Stories by By Ira Winkler and Araceli Treu Gomes

Was the IRS breach unstoppable?

Another hack, another claim of inevitability. It is frustrating to read about <a href="">the IRS breach</a> and see it declared sophisticated. The following quote, from the IRS commissioner to CNN, is just outright infuriating:

Applying the Irari Rules to a risk-based security program

The feedback from our last article, in which we laid out what we call <a href="">the Irari Rules for classifying a cyberattack as "sophisticated,"</a> was overwhelmingly positive. Nonetheless, a few people we respect disagreed with us. Ironically, examining why they disagreed demonstrates why the Irari Rules are relevant.

The Irari rules for declaring a cyberattack ‘sophisticated'

Organizations hit by a cyberattack have reason to <a href="">call the attack "sophisticated."</a> But calling an attack sophisticated doesn't make it sophisticated. We have put our heads together and come up with some rules for determining whether an attack is sophisticated, and we have put our names together (Ira and Ari) to give these rules a name: the Irari rules. If any of the following conditions occur, the attack is <em>not</em> sophisticated: