Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 3 MINUTES AGO.
You are here: Home / Customer Data / Gov't Scores Low on IT Security
Report: Government Agencies Not Doing Enough To Protect IT Systems
Report: Government Agencies Not Doing Enough To Protect IT Systems
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
25
2016
NASA and the U.S. Department of State were among the federal agencies that received low marks on IT security, according to a recent report card issued by the New York-based firm Security Scorecard. Also receiving low grades were the states of Connecticut, Pennsylvania and Washington.

The 2016 U.S. Government Cybersecurity Report, released earlier this month, analyzed the cybersecurity vulnerabilities of some 600 local, state and federal government agencies. It found that government organizations perform poorly in information security compared to private-sector enterprises in transportation, retail, healthcare and other industries.

Security Scorecard put a special focus on NASA, the Federal Bureau of Investigation and the Internal Revenue Service, all of which have been hit by significant data breaches this year. Across the board, government agencies struggled most with malware infections, network security and the timing of regular software patches, the report found.

'Too Many are Exposed'

Founded in 2013, Security Scorecard was started by Aleksandr Yampolskiy and Sam Kassoumeh, both information security veterans of the Gilt Groupe members-only sale-of-the-day site. That company was acquired earlier this year for $250 million by the Hudson's Bay Company, a Canadian retail business group.

According to Security Scorecard's Web site, the company uses three sources of information -- proprietary data, raw data feeds of publicly available open source malware intelligence and other threat intelligence data feeds -- to assess security performance. It grades sites based on hacker chatter, DNS (Domain Name System) health, presence of vulnerable applications, server-side vulnerabilities, use of corporate credentials on social networks and other metrics.

A Security Scorecard spokesperson told us that the company has also built sinkhole infrastructures that reverse engineer malware and capture related data. "[Our] honeypots are intentionally insecure systems created to monitor various types of attacks. This gives [us] an outside-in perspective that non-intrusively uncovers millions of vulnerability data points across the entire Internet," the spokesperson said.

"With serious data breaches making headlines on what seems like a weekly basis, our team felt compelled to turn a spotlight on government agencies and determine which of them are demonstrating a commitment to securing their infrastructure and which are falling short," senior data scientist Luis Vargas said in a statement. "The data we uncovered clearly indicates that while some are improving their security postures, too many are leaving themselves dangerously exposed to risks and vulnerabilities, especially at the larger federal level."

New Efforts in Wake of Hacks

The cybersecurity report ranked government agencies last out of 18 different sectors. Companies in the information services industry performed best in the assessment, followed by the construction industry and the food industry. Low-performing private-sector industries included pharmaceuticals (15th place), telecommunications (16th) and education (17th).

Local, state and federal government organizations have experienced 35 "major" data breaches since last April, according to Security Scorecard. In February, for example, hackers published details about FBI and Department of Homeland Security employees on Twitter. And this year, hackers with the group AnonSec released 250 GB of data extracted from NASA's systems, while an attack on the IRS last year led to the leak of personal data associated with more than 700,000 taxpayer accounts.

Federal agencies have been working to improve performance, with the Department of Defense announcing in March that it will be launching its first bug bounty program. President Barack Obama earlier this year also called for the enactment of a Cybersecurity National Action Plan that "puts in place a long-term strategy to enhance cybersecurity awareness and protections."

Image Credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CUSTOMER DATA

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.