Colorado State Fails at Cybersecurity, Auditors Say
Photo: ErgoSum88
A cybersecurity firm hired to perform penetration tests of Colorado state agencies’ systems easily gained access to thousands of documents containing citizens’ sensitive personal information, deeming the state computer systems at “high risk” of a cyber attack, an audit released yesterday revealed.
As reported by The Denver Post, the audit found that more than half of 20 agencies had failed to submit plans detailing their computer system security measures to the state’s Office of Cyber Security as required by law. Although there had been 43 cybersecurity incidents reported to the office since 2006, auditors believed the number was higher.
The most pressing issue to lawmakers on the Legislative Audit Committee was the result of a penetration test done by a private security firm on state agencies, Denver Post noted.
“We conducted a penetration test of public agencies and found significant vulnerabilities throughout state government that allowed the assessment team to compromise thousands of records containing individuals’ confidential information, such as social security numbers, birth dates, and income levels,” auditors reported. “The assessment team also compromised several state networks and systems and identified hundreds of vulnerabilities in state systems.
Based on the results of the penetration test, prior IT audits, and the review of the implementation of the Colorado Cyber Security Program during this audit, the auditors concluded the Office of Cyber Security has failed to successfully implement the Colorado Cyber Security Program, as specified by statute.
Related posts:
