Like commercial entities, government agencies have a tendency to find their secrets leaked to the dark web. Unfortunately, US government secrets are leaked at a much higher rate.
A new report from Owl Cybersecurity ranks 59 US government agencies on their darknet footprint. Leaked data, stolen credentials, and other intelligence are all included in the ranking, and it shows that the government has a long way to go in protecting itself.
Owl also recently published a list of Fortune 500 darknet exposure, and comparing the two indexes is bleak for the US government: Most of the top 10 government agencies would displace the top 10 companies, and the overall average exposure for a government agency is five times that of a commercial entity.
The potential for leaked US government data to cause serious damage is immense. Classified information can find itself in the hands of hostile foreign entities, stolen passwords can give hackers direct access to government systems, and leaked email addresses can be an inroad for phishing attacks.
It's unfortunate when corporate data is leaked, but it's dangerous when it's the government.
The top 10
The total list of 59 US government agencies can be found in the complete report. Here are the top 10. Interesting to note is how many are defense-related departments: half the list.
- US Navy
- US Army
- Department of Defense
- Department of Justice
- Department of Homeland Security
- US Marine Corps
- Department of Veterans Affairs
- Department of State
SEE: Experts predict 2017's biggest cybersecurity threats (TechRepublic)
What the rankings mean
There are a number of factors that go into ranking the agencies on the list. Email addresses, user credentials, intellectual property, records, and other information that can be used by cybercriminals are all considered.
Owl excludes anything that doesn't have a "hackishness" factor, which means it could be used by criminals in illicit activity. Essentially, the higher up on the list, the more critically vulnerable info is exposed.
It's no surprise, therefore, that defense agencies are so highly ranked--the information they have is particularly enticing to criminals who could demand a high price for intelligence, credentials for individuals with security clearances, personnel records, and deployment plans.
SEE: Certified Information Systems Security Professional (TechRepublic Academy)
It's not just members of the military and veterans who are at risk--with the IRS in the top 10, any one of us could have personal information stolen, traded, and sold on the darkweb.
The US government doesn't have the best track record when it comes to cybersecurity, and that's not just a risk to shareholders. It's a risk for all of us. Here's hoping there will actually be some effort to shore up cyber defenses in the coming years.
Top three takeaways for TechRepublic readers:
- A new report from Owl Cybersecurity reveals that US government agencies have a massive footprint on the darknet, with an average footprint five times larger than corporate entities.
- Information available on the darknet comes in the form of passwords, email addresses, documents, and other data.
- The defense industry makes up half of the top 10 on the list, primarily due to the attractiveness of the data defense agencies have.
- Trump's cybersecurity executive order: 4 things you need to know (TechRepublic)
- Fines for being hacked: If a breach is down to bad security it could cost you millions (ZDNet)
- Video: What happens at the government when a cybersecurity threat is identified? (TechRepublic)
- US military leak exposes 'holy grail' of security clearance files (ZDNet)
- Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF) (TechRepublic)
- Infographic: Almost half of companies say cybersecurity readiness has improved in the past year (Tech Pro Research)
- Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas (TechRepublic)