Special Feature
Part of a ZDNet Special Feature: IT Security in the Snowden Era

Snowden aftermath: Defense contractors revamp policies, practices

Following the Edward Snowden wake-up call, three in four defense contractors have already made significant changes in their IT security and hiring practices.


Both the volume and the sensitivity of the information leaked by former NSA contractor Edward Snowden has compelled US defense contractors to drastically overhaul their hiring practices and reevaluate employees' data access privileges.

The new study conducted by Opinion Matters on behalf of security software provider ThreatTrack Security found that 75 percent of IT and security managers employed by defense contractors have changed their cybersecurity processes in a variety of ways.

Of the 100 respondents, 41 percent said they've implemented stricter hiring practices and 39 percent acknowledged that their own IT administrative rights have been restricted.

The depth and breadth of the Snowden leaks were also a wake-up call to enterprise companies who understand and appreciate the immense value of the intellectual property housed and accessed on their corporate networks.

"It's interesting to note that while defense contractors seem to have better security practices in place and are more transparent than many companies in the private sector, they are finding the current cyber threat onslaught just as difficult to deal with," said ThreatTrack Security CEO Julian Waits, Sr., in the report.

Fifty-five percent of defense contractors are now providing more general cybersecurity awareness training to their employees and 52 percent have reviewed or reevaluated employees' data access privileges.

It doesn't help, contractors said, that it's become increasingly difficult to find and hire qualified security staffers at a time when new threats are multiplying at an exponential rate.

Twenty-six percent of contractors said there was a shortage of "highly skilled" security personnel on staff and their existing IT security team is routinely torn between resolving new malware sample analyses and cleaning malware off executives' devices.