Black Kite, the leader in third-party cyber risk intelligence, released Centralizing Supply Chain Cybersecurity: U.S. Federal Government Risk in 2022, which finds cyber risks for top defense contractors are rising. Most notably, 72% of contractors have had at least one leaked credential in the last 90 days – a 71% increase from six months ago.
"In today’s geopolitical landscape, the federal sector is under constant threat of cyberattack. There’s a heightened sense of urgency to protect critical infrastructure and the nation -- but hackers across the globe are getting better at flying under the radar. Some of the most critical federal agencies are unprotected, which leaves our country vulnerable and at risk. Our latest research highlights the need for better third-party cyber risk intelligence, and where to start today.”
Bob Maley, CSO of Black Kite
Black Kite Research analyzed the top 100 U.S. defense contractors’ overall cyber hygiene, including susceptibility to ransomware attacks, and compared the data against its 2021 report. In addition to the alarming increase in leaked credentials, key findings include:
-
The cyber posture of defense contractors in critical technical categories (such as credential management, Secure Socket Layer (SSL) / Transport Layer Security (TLS), and strength and application security) is dangerously low.
-
Nearly half (46%) of defense contractors are three times more likely to experience a cyber breach than those with “A” technical ratings (on a scale from A to F).
-
32% are vulnerable to ransomware attacks such as phishing – and 20% of agencies examined in last year’s report are still vulnerable, meaning quick improvement is critical.
-
17% utilize out-of-date systems, creating a critical vulnerability for ransomware attacks.
According to a survey of government organizations by Sophos, 40% of central government and 34% of local government organizations experienced a ransomware attack in the past year. The Federal Bureau of Investigation’s Cyber Division recently issued Private Industry Notification finds “ransomware attacks against local government entities are especially significant due to the public’s dependency on critical utilities, emergency services, educational facilities, and other services overseen by local governments.” With the government being one of the largest holders of personal identifying information (PII), these entities are desirable targets for cyber criminals.
“Government agencies are prime targets for hackers due to the sheer amount of data they possess. It’s a virtual candy store for those with malicious intent,” said Jeffrey Wheatman, SVP and Cyber Risk Evangelist (CRE) of Black Kite. “Understanding third-party susceptibility to cyber threats must come first as contractors look to reduce their risk. At Black Kite, we’re committed to helping the most critical agencies safeguard their data – and in doing so – safeguard the information of all citizens.”
Black Kite provides third-party cyber risk intelligence from a technical, financial, and compliance perspective to eliminate false positives and ensure a holistic approach to vendor risk management. In addition to Centralizing Supply Chain Cybersecurity: U.S. Federal Government Risk in 2022, Black Kite issues an annual Third-Party Breach Report as well as regular risk assessment reports on the automotive manufacturing, energy and insurance sectors.
About Black Kite
One in four organizations suffered from a cyber attack in the last year, resulting in production, reputation and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. At Black Kite, we're redefining vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker's perspective.
With 350+ customers across the globe and counting, we're committed to improving the health and safety of the entire planet's cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence. While other security ratings service (SRS) providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain's cybersecurity posture from three critical dimensions: technical, financial and compliance.