[syspec]

> The victims have included large contractors as well as small ones, some of which are seen as lacking the resources to invest in securing their networks.

That does not compute. If they want to become a defense contractor, it stands to reason not spending resources on securing their network (and educating their employees against phishing attacks) is a non-starter.

[kasey_junk]

Why? You can be a “defense contractor” as a one person show out of your garage.

The requirements for selling a toilet to the navy were written at a time when these issues didn’t exist. That the biggest bureaucracy on earth doesn’t respond well to new threats seems ecpected not odd.

[rhodysurf]

Exactly. Legit anyone can bid on these contracts and the DOD is finally starting to crack down on “Confidential Unclassified Information” and the contractors that handle that data. It’s wild how many small companies have no security infrastructure

[paulie_a]

Are you serious? It should be pragmatic and taken seriously, but it isn't. As for phishing attacks, try it three times in a row and, if I recall correctly you get results of 50 percent success.