US Defense Contractors Don't Meet Basic Cyber Security Standards

A year after the Pentagon announced its newest cyber security guidelines the industry is still trying to work out how it will comply with the new rules and operate in a new environment. Cybersecurity Maturity Model Certification (CMMC) 2.0 recently entered the Defense Department’s rulemaking process, the final step before it becomes an official requirement. 

Despite questions about industry’s cyber security capabilities and the challenging documentation process, defense companies could be required to comply with CMMC for new contracts as soon as May 2023. 

Defense contractors will be required to comply with the CMMC framework and must prove their compliance when bidding for DoD contracts. The problem is that, right now, research shows that 87% of US defense contractors do not meet basic cyber security legal requirements that are considered vital to US national security. 

The security firm CyberSheath conducted a survey of 300 Department of Defense contractors and found that an extremely low number of respondents have the recommended level of security practices in place. Only 13% of respondents had a Supplier Risk Performance System score of 70 or above, way below the score of 110 that is required for full compliance. According to CyberSheath, the defense contractors believed a score of 70 to be adequate.

This report found that 70% have not deployed security information and event management (SIEM), 79% lack a comprehensive multi-factor authentication system, 73% do not have an end-point detection response (EDR) solution and 80% lack a vulnerability management solution. 

With recent attacks targeting the defense and critical infrastructure industries, the survey’s results are disturbing. Furthermore, this could have massive consequences for defense contractors, nearly half of whom would lose up to 40% of their revenue if DoD contract loss occurs, according to the research.

In addition to being largely non-compliant, an astounding 82% of contractors find it “moderately to extremely difficult to understand the governmental regulations on cyber security.”

CyberSheath:     National Defense Magazine:      Oodaloop:       Infosecurity-Mgazine:   HelNetSecurity:    Reddit:  

You Might Also Read: 

Hackers Achieve Widespread Penetration Of Defense Contractors:



 

« The Need For OT-centric Cyber Security Strategies
Misconfigured Cloud Applications Are Putting Your Data At Risk »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Iceberg

Iceberg

Since 2016, Iceberg has redefined how businesses approach hiring in the Cybersecurity and eDiscovery space.

Raz-Lee Security

Raz-Lee Security

Raz-Lee Security is the leading security solution provider for IBM Power i, otherwise known as iSeries or AS/400 servers.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

CTM360

CTM360

CTM360 is a unified external security platform offering 24x7x365 Cyber Threat Management for detecting and responding to cyber threats.

Outsource UK

Outsource UK

Outsource UK is an independent recruitment company supplying highly-skilled technology, change and engineering talent to clients within a range of specialist sectors including Cyber Security.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

CovertSwarm

CovertSwarm

Since 2020 CovertSwarm have been radically redefining how enterprise security risks are discovered. We outpace the cyber threats faced by our clients using a constant cyber attack methodology.

Computer Futures

Computer Futures

Computer Futures are a global specialist IT recruitment partner, matching candidates with roles across niche IT markets and core technologies.