A new survey from the CyberNews Business Digital Index reveals that 53.7% of US government departments and agencies scored D or higher for their cybersecurity efforts, while 38.8% are classified into the “F” category. 75% are affected by data breaches, almost 54% have their company credentials stolen, and 27% have their employees reuse password breach.
“The cybersecurity threat to critical infrastructure is no longer theoretical, it is a proactive and growing risk. “Vincentas Baubonis, CyberNews Head of Research,” said: “We are a cybersecurity threat to critical infrastructure.
Cybersecurity test failed.
Using available data from external sources, 53.7% of US government departments and agencies scored D or higher in their cybersecurity efforts, and 38.8% were categorized into the F category, according to an index that assesses companies and various institutions based on online security measures.
Just 22% received an A rating. 10.2% of government sectors and agencies analyzed received a B rating, indicating low risk. Meanwhile, 14.3% of C grades is moderately at risk.
Nevertheless, U.S. government departments and agencies received an average security score of 75 out of 100. According to the index methodology, the overall calculated values from 70 to 79 are considered high risk. Based on this, we can predict that US data is at high risk.
“The reality is that cyberattacks are constantly threatening organizations of all sizes, so all of them have a responsibility to protect and protect customer data,” says Baubonis.
General security issues.
Researchers have found that the top three issues in the industry are issues of the configuration of the secure socket layer (SSL/TLS), data breaches and system hosting.
The CyberNews Business Digital Index shows that the most common security issues are related to SSL/TLS configurations, affecting 93% of the departments and agencies analyzed. This is a technology that encrypts data sent between a web server and a browser to ensure secure communication.
Suppose your company has problems setting up SSL/TLS. In that case, sensitive data can be exposed to intercepts, making the system vulnerable to intermediary attacks, and undermine user trust and data security.
Almost all US government departments and agencies (77%) have poor hosting practices for their systems, with 75% being affected by data breaches. At the time of writing this report, 24% of domains had undergone recent data breaches, detected last four days ago.
Furthermore, about 59% of the analyzed departments and institutions have issues with email security, with almost 54% being stolen from corporate qualifications, and companies with lower security levels are more vulnerable to email spoofing. This threat generally affects approximately 45% of the domains analyzed.
45% struggle with web application security, and 40% are vulnerabilities that have applied software patches. 24% are risky, almost 23% are critical vulnerabilities, and 27% are reusing password breaches to their employees.
These weaknesses can open businesses to data breaches. Data breaches often have widespread consequences, including reputational damage, economic loss, legal penalties, and loss of trust.
Geographical collapse of vulnerabilities
Most government departments and agencies in all US regions except Midwest states were assigned an average F-score level of 45%.
Nevertheless, states in the Midwest region show better security practices, but there are still companies with a 28% F rating. In contrast, US territory has significantly lower cybersecurity, with 55% of companies rated F.
Connecticut, South Dakota and the District of Columbia have the highest overall scores above 90 and are at the lowest risk of data leaks. Meanwhile, Idaho, Massachusetts, US Virgin Islands, Indiana and Maine have the lowest overall scores (54-58) and their data could be at risk of leakage.
The CyberNews Research team analyzed the domains of 490 US government departments and institutions. Detailed data collected from multiple sources, including IoT search engines, IP and domain name reputation databases, and custom scanners, demonstrates the digital security attitudes of government departments and agencies.
This report assesses risks across seven key areas: software patching, web application security, email security, system reputation, SSL configuration, system hosting, and data breach history. A detailed report methodology can be found here.
