According to a new report, the U.S. government’s overall cybersecurity ranked third to last compared to 17 other major industries, including transportation, finance, healthcare and more.
The 2017 U.S. State and Federal Government Cybersecurity Report (PDF) by SecurityScorecard analyzed over 500 federal, state and local government agencies, and evaluated their security capabilities across 10 categories.
The report found that across all industries surveyed, government organizations received one of the lowest security scores. In particular, government agencies ranked significantly low in network security (13th), application security (11th), leaked credentials (12th), patching cadence (16th), endpoint security (17th), and “hacker chatter” (18th).
However, the government sector ranked above average in three of the 10 categories: DNS health (2nd), social engineering (3rd) and cubit score (2nd), which is a measure of exposed administrative portals and domains.
Furthermore, of the 500 government agencies observed, the U.S. Secret Service, the Federal Reserve and the IRS were among the top 10 for best overall scores.
“On an almost daily basis, the institutions that underpin the nation’s election system, military, finances, emergency response, transportation, and many more, are under constant attack from nation-states, criminal organizations, and hacktivists,” said Sam Kassoumeh, COO and co-founder at SecurityScorecard, in a press release.
“Government agencies provide mission-critical services that, until they are compromised, most people take for granted. This report is designed to educate elected officials, agency leadership, as well as government security professionals about the state of security in the government sector,” Kassoumeh said.