CyberSecOp.com

View Original

The Majority Of US Defense Contractors Fails To Meet Basic Cybersecurity Standards.

 According to the study, this could have severe consequences for defense contractors, with nearly half losing up to 60% of their revenue if DoD contracts are lost.

"CMMC is a set of commercially reasonable standards to protect data," said CyberSecOp CISO. Organizations must address it as a part of doing business or risk losing the contract. “Nearly nine in ten (90%) of US defense contractors need to meet basic cybersecurity regulatory requirements.

According to the survey, defense contractors still need to implement basic standards. A sampling:

·        35% have security information and event management (SIEM)

·        39% have an endpoint detection response solution (EDR)

·        18% have a vulnerability management solution

·        28% have multi-factor authentication (MFA)

Defense contractors are being targeted by state hackers.

Defense contractors are a popular target for nation-state groups due to the sensitive information they possess about the US military. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory in October 2022 highlighting advanced persistent threat (APT) activity detected on a defense organization's enterprise network.

CyberSecOp CISO is concerned that four out of five defense contractors reported a cyber-related incident, with nearly three out of five reporting business loss due to a cyber-related event.

CyberSecOp is a CMMC-AB REGISTERED PROVIDER ORGANIZATION (RPO)

DOD has made an effort to simplify CMMC, but it is undoubtedly still complicated. CMMC is based on several other standards, including DFARS, 800-171, and ISO 27001. Utilizing all the above information security standards make it very challenging for most DOD contractors to copy with CMMC. Get compliant with CyberSecOp CMMC Assessment, Security Program & Advisory Services.