Some new research is showing the federal agencies are falling behind the private sector with regard to cyber security measures, and the executives in charge are losing confidence in their abilities to protect their data.
A new study out from SecurityScorecard’s research and cited on darkreading,com, shows that governmental agencies are the worst performers at all levels, local, state, and federal, and lag behind other industries, even education, healthcare and legal organizations, groups that have traditionally been slow to adapt to new threats.
SecurityScorecard developed a scoring system, based on over 30 million daily security-risk signals collected across the internet, that allows for the rankings of 18 industry verticals. Governmental agencies scored the lowest rankings due to malware infection rates, networking security indicators, and software patching cadence. Some 600 agencies were scored in the rankings, withNASA finishing at the bottom of the list.
High-profile breaches, such as the Office of Professional Management and the Internal Revenue Service, coupled with the latest study, has the senior executive management of many of the agencies expressing their concerns and admitting their confidence in their systems is low.
A second study, conducted by the Government Business Council and sponsored by Dell, is a follow-up to a study completed back in 2014. Comparisons of the data from the earlier research shows the number of those who felt confident in their agency’s informational security has fallen by 30 points, in just two years.
Correspondingly, a 28-point drop in respondents who were confident in their agency being able to keep pace with evolving security threats was noted.
“The federal government appears to still be in the beginning stages of constructing more robust cybersecurity strategies, and respondents cite budget constraints, slow technology acquisition processes, and bureaucratic inertia as the chief barriers to a more holistic agency cybersecurity posture,” according to the report. “Moving forward, agencies need to focus on tackling institutional obstacles in order to move forward with bolstering organizational cybersecurity.”