OIG Report: Commerce Department Used Default Passwords for Endpoint Protection Tool
The Department of Commerce inspector general noted several cybersecurity deficiencies within the agency’s Office of the Secretary that leave it vulnerable to hacks.
According to a Commerce Department Office of the Inspector General audit, the most glaring issue within the office is its use of default passwords for its endpoint protection tool, which can easily be compromised through a quick online search.
The oversight body said changing passwords significantly reduces intruder entry points, FedScoop reported.
The OIG also called out the office’s chief information officer for taking more than three weeks to change the passwords after being notified of the problem.
The OIG also found that the Commerce Department’s endpoint security tool was not properly configured and did not detect the majority of the oversight body’s simulated attacks. The IG also found that the agency was slow to respond to attacks.
Commerce Department CIO and former Potomac Officers Club event speaker Andre Mendes said the Office of the Secretary has changed default passwords and hired an information systems security officer to oversee cyber risks.
Tags: André Mendes cybersecurity Department of Commerce endpoint protection FedScoop password management