US government is lousy at cybersecurity
SecurityScorecard released its 2016 Government Cybersecurity Report, a comprehensive analysis that exposes alarming cybersecurity vulnerabilities across 600 local, state, and federal government organizations in the United States.
Each US government organization was evaluated based on their overall security hygiene and security reaction time compared to their industry peers.
The company also analyzed the specific scores of NASA, the FBI, and the IRS, all of which fell victim to data breaches in early 2016.
Among the report’s findings are the following observations:
- Across all industries surveyed by SecurityScorecard, including Transportation, Retail, Healthcare and more, US government organizations received the lowest security scores.
- Low-performing US government organizations struggled the most with three categories of security measurements: Malware Infections, Network Security, and Software Patching Cadence.
- Within state organizations with a grade below a ‘B,’ 90 percent of them scored an ‘F’ in Software Patching Cadence and 80 percent scored an ‘F’ in Network Security.
- Among local organizations, 60 percent of low performers received an ‘F’ in Network Security, 50 percent received an ‘F’ in Software Patching Cadence, and 30 percent received an ‘F’ in IP Reputation (Malware).
- NASA received the worst score among all 600 US government organizations. Other bottom-performers include the US Department of State, and the IT systems of Connecticut, Pennsylvania, and Washington.
“With serious data breaches making headlines on what seems like a weekly basis, our team felt compelled to turn a spotlight on government agencies and determine which of them are demonstrating a commitment to securing their infrastructure and which are falling short,” said Dr. Luis Vargas, Sr. Data Scientist at SecurityScorecard. “The data we uncovered clearly indicates that while some are improving their security postures, too many are leaving themselves dangerously exposed to risks and vulnerabilities, especially at the larger federal level.”
The 2016 Government Cybersecurity Report identifies major US government data breaches between April 2015 and April 2016. The report also features a competitive analysis that pits the US government sector against the cybersecurity performances of 17 other major industries.