Federal, state, and local government organizations are all lacking in cybersecurity health, according to a study by SecurityScorecard. The firm released the findings of its 2016 Government Cybersecurity Report, where government organizations were measured on their security performance across 10 categories. The categories included network security, password exposure, and malware infections. The company analyzed 35 breaches that occurred across 600 federal, state and local agencies last year. Government agencies were compared to 17 major private industries like energy, transportation, and retail.
The government organizations that had the weakest systems were NASA and the US Department of State. Other low-performing organizations included the US Department of Treasury, and the IT systems of the states of Washington, Pennsylvania, and Connecticut. Low-performing government organizations struggled the most with malware infections, network security, and software patch cadence. This is hardly surprising considering the size of the OPM hack last year. In this breach, hackers were able to steal Social Security Numbers and health information from 21 million Americans. NASA, the FBI, and the IRS were also victims of data breaches earlier this year.
Each government agency was analyzed based on their overall security hygiene and reaction time, which was then compared to industry peers. Among low performing government organizations, 90% of them scored an ‘F’ in software patching cadence. Another 80% scored an ‘F’ in network security. Among local government agencies, 60% of low performers received an ‘F’ in network security, while 50% received an ‘F’ in software patching cadence.
Most federal organizations found their strengths in application security, password exposure, and social engineering. Government employees tended to be trained in security awareness. The top performers were the CIA, the Federal Trade Commission, and the New York State Education Department. Among the industries analyzed, the top-scoring ones were information services, construction, and food. The bottom performers, besides government, were pharmaceutical, telecommunications, and education.
Because government organizations are frequently targeted by hackers, they need to improve how they manage their endpoint assets. Government agencies need to use endpoint software like Promisec Endpoint Manager (PEM) to make sure that end users aren’t inadvertently compromising the organization’s security. Below are some suggestions that can help organizations improve their security:
- Ensure all software has been updated and patched to protect against vulnerabilities, and ensure future updates are scheduled.
- Monitor networks for unauthorized software downloads, which can spread malware throughout the network.
- Set up account partitions to prevent government employees from accessing information that’s not necessary for their jobs.
PEM offers endpoint protection and continuous network monitoring that lets government agencies improve their security posture. PEM’s malware detection capabilities allow for government agencies to see if a hacker has installed malicious software onto government networks. PEM also offers malware protection and remediation, so government agencies can quickly fix any issues before they become a problem for the organization and the public.