Bob Gourley, former Defense Intelligence Agency CTO and publisher of CTOvision, discusses the failure of government IT contractors to incorporate some standard email security measures.
According to a new report by the Global Cyber Alliance, the largest federal IT contractors have some major security holes in their email systems. The report states that out of 50 firms, only one is using the DMARC email validation protocol. This means that the other 49 IT providers in the study are extremely vulnerable to phishing and spoofing attacks. “I have a lot of empathy for these federal contractors, because they’re in such a highly regulated industry. So many of them are told what to do by the federal acquisition regulations and the defense acquisition regulations, and they follow the government orders, so maybe this is something they weren’t tracking,” said Bob Gourley, former Defense Intelligence Agency CIO and publisher of CTOvision. “I would also say that it’s very easy for them to get in compliance. It costs no money to configure your email systems to use DMARC, and it’s really simple. So, I hope that this report will be seen as a call to action for them.”