New federal cybersecurity survey results were released today by SolarWinds:
March 26, 2014 07:30 ET
Internal Federal Cybersecurity Threats Nearly as Prevalent as External, SolarWinds Survey Reveals
While the Majority of Federal IT Pros Claim Their Agencies Are Cybersecurity-Ready, They Still Face Malicious Outsider Threats as Well as Internal Ignorance, and They Must Prevent and Mitigate These Attacks Despite Organizational Issues and Budget Constraints
AUSTIN, TX--(Marketwired - Mar 26, 2014) - SolarWinds (NYSE: SWI), a leading provider of powerful and affordable IT management software, today announced the results of its cybersecurity survey among federal IT Professionals, revealing that while the majority of respondents describe their agencies as cybersecurity-ready, many still face attacks and threats by both malicious intruders and careless and untrained insiders, and they are tasked with mastering IT security despite organizational and budget challenges.
In early 2014, Market Connections, a leader in providing customized government market research, in conjunction with SolarWinds conducted a blind online survey of 200 IT and IT security professional decision makers in the federal government and military. Nearly all respondents (94%) rated their agencies' cybersecurity readiness as good or excellent, asserting that they have the necessary cybersecurity tools, processes and policies in place. Despite their confidence, though, federal IT departments still face a myriad of cybersecurity threats.
Federal IT's Biggest Cybersecurity Hazards: People
- External hacking is the top cybersecurity threat plaguing federal agencies, according to half of respondents. Other human-caused threats include insider data leakage and theft (29%), mobile device theft (20%, or 25% among Civilian-only), and physical security attacks (18%).
- Some respondents even admitted they "don't know what they don't know" -- nine percent were unsure if any cyber threats affected their agency.
Agency Insiders Nearly as Damaging as External Attackers
- While 47 percent of respondents said the general hacking community is first to blame for cybersecurity breaches, careless and untrained insiders are a close second (42%), indicating that insiders may inadvertently pose nearly as many risks as deliberate, malicious hackers.
- Further, 53 percent of Defense-only IT Pros named careless and untrained insiders their top security threat sources -- more so than foreign governments (48%) and terrorists (31%).
- Another 26 percent of Defense IT Pros said malicious insiders endanger their own agencies.
"Despite the many rules and system lockdowns in place in federal IT organizations, people are by nature uncontrollable and therefore are absolutely the greatest risks to IT security," said Chris LaPoint, VP Product Management, SolarWinds. "While federal IT Pros can't change these human behaviors, they can take control of their IT infrastructures by implementing continuous monitoring of networks, servers and applications and finding the right technologies to quickly mitigate threats."
Obstacles to Maintaining Federal Cybersecurity
- Budget constraints are the single most significant obstacle to maintaining or improving IT security, said 40 percent of respondents. Other obstacles represent internal organizational challenges like competing priorities (19%) and complex internal environments (14%).
- Hindrances to implementing the appropriate IT security tools include lack of budget (63%) and organizational issues or "turf battles" (42%), as well as cost concerns for maintenance, upgrades and training.
Given the variety of cybersecurity threats and the unpredictability of human behavior, coupled with low budget and organizational challenges, federal IT Pros must consider taking a more pragmatic and unified approach to addressing the availability, performance, and security of their infrastructures: collect once, report to many. This means selecting tools that can address continuous monitoring across both IT Operations and Information Security domains.Continuous monitoring of IT infrastructures can help federal IT Pros safeguard against human error and quickly identify vulnerabilities, compliance issues and other threats by automatically collecting data and reporting on the performance, availability and security posture of an IT infrastructure.
- Two-thirds of survey respondents have at least one continuous monitoring solution implemented and the majority see positive return on investment.
- IT Pros employing continuous monitoring can detect risky behavior faster than those without. For example, 46 percent of users can detect rogue devices on the network in minutes compared to 23 percent of non-users, and 30 percent of users can detect when firewall rules are out of compliance within minutes compared to 16 percent of non-users.
"SolarWinds' study provides detailed insight into threats and challenges government IT agencies face -- whether external or internally born," said Laurie Morrow, director of research services, Market Connections, Inc. "This research will help federal IT Professionals take a closer look at their cybersecurity infrastructures and identify strategies for monitoring and preventing future security disturbances."
SolarWinds Solutions for Government
SolarWinds provides IT management and monitoring solutions to numerous common public sector IT challenges including continuous monitoring, cybersecurity, network operations, compliance, data center consolidation, cloud computing, mobile workforce and devices, and scaling to the enterprise.U.S. Government certifications and approvals include Army CoN, Air Force APL and Navy DADMS, and technical requirements include FIPS PUB 140-2 compliance (as specified by the National Institute of Standards and Technology), DISA STIG automated reports, Section 508 VPATs, and previous Common Criteria EAL 2 Certification.SolarWinds software is available on the U.S. General Services Administration (GSA) Schedule,Department of Defense ESI and other contract vehicles. Visit SolarWinds' Government Solutions page for more information including fully functional free trials of products or visit SolarWinds' community, thwack, to download 300 free out-of-the-box compliance report templates of major auditing authorities including DISA STIG, FISMA, and NIST.
- Survey Slideshare: SolarWinds Federal Cybersecurity Survey
- Whiteboard Blog: Federal IT's Biggest Cybersecurity Challenges - And What to Do about Them
*From January 21 to February 5, 2014 Market Connections surveyed 200 IT security professionals in federal government and military service in conjunction with SolarWinds. Full survey results are available upon request.
SolarWinds (NYSE: SWI) provides powerful and affordable IT management software to customers worldwide from Fortune 500 enterprises to small businesses. In all of our market areas, our approach is consistent. We focus exclusively on IT Pros and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. SolarWinds delivers on this commitment with unexpected simplicity through products that are easy to find, buy, use and maintain while providing the power to address any IT management problem on any scale. Our solutions are rooted in our deep connection to our user base, which interacts in our online community, thwack, to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.
SolarWinds, SolarWinds.com and thwack are registered trademarks of SolarWinds. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.