According to a report from the Treasury Inspector General for Tax Administration (TIGTA), a vendor who provides the US Internal Revenue Service (IRS) with a communications system did not apply available updates for antivirus and as a result, was running vulnerable software for more than a year. The vendor, eGain, is a managed service provider for the communications system, which is known as the Taxpayer Digital Communications (TDC) platform. TIGTA made nearly a dozen recommendations, including having “The [IRS} Chief Information Officer … ensure that adequate oversight is provided to ensure that eGain MSP personnel timely upgrade antivirus software in accordance with IRM (Internal Revenue Manual) requirements.”
- Think of this when you’re asked about downtime to apply patches /updates. Not just to the OS but also to the applications. Verify that you’re keeping applications on current versions which are getting updated commensurate with the current threat landscape. When you find old / legacy versions, make plans to both update (soon) and protect the existing installation from abuse.
Read more in