Here's a shocking revelation from the department of the obvious: the US government is bad at cybersecurity.
Now, a new report sheds light on how bad the situation is.
According to a new analysis by a leading benchmarking firm, the US government comes in at the very bottom of all 17 major industries, including retail, non-profits, and healthcare.
SecurityScorecard measured the government and industry sectors against ten categories, including social engineering, password exposure, and malware infections.
Information services, construction, food, and technology were among the leading industries.
But education, telecommunications, and pharmaceutical industries ranked at the lowest, though still better than government.
The benchmarking firm tracked 35 data breaches over the past 12 months, which included major attacks attacks at the Internal Revenue Service, which led to the leaking of more than 700,000 social security numbers, and the Office of Personnel Management, in which data on more than 22 million current and prospective government workers was stolen.
The research shows that at the federal level, NASA and the State Dept. struggled most with security performance, but there were far more local branches of government with problematic security practices.
But some of the federal agencies were more susceptible to attacks because their large size makes it difficult to roll out security patches.
But the Obama administration wants to fix that. With just a few months left in office, the president recently proposed a hike in budget spending as part of an effort to turn cybersecurity and data protection as a top priority in government.
The $5 billion increase to $19 billion in total funding will also carve out $3.1 billion for upgrading technologies and networks across various federal agencies.