Posted on Jan 30, 2019
SecurityScorecard’s threat intel team released a report on the recent US government shutdown. The shutdown of 2018 - 2019 was recorded as the longest halting of federal government operations in American history. The shutdown lasted 35 days and resulted in the temporary pause of non-critical functions and resulted in many government employees being furloughed or working with delayed wage payments. Temporary funding of regular government operations were shut down until it was recently authorized again on January 25, 2019.
During the period of cessation, it was reported by several information security firms and media outlets that the overall cybersecurity of the United States was put at risk by the shutdown. The general hypothesis being that the reduction in labor force and halting of expenditures may have resulted in critical networks going unmanaged and unmonitored. This occurrence may have been the emergence of new exploitable conditions that may be leveraged by a malicious adversary such as a state sponsored actor.
The results of our research indicate that it can be confirmed certain aspects of the US Government’s Network Security score dropped during the course of the shutdown, specifically as a result of an increase in the number of expired SSL certificates that were detected on the public internet. However, unexpected results surfaced that indicated that two important cybersecurity scores improved during the course of the shutdown - specifically, Endpoint Security and Patching Cadence.
The analytic parameters of research in the report include:
To see more results and read the full version of the report, please follow here.
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen. The right vendor risk assessment template can be crafted to assure compliance with regulatory requirements.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.