Companies lose trust when they fail to protect user data or implement necessary security advancements. Organizations bear the blame whenever attackers exploit unpatched vulnerabilities or compromise sensitive information.
A report from the Senate Homeland Security and Governmental Affairs Committee in 2019 found severe cybersecurity gaps in eight government entities, which failed to address unpatched vulnerabilities and protect users’ personal data. However, the 2021 update revealed that the agencies had made only limited security improvements in two years.
The report further stated that, of the eight federal agencies that underwent security audits – the State, Transportation, Agriculture, Health & Human Services, Housing & Urban Development, Education, and the Social Security Administration — only the Department of Homeland Security showed improvements in 2020.
The report also stressed the rising cyberthreats from state actors across Russia and China. “It is clear that the data entrusted to these eight key agencies remain at risk. As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow (personally identifiable information) and national security secrets to remain vulnerable.”
Key Findings
- Seven agencies failed to maintain accurate and comprehensive IT asset inventories, failing to protect users’ sensitive information.
- Six agencies operated systems without current authorizations to operate.
- Seven agencies used legacy systems or applications no longer supported by the vendor with security updates.
- Six agencies failed to install security patches and other vulnerability remediation controls.
Commenting on the rising threat landscape and the security posture of the government agencies, Senator Portman said, “From SolarWinds to recent ransomware attacks against critical infrastructure, it’s clear that cyberattacks are going to keep coming and it is unacceptable that our federal agencies are not doing everything possible to safeguard America’s data.”
“This report shows a sustained failure to address cybersecurity vulnerabilities at our federal agencies, a failure that leaves national security and sensitive personal information open to theft and damage by increasingly sophisticated hackers. I am concerned that many of these vulnerabilities have been outstanding for the better part of a decade – the American people deserve better. In the coming months, I will be introducing legislation to address the recommendations raised in this report so that America’s data is protected,” Portman added.
High-profile security incidents like SolarWinds supply chain attacks and Microsoft Exchange hacks represent the state of risks posed by federal agencies. Enhancing cybersecurity standards with updated incident handling measures will certainly strengthen network security.