Two new studies this week give us some insight into how government at all levels is doing at protecting their – excuse me – our information.
First the Feds. Here are some disturbing stats from a MeriTalk/Palo Alto Networks study:
- Federal IT Managers estimate at 44% of the endpoints that access agency network are at risk.
- Barely half of the agencies surveyed have taken critical steps to secure endpoints and even fewer do real time patching.
- 54% of Federal IT managers say their current policies are very effective, practical or enforceable.
- Less than half say their endpoint security policies are well integrated into their overall IT security strategy.
- When it comes to mobile BYOD, 39% apply their policies to mobile, 40% require encryption, 50% ban public WiFi and 53% require anti malware software
OK, now that we see what a wonderful job the Federal government is (not) doing, let’s look at how the states are doing.
The Pell Center for International Relations and Public Policy interviewed State IT execs and looked through public information to score each of the 50 states in 5 different categories (plan, response, law enforcement, information sharing and R&D). They scored each state. Of the 50, NO ONE PASSED. Eight states (CA, MD, MI, NJ, NY, TX, VA and WA) were at least passable, but each of those stubbed their toes somewhere. Washington may be the best in that they had no categories where they had done nothing.
Given this, your organization may be doing better than the either the Feds or the States.
It definitely means that you should not use the gov as your benchmark.
Information for this post came from Dark Reading.