New Black Kite Research Shows Threat Actors Can Find Plenty of Leaked Credentials and Unpatched Backdoors, even as the top 100 Contractors Make Progress on CMMC Frameworks
BOSTON, Nov. 16, 2021 /PRNewswire/ — Twenty percent of America’s largest 100 defense contractors are highly susceptible to a ransomware attack, according to new research from Black Kite.
Black Kite detected several critical vulnerabilities that contractors should address immediately, including:
Nearly 43% of federal defense contractors have out-of-date systems, contributing to a “D+” rating in patch management
42% of contractors have had at least one compromised credential within the past 90 days, and 40 contractors received an “F” in credential management
Black Kite’s Ransomware Susceptibility IndexTM (RSI
The top 100 federal contractors averaged an RSI
The top 100 averaged a “C+” grade for information disclosure
SSL/TLS strength and application security are both lagging, with an overall “C” grade
Any organization can get a free RSI
“Cybercriminals are targeting critical infrastructure more than ever, with each attack having a stronger impact on our national security. The trends we’re seeing in our RSI findings are alarming,” said Black Kite’s Chief Security Officer Bob Maley. “When organizations maintain a continuous view of their cyber risk posture, they are armed with detailed information to protect their most critical assets and controls.
There were several positive findings as the overall security posture of contractors received a “B” grade. Furthermore, when looking at 17% of the Cybersecurity Maturity Model Certification (CMMC) controls needed to maintain high compliance levels, 96% of the contractors were already compliant.
“The September 2025 CMMC deadline is not as far away as it seems,” said Maley. “CMMC level one covers basic cyber hygiene that all organizations, both private and public, should have covered. Higher levels offer advanced protection models that will eventually be a security requirement.”
About Black Kite
One in four organizations suffered from a cyber-attack in the last year, resulting in production, reputation, and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. Black Kite is redefining third-party risk management (TPRM) with the world’s first global third-party cyber risk monitoring platform, built from a hacker’s perspective. With 300+ customers across the globe and counting, we’re committed to improving the health and safety of the entire planet’s cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence.
While other security ratings service (SRS) providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain’s cybersecurity posture from three critical dimensions: technical, financial, and compliance.
For more information, contact Adam Benson at email@example.com or 202.999.9104.
View original content:https://www.prnewswire.com/news-releases/ransomware-susceptibility-high-for-leading-us-defense-contractors-301425388.html
SOURCE Black Kite