Looking for another reason to mistrust the government? Its shoddy cybersecurity practices may be just the ammunition you need. New data from security risk benchmarking startup SecurityScorecard suggests that when it comes to safe practices online, U.S. federal, state, and local government agencies rank dead last in comparison to 17 major private industries, including transportation, retail, and healthcare. The report examined the “overall security hygiene and security reaction time” of government institutions, paying special attention to NASA, the FBI, and the IRS, all of which were hacked earlier this year.
Topics of interest included vulnerability to malware infections, exposure rates of passwords, and susceptibility to social engineering, among other criteria.
The results were none too complimentary for our government. “Across all industries surveyed by SecurityScorecard,” the report notes, “U.S. government organizations received the lowest security scores. SecurityScorecard tracked 35 data breaches among all U.S. government organizations between April 2015 and April 2016.”
The biggest deficiencies were found within three categories of security; Malware Infections, Network Security, and Software Patching Cadence. Shockingly, 90 percent of state organizations scored an “F” in Software Patching Cadence, and 80 percent received the same score in Network Security.
But the worst offender of all was NASA, who received the lowest score among all 600 U.S. government organizations surveyed. Joining the bottom feeders were the U.S. Department of State, and the IT systems of Connecticut, Pennsylvania, and Washington.
The Obama administration has certainly made attempts to address the overarching insufficiency of cybersecurity practices currently in play across a range of agencies. President Obama has asked for $19 billion from Congress to improve tech defenses, including $3.1 billion to modernize the IT infrastructure at a number of federal agencies.
“With serious data breaches making headlines on what seems like a weekly basis, our team felt compelled to turn a spotlight on government agencies and determine which of them are demonstrating a commitment to securing their infrastructure and which are falling short,” said Dr. Luis Vargas, senior data scientist at SecurityScorecard. “The data we uncovered clearly indicates that while some are improving their security postures, too many are leaving themselves dangerously exposed to risks and vulnerabilities, especially at the larger federal level.”
- Federal investigation into Equifax hack said to wither, even with more data exposed
- Equifax could make money from its own breach; 2.4 million more are exposed
- Intel warned Chinese tech firms of security flaws before telling U.S. government
- Companies are sorry about security flaws. Just not sorry enough to change
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs