How Vulnerable Are YOU? – Cyber Security is Not Just for Governments

by Gary Spivak

When the 2012 tax season ended, authorities noted a marked increase in a new identity tax fraud.

Have you heard of this scam?

The scammers electronically file a false tax return with an ill-gotten, legitimate social security number, filing before the actual tax payer and claiming a refund.

When the real tax payer submits his return electronically, he is then notified that the return cannot be filed because there has been another return already submitted with the same social security number.

If you haven’t heard of this, you probably will be hearing more about it. The IRS, for all their e-savvy, has made it fairly easy to pull this off. In the future, be prepared to set up a personal identity number (PIN) if you want to e-file, or even have your fingerprint scanned.

Scared yet? Sounds like a pretty intricate techno-savvy scheme, doesn’t it? Guess again. The social security numbers are typically purchased from someone with legitimate access to valid numbers. There’s little that’s high-tech about it – it’s just your basic lack of integrity with personal information. Once a valid social security number and name are acquired, the e-filing is fairly straightforward.

Security Continues to Morph

The false tax return scheme is merely the tip of the iceberg, and really isn’t that elaborate from a technology perspective. Let’s just face it – there are bad guys out there, and, sadly, always will be.

Cyber security has many different facets. The one discussed above highlights the need for identity protection and verification. Is the user who they say they are?

There are many other facets to cyber security – anti-virus, firewalls, intrusion detection and prevention, anti-phishing and even application-specific firewalls.

We’ll go into each of these further in future articles.

But, for now, how does one verify that you are who you say you are?

Classic security measures revolve around the user id and password combination. And this would be alright, except user ids are predictable and, to a lesser degree, so are passwords.

Not to mention that different sites have different password requirements. One requires six to eight letters, another requires letters plus numbers, and still another requires a combination of capital letters, small letters, at least one number and at least one character from the !@#$%&*() set of characters.

You can go insane just keeping track of all your passwords.

Another interesting and growing method is two-factor authentication. What is that? Basically, it’s something you know (user id and password) and something you have (a token). The token, unique to a user, uses an algorithm to create an additional number that only the holder of that token has. This is pretty secure.

Vendors like Vasco Data (Nasdaq: VDSI) and RSA Security – now part of EMC Corporation (NYSE: EMC) – produce these types of tokens.

An alternative to these would be fingerprint sensors. On many new laptops you will notice a fingerprint sensor that determines if you are who you say you are. It’s still not perfect, but it remains difficult (though not impossible) to fool a fingerprint sensor.

So, perhaps you have heard all of this before and you point out that since the advent of the internet security has been a big concern. How do we know this is about to get bigger? Take a cue from the world’s largest company…

Apple (Nasdaq: AAPL) has long avoided the negative publicity that Microsoft (Nasdaq: MSFT) has had regarding holes in security. Was this because the code was better written? Potentially, but I believe it simply wasn’t “cool” to hack Apple – but it was “cool” to hack Microsoft.

Now that Apple is the largest company in the world, and on any given day might be the largest company ever, depending on its stock price, it must feel that it’s more vulnerable. Perhaps that’s why they decided to acquire AuthenTec (Nasdaq: AUTH), announced in July.

AuthenTec makes those fingerprint sensors you see on many laptops. It also makes sensors that are increasingly being used for mobile devices. It’s likely that Apple has caught on to the threat and is looking to enhance the security of the devices it sells by installing these fingerprint sensors.

So, if Apple is doing it, it must be serious. Not only serious, but on some level, it is probably also “cool.” Look for cyber security to continue its gains in prominence once Apple deploys this technology.

Good Investing,

Gary

comments powered by Disqus