{"id":64097,"date":"2021-08-04T09:53:52","date_gmt":"2021-08-04T14:53:52","guid":{"rendered":"https:\/\/www.pcmatic.com\/blog\/?p=64097"},"modified":"2021-08-04T09:53:56","modified_gmt":"2021-08-04T14:53:56","slug":"federal-cybersecurity-audit","status":"publish","type":"post","link":"https:\/\/www.pcmatic.com\/blog\/federal-cybersecurity-audit\/","title":{"rendered":"Cybersecurity Audit Exposed Poor Practices by Federal Agencies"},"content":{"rendered":"\n

Upon evaluating the state of eight federal agencies’ digital infrastructures through a cybersecurity audit, it was confirmed, four agencies nearly failed. Had this been the first cybersecurity audit of those agencies, the scores may not be as alarming. However, in 2018 a similar audit was conducted exposing many of the same cybersecurity risks. The reality is, very little progress has been made. <\/p>\n\n\n\n

Cybersecurity Audit Results<\/h3>\n\n\n\n
\"\"
Image from Ars Technica<\/figcaption><\/figure><\/div>\n\n\n\n

The scores, reported by Ars Technica<\/a>, do not compare those to the audit of 2018; however it is clear little progress has been made in at least four of these agencies. The audit confirmed many of the departments using legacy Microsoft operating systems that are no longer supported. This means, they are not using Windows 10. All other versions of the Windows operating systems, (XP, Vista, 7, and 8) are no longer supported. Additionally, the audit revealed thousands of accounts remaining active, some for over 150 days, after an employee left, retired or was fired from the agency. <\/p>\n\n\n\n

Moving Forward<\/h3>\n\n\n\n

Most certainly the auditors provided next steps for the agencies, in order to achieve a better score and increase their levels of compliance to best practices. However, it can also be assumed those same, or very similar, recommendations were provided in 2018. PC Matic founder and CEO, Rob Cheng states, <\/p>\n\n\n\n

“The American government has placed a heavy emphasis on finding the responsible parties for the high-profile attacks that have taken place recently. Alternatively, it is suggested they focus on closing the security holes within our federal agencies to reduce the risk of attack. The audit clearly reports there are security holes from outdated operating systems, to improper access. I’m certain if they dug deeper, they would find holes in the cybersecurity software as well. It is imperative to close these holes to reduce the threat landscape.” <\/p><\/blockquote>\n\n\n\n

Closing the Holes<\/h3>\n\n\n\n

To close these holes, federal agencies need to update their operating systems to the latest version of Windows 10. It is also equally important to update any other outdated third-party applications. Additionally, it is important organizations follow the proper termination of employment policies. This may include, but is not limited to:<\/p>\n\n\n\n