A new study paints a grim picture of the overall cyber health of US government entities.
In the midst of investigations into a potential 2016 election hacking, regular major malware events, and an overall increase in the number of sophisticated cyberattacks, the report highlights that the government sector is lagging compared to almost every other industry.
However, there are some standout performers that have demonstrated superior cybersecurity capabilities, according to SecurityScorecard’s annual US State and Federal Government Cybersecurity Report.
SecurityScorecard analyzed more than 500 federal, state, and local government agencies in the US, compared this group to 17 other expansive industries, and evaluated this group’s security capabilities across 10 categories.
Key findings from the report include:
* Government organisations were ranked third from last (16th) in overall cybersecurity, even when compared to heavily-regulated industries like transportation, finance, energy, and healthcare.
* Government organisations fell significantly short in Network Security (13th), Application Security (11th), Leaked Credentials (12th), Patching Cadence (16th), Endpoint Security (17th), IP Reputation (16th), and Hacker Chatter (18th).
* Government organisations performed above the cross-industry average in three categories: DNS Health (second), Social Engineering (third), and Cubit Score (second).
“Since our last report in 2016, US state and federal government cybersecurity issues have gained national attention,” says Sam Kassoumeh, chief operating officer and co-founder at SecurityScorecard.
“On an almost daily basis, the institutions that underpin the nation’s election system, military, finances, emergency response, transportation, and many more, are under constant attack from nation-states, criminal organisations, and hacktivists.”