry points are identified, and the incident is thoroughly analyzed so its severity is fully understood.
"IT staff can exponentially and affordably improve cybersecurity."
The most frustrating part is that a security operation center does exactly this, and at prices that are far more affordable than tradition SIEM software.
SOC-as-a-service offerings provide clients with a dedicated cybersecurity engineer who, in addition to monitoring the network for unusual activity, also provides regular updates about the current state of the network's security strategy. This means that without hardly a lifting a finger, IT staff can exponentially and affordably improve cybersecurity.
If it sounds to good to be true, it's only because many companies have not yet adopted a mindset in which cybersecurity is viewed as a strategy, rather than just a big shield. Whether you're organization is a government agency or a financial firm, the best thing you can do protect its network is to enlist the help of a SOC.