"As a result, financial and taxpayer information remain unnecessarily vulnerable to insider threats and at increased risk of unauthorized disclosure, modification, or destruction," the report states.
One federal employee was "duped by a targeted email into visiting a malicious website," where he was drawn in "on the pretense that he had won a new car in a lottery he supposedly entered by answering some simple questions about his pets. Later, he found that several credit cards had been opened in his name and large amounts of pet supplies had been ordered without his knowledge," the GAO report says.Writes Tony Romm of Politico:
The GAO report raised the specter of future incidents as well, noting that a “well known hacker group ... is planning a cyber protest on a federal agency, using mobile phones and massive crowds of suppers as well as online supporters.” The goal, according to GAO, is to “slow or stop traffic in and out of the agency and delay operations.”Yet GAO found there remain “weaknesses … in all major categories of controls,” or the sorts of efforts that prevent against security threats. For example, all 24 agencies were cited for poor “access controls.” That broad category of controls includes user identification systems, as well as physical security to protect IT facilities from threats.Without improvements in those areas, GAO offered a grim conclusion.“As long as agencies have not fully and effectively implemented their information security programs, including addressing the hundreds of recommendations that we and inspectors general have made, federal systems will remain at increased risk of attack or compromise,” the report found.
Still planning on e-filing this April?