Every year it becomes more and more clear that the federal government does not have the human resources or the requisite skills to fully address the growing challenges facing our nation. Agencies bridge this gap by employing contractors with unique skill sets to handle these short- and long-term requirements. Today, 4 out of every 10 people who work for the Federal government are private contractors, many of whom hold sensitive data or perform services on behalf of some of our most critical missions.
But there is a problem: research from security ratings firm BitSight indicates that the cybersecurity performance of government contractors is far below the performance standards of the agencies they work for, meaning that a security performance gap exists between the U.S. federal government and its contractor base. This places sensitive government data at serious risk. The report states that:
- “Over 8% of healthcare and wellness contractors have disclosed a data breach since January 2016”
- “Aerospace/Defense firms had the next highest breach disclosure rate at 5.6%”
- Nearly 50% of contractors surveyed scored a “C” or below for the “Protective Technology subcategory of the NIST Cybersecurity Framework”, indicating poor hygiene practices for network encryption and email security.
The challenges are clear: 1) how do federal agencies ensure contractor cybersecurity performance levels meet federal standards?, 2) how do they enforce agency security policy and need to know standards? 3) how do they reduce unintended disclosure or theft of sensitive information assets?
SpiderOak has the solutions.