"Nearly 10% of SMB Defense Contractors Show Evidence of Compromise"

Cybersecurity vendor BlueVoyant conducted a new study and analyzed a representative sample of 300 smaller contractors from a defense industrial base (DIB) estimated to have anywhere from 100,000-300,000 suppliers. The researchers uncovered signs of weaknesses in this complex ecosystem of contractors, potentially putting national security at risk. More than half of SMB contractors in the US defense supply chain are critically vulnerable to ransomware attacks. Half of the companies studied had unsecured ports vulnerable to ransomware attacks. In contrast, 48% had vulnerable ports and other weaknesses, including unsecured data storage ports, out-of-date software and operating systems, and other vulnerabilities rated severe by NIST. Unpatched flaws were particularly concerning: more than six months after critical F5 and Microsoft Exchange vulnerabilities were published, nine companies were yet to fix them. The researchers also found that a fifth (20%) of SMB contractors have multiple vulnerabilities and evidence of targeting, while 7% also featured evidence of compromise. In total, BlueVoyant found evidence of over 1300 email security issues, more than 400 vulnerabilities, and 344 indications that suggest “company resources are involved in anomalous or criminal activity.” Over a quarter (28%) of appraised contractors showed evidence indicating they would fail to meet the most basic tier-1 requirement for the Cybersecurity Maturity Model Certification (CMMC). CMMC is a critical compliance standard designed to improve security best practices among US defense contractors. 

Infosecurity reports: "Nearly 10% of SMB Defense Contractors Show Evidence of Compromise"