A Third of Top Federal Contractors Found Especially Vulnerable to Cyber Theft

March 01, 2016

A Third of Top Federal Contractors Found Especially Vulnerable to Cyber Theft

WASHINGTON, D.C., March 1, 2016 – More than a third of the largest contractors to the federal government have a higher-than-average risk of being hacked by cyber criminals, according to a new study by Winvale, a leading government contract consultancy.

The study, conducted by Winvale’s ID Agent division, reveals that 24 of the 70 top federal government contractors providing professional services – or 34 percent – have had an above average number of their employees’ email accounts stolen and sold on the Dark Web, the vast domain that’s inaccessible to common search engines such as Google, Yahoo and Bing and where cyber criminals operate anonymously.

The higher the percentage of employees whose email accounts are compromised, the more vulnerable to cyber theft a company is, according to the study.

“Too many federal contractors have a blind spot when it comes to cyber risk,” said Brian Dunn, managing partner of Winvale. “The public sector is under constant attack from cyber criminals and terrorists. Professional services firms, which conduct a significant amount of government business, need to do a better job of understanding cyber risk and protecting sensitive data. Tracking the percentage of employees’ email exposed on the Dark Web is an excellent way to measure a company’s cyber vulnerability.”

With more than 10 years of experience in the cyber-risk field, Winvale determined that organizations on average lose 17.9 percent of their employees’ email credentials to the Dark Web and cyber theft. The average for the federal contractors examined in the study was 15.5 percent. Two dozen of those companies exceeded the 17.9 percent benchmark and 45 fell below that average number.

The study breaks down the companies by industry. Logistics firms and financial and accounting firms, for example, were found to be less likely to have an elevated risk of cyber theft. Management consultants and advertising and marketing firms were at higher risk of having their employees compromised email accounts sold on the Dark Web, the study finds.

Using compromised email accounts per employee as a key indicator, individual companies’ vulnerability to cyber theft varied widely. Engility Corporation, a logistics firm based in Virginia, had only an estimated 0.6 percent of its email accounts on the Dark Web, an indication that it is better protected from cyber hacking. GC Services Limited Partnership, a financial institution, only had 0.7 percent of its email accounts on the Dark Web.

In contrast, McKinsey & Company, Inc., a major management consulting firm, had 52.7 percent of its email accounts listed on the Dark Web, and Computer Services Corporation (CSC), in the information technology category, had 42.0 percent of its email accounts identified on the Dark Web.

ID Agent’s Dark Web ID monitoring tool has identified more than 520 million compromised records on the Dark Web. It estimates that 82.7 percent of all public and private organizations have employees whose email accounts have been stolen. The ID Agent team conducted the study using the proprietary Dark Web ID, which is designed to help both public and private sector organizations detect and manage potential cyber threats. Dark Web ID is deployed worldwide and scours botnets, criminal chat rooms, blogs, websites, bulletin boards, peer-to-peer networks, forums, private networks and other black market sites.

Full copies of the report are available at www.idagent.com.

About Dark Web ID
Dark Web ID is a solution offered by ID Agent, a division of The Winvale Group, headquartered in Washington, D.C. ID Agent’s mission is to help clients “better protect your organization, your employees and the customers you serve.” For more than a decade, Winvale has been supporting both government agencies and the contractors that serve them with comprehensive compliance, security solutions and services. Winvale’s ID Agent & Dark Web ID solutions are used by global leaders in the finance, legal and security industries as well as the public sector to monitor organizational and individual identities.

About Winvale

Founded in 2003, Winvale is strategically headquartered in the center of Washington, D.C. Supporting more than 3,000 commercial and government organizations, we have built a world-class company singularly focused on our clients’ success. Winvale is recognized as the leading provider of Government Advisory Services and Strategic Consulting to government contractors across all industries and disciplines. We serve executives and managers by providing expert guidance and support as they enter and compete within government markets. In June 2015, Winvale was awarded a contract by the U.S. Office of Personnel Management (OPM) to monitor and protect the identities of more than 4.2 million current and former federal employees.