Back To Resource Center

Published: February 17, 2023

Security 3-2-1 Week of 2/17/23

By Annie articles

3 Interesting Articles

A year after outcry, IRS still doesn’t offer taxpayers alternative to ID.me 

CyberScoop:  Tax season is around the corner and the IRS’s controversial partnership with ID.me is continuing without any other options for taxpayers. While the IRS announced last year that it was rolling out a government-administered service to securely approve taxpayers’ access to online services, the agency still offers no alternative vendor or in-person option. ID.me uses automated facial recognition to verify a taxpayer’s identity and critics have raised alarms due to the sensitivity of the data involved and the serious implications of when the technology comes up with false positives. Critics often point to a federal study conducted in 2019 showing that facial recognition algorithms were up to 100 times more likely to misidentify Asian and African American individuals than white men.  Furthermore, biometric information if breached cannot be changed, unlike information like a Social Security number. While the Senate Finance Committee has requested an update from the agency last month about alternatives, the IRS still has not presented how they will transition away from only using ID.me. 

Healthcare in the Crosshairs of North Korean Cyber Operations

Dark Reading: A joint Cybersecurity Advisory (CSA) between the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the US Department of Health and Human Services, and South Korean intelligence agencies highlight the growing threat that US healthcare and public health sectors are one of the top targets for state-sponsored North Korean cyber threat actors. The advisory described the North Korean government as using cyber currency from these ransomware attacks to fund other operations, such as spying on US and South Korean defense sector organizations. The alert also cautioned organizations from paying ransomware as it doesn’t guarantee anything will be recovered and may pose sanction risks as well. This news comes as ransomware attacks on US healthcare organizations continues to increase – the sector saw the highest increase in volume of cyberattacks at 69% compared to the cross-sector average of 57%. 

Russian hackers ‘disrupt Turkey-Syria earthquake aid’ in cyber attack on Nato

Independent: NATO operations such as the Special Operations Headquarters and Strategic Airlift Capability were some of their branches disrupted by cyberattacks over the weekend. Both organizations are working to deliver humanitarian relief to victims of last week’s Turkish-Syrian earthquake. Russian-backed hacker group Killnet claimed responsibility for launching DDoS attacks impacting the NATO website. In addition to knocking the website down, at least one plane carrying search & rescue equipment found itself unable to communicate with the organization due to the network disruption but luckily never lost full contact with the plane. The massive earthquake hit southeastern Turkey and Syria on February 6 and has already claimed 35,000 lives and the death toll is expected to climb. 

2 Stats You Should Know

Even though 92% of people know that using a variation of the same password is a risk, 65% always or mostly use the same password or a variation. (source

79% of businesses remain concerned about security risks of an increasingly remote workforce. (source)

1 More Thing

 

Our large and diverse network of experts is here to help...

Charles M.

Principal

Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.

Ellen K.

GRC Expert

Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.

Zachary C.

Founder and CRO

Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.