Contractors Pose Cyber Risk To Government Agencies

Ian Barker, writing for BetaNews: While US government agencies are continuing to improve their security performance over time, the contractors they employ are failing to meet the same standards according to a new report. The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector. It finds more than eight percent of healthcare and wellness contractors have disclosed a data breach since January 2016. Aerospace and defense firms have the next highest breach disclosure rate at 5.6 percent. While government has made a concerted effort to fight botnets in recent months, botnet infections are still prevalent among the government contractor base, particularly for healthcare and manufacturing contractors. The study also shows many contractors are not following best practices for network encryption and email security.

The OPM data breaches wins though

[OffTheLip]

The Feds Office of Personnel Management 2015 data breach wins (or loses) hands down. Not only an employee's personal info but family members and others included in "security" background checks. So, yeah, about those negligent contractors...

Simple solution

[Gravis+Zero]

Just tie the security clearances of the company's executives to the company's security. If the company's security is compromised, the executives lose their security clearances, leaving the corporation with two options, replace all the executives or forfeit it's government contracts.

Re:Cisco, Intel and Microsoft backdoors

[ShanghaiBill]

Stop forcing them to install backdoors and you solve half of all internet security problems.

Can you cite even a single breach that was enabled by a government mandated backdoor?