As a follow on to the blog about the data theft of 40% of South Korean credit cards, what is the next 40% number? Per this article on this report nearly 40% of breaches of the US federal government go undetected. If these breaches are undetected it stands to reason that the underlying problems that allowed unauthorized user(s) to gain access to private/sensitive information may still exist. A few of the key findings from the report:
- Nearly every agency has been attacked, including the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce. NASA, the EPA, the FDA, the U.S. Copyright Office, and the National Weather Service have also been hacked or had personal information stolen.
- Sensitive databases protected by weak or default passwords.
- Computers controlling physical access to DHS facilities whose antivirus software was out of date.
Many of the issues identified in the report highlight endpoint weaknesses, which is often the easiest way for an attacker to gain a foothold in your network then move laterally to find more valuable targets. How can you analyze how well protected your endpoints are and then know how to resolve any issues? Rapid7 ControlsInsight is supported by leading security experts and best practices such as the SANS Top 20 Critical Security Controls and allows you to measure, analyze and track improvement on your endpoint controls and reduce or eliminate weak passwords and out of date AntiVirus among other controls.