U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.
The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network.
Educations, telecommunications and pharmaceutical industries also ranked low, the report found. Information services, construction, food and technology were among the top performers.
Government agencies have struggled for years to keep pace with malicious hackers and insider threats, a challenge that came into focus after it was disclosed last year that more than 21 million individuals had their sensitive data pilfered during a breach at the Office of Personnel Management.
This is truly disturbing given the amount of sensitive information the federal government alone keeps on American citizens. The bureaucratic default mode is one of privacy invasion, but with an assurance that the information will be keep confidential.
No so much, it seems.
So now, not only do the various governmental agencies we interact with know far too much about us, there’s a great risk that the information could be exposed to far more competently insidious people than the feds.
Naturally, the plan to fix it involves the time-tested federal failure of throwing more tax dollars at the problem:
President Barack Obama has made improving cyber defenses a top priority of his remaining year in office. His administration asked Congress to dedicate $19 billion to cyber security in its fiscal 2017 budget proposal, which would include $3.1 billion for technology modernization at various federal agencies.
Good luck with that.