New Study Says Snowden Scandal Still Affecting Cybersecurity Practices

A recent ThreatTrack Security study revealed that the majority of surveyed defense contractors still feel they are vulnerable to cyber attacks.

The study surveyed a small group – 100 IT/security managers at U.S. defense contractors. It found that 88 percent of them believe “the government provides adequate guidance and support to contractors to ensure sensitive data is secure and protected against cyber attacks.”

The report says that this is significant, perhaps surprising, “in light of the ongoing Edward Snowden saga, which has resulted in the leaking of 1.7 million U.S. government secret records, raised serious questions about citizens’ privacy and eroded confidence in the government’s ability to keep secrets.”

Despite the confidence of that 88 percent, the study found that 62 percent of defense contractors are still concerned their organizations are vulnerable to Advanced Persistent Threats (APTs).

The fear of vulnerability is strongest with contractors who have large IT security budgets. The report notes that, “This implies that spending alone doesn’t equate to cybersecurity confidence, and perhaps that organizations with stronger awareness of the threats targeting them are more acutely aware of the risks they face.”

It is clear the Snowden affair has influenced the way defense contractors run their operations, particularly when it comes to their employees.

The study found that 55 percent of respondents said employees get more cybersecurity-awareness training now. In addition to that, 41 percent said they have put stricter hiring practices in place and 39 percent have reduced IT administrative rights.

Interestingly, nearly a quarter of study respondents (23 percent) said nothing has changed in the way they run things since the Snowden incident.

The study is the focus of a recent PC Magazine article, which notes that, “While the study is certainly food for thought, the findings are from a fairly small sample size. The survey included only 100 IT/security managers or staff members who work in defense contractor organizations that handle data for the U.S. government. The effects of Snowden's actions are likely to continue to influence cybersecurity awareness and practices.”

 

For more information, see the ThreatTrack Security report here: http://www.threattracksecurity.com/getmedia/6ed8898f-c014-44f5-a181-c93614102690/threattrack-security-us-defense-contractor-cybersecurity-study.pdf.aspx
See the PC Magazine article here: http://securitywatch.pcmag.com/security/320538-aftershocks-of-snowden-affair-still-affect-cybersecurity-practices