Federal agencies don’t do enough to protect themselves against hackers, study finds

The White House is leaving itself wide open to a large-scale phishing attack after failing to implement vital email security measures.

A report by Global Cyber Alliance has found that 95% of domains belonging to the Executive Office of the President (EOP) are left open to a hack due to a lack of security.

This is despite the Department of Homeland Security issuing a mandatory notice to all federal agencies, calling for the implementation of Domain Message Authentication Reporting & Conformance (DMARC).

DMARC is an email validation tool which can detect and prevent email spoofing by filtering out forged sender addresses.

Criminals can send phishing emails to workers under the guise of their employer, in the hopes of gaining access to the domain, in turn stealing data, finances and – in this case – even threaten national security.

Governmental agencies were given until January 15 to apply DMARC to their systems.

But this latest report revealed that out of 26 White House agencies, just one – max.gov – has top level defense implemented in its systems.

Seven other agencies have introduced DMARC but at the lowest level possible, meaning that the emails are scanned but not blocked.

And 18 of the domains have no DMARC protection at all.

These stats are worrying, considering the Pentagon blocks 36 million malicious emails every day.

And it’s only a matter of time before national security is compromised by a phishing attack, according to Global Cyber Alliance.

Philip Reitiger, CEO, said: “The lack of full DMARC deployment across nearly every EOP email address poses a national security risk that must be fixed.

“The EOP domains that have recently deployed DMARC at its lowest setting includes WhiteHouse.gov and EOP.gov, two of the most significant government domains.

“I hope that the government will move rapidly to block phishing attempts across all EOP domains.”