Counties Receive Risk Analysis for Better Cybersecurity
SecurityScorecard’s ratings analyze the security posture of an organization. An agency’s Total Score consists of a number and a letter grade, from A (100) to F (0), and is a weighted average of 10 Factor Scores, which group and describe different aspects of cyber risk. SecurityScorecard dives deeper into its methodology on its website.
The 10 Factor Scores allow organizations to see the vulnerability in specific parts of their security architecture. This includes application security, Domain Name System health, endpoint security, network security, asset management and IP reputation.
SecurityScorecard’s ratings are dynamic and change over time. The company constantly scans its customers’ networks after giving them an initial score so the customers know where they stand in the present. Customers can also get alerts when the score changes.
NACo’s Partnership Yields Results for Local Government Security
Since the partnership began in July, SecurityScorecard has helped counties uncover security risks and vulnerabilities. In a webinar in October with NACo, SecurityScorecard staff threat researcher Robert Ames outlined a recent ransomware attack against a county government. SecurityScorecard used its Attack Surface Intelligence to determine that bad actors targeted IP addresses that were running vulnerable SSH software and had port 22 open.
During the SecurityScorecard pilot period, from March to May, participating counties uncovered security risks and subdomain issues that needed to be addressed, according to NACo’s Reynolds. By the end of the pilot, the counties’ overall scores had improved almost across the board.
“When you look at our workloads, even when we have dedicated IT security, it’s really hard to keep up with all of these different threats,” Reynolds said in the webinar. “The automation part of it is what saves a ton of time, as long as you still have human intervention to be reading and watching it.”
How SecurityScorecard Can Bolster Security Across Government
Through its partnership with NACo, SecurityScorecard boosts its growing presence in the public sector. Recently, SecurityScorecard increased its work with congressional committees, federal and state agencies, and local authorities.
SecurityScorecard “meets regularly with government agencies for policy and operational collaboration, including threat intelligence briefings for major government agencies,” according to a press release from the organization.