cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

IT Modernization and Foreign Governments Pose Cybersecurity Challenges, Survey Says

Level 12

As government agencies continue their IT modernization initiatives, administrators find themselves in precarious positions when it comes to security. That’s the overall sentiment expressed in the 2016 Federal Cybersecurity Survey1. The report found that efforts to build more modern, consolidated, and secure information technology environment networks increase security challenges, but management tools offer a potential antidote to the threats.

Modernization increased IT security challenges

Federal administrators managing the transition from legacy to modernized infrastructure face enormous challenges. The transition creates a large amount of IT complexities that burden administrators who must manage old and new systems that are very different from one another.

Many noted that consolidation and modernization efforts increase security challenges due to incomplete transitions (48 percent), overly complex enterprise management tools (46 percent), and a lack of familiarity with new systems (44 percent). Other factors included cloud services adoption (35 percent), and increased compliance reporting (31 percent).

However, 20 percent believe the transition toward more modern and consolidated infrastructures ultimately will net more streamlined and secure networks. They said replacing legacy software (55 percent) and equipment (52 percent), the adoption of simplified administration and management systems (42 percent), and having fewer configurations (40 percent) will help secure networks once the arduous transition phase is complete.

Foreign governments tie internal threats as chief concerns

For the first time, respondents said that foreign governments are just as much of a cybersecurity threat as untrained internal workers. In fact, 48 percent called out foreign governments as their top threat—an increase of 10 percentage points over our 2015 survey2.

That’s not to say that insider threats have been minimized. On the contrary. The number of people who feel insiders pose a major threat is still higher than it was just two years ago.

Investing in the right security tools can help mitigate threats

Patch management software is among the solutions administrators invest in and use to great effect, with 62 percent indicating that their agencies partake in the practice. Of those, 45 percent noted a decrease in the time required to detect a security breach, while 44 percent experienced a decrease in the amount of time it takes them to respond to a breach.

Respondents noted security information and event management (SIEM) solutions as highly effective in combating threats. While only 36 percent stated that their agencies had such tools in place, administrators who use SIEM tools felt significantly more equipped to detect just about any potential threats.

While a majority of respondents still feel their agencies are just as vulnerable to attacks now as a year ago, it is good to see an increase in the number of respondents who feel agencies have become less vulnerable. This is likely due to the fact that administrators have become highly cognizant about the potential threats and are using the proper solutions to fight them.

The Federal Cybersecurity Summary Report contains more statistics and is available for free. You might empathize with some of the findings and be surprised by others.

Find the full article on Signal.

Endnotes:

1SolarWinds Federal Cybersecurity Survey Summary Report 2016; posted February 2016; http://www.solarwinds.com/assets/surveys/cybersecurity-slide-deck.aspx

2SolarWinds Federal Cybersecurity Survey Summary Report 2015; posted February 2015; http://www.solarwinds.com/resources/surveys/solarwinds-federal-cybersecurity-survey-summary-report-2...

11 Comments

I had to smile when I read the title.  Who doesn't understand this already?  I bet you could find someone with some gold bricks to sell them.

MVP
MVP

Imagine - investment in tools and prevention helps security

Level 14

Part of the problem is the reluctance of some senior management, in our government, to embrace what needs to be done.  This is one of the reasons the government moves so slowly to comply with its own regulations.

Level 17

consolidation and modernization efforts increase security challenges due to incomplete transitions (48 percent).... somehow I think this measurement could be avoided with a little more planning and understanding of the technology; or by never leaving the job half done.

Level 13

Hey I second the comment from @mcam.  So true.

MVP
MVP

I third mcam​ comment and second rschroeder​ comment !

Level 11

MVP
MVP

Security is the highest paid profession for a reason it's also the first head on the chopping block when something goes awry.

This is good information, if not very scary, for each of us to keep in mind. Like I've heard so many times security begins at home - at the individual user level. It's important not to point the finger at others for being insecure, but never forget our individual responsibilities.

Level 21

The SIEM one is difficult for me.  While I love and am a huge advocate for SIEM tools, I don't find that they are super great at detecting threats in advance.  I personally find that they are much better for forensic analysis and detecting incidents after they have already occurred or are in the process of occurring.  They certainly help you drive out the APT's.  I would be interested to hear how others feel about this.

MVP
MVP

I agree, it really is about forensics at this point. Most SIEMs will tell you that they can detect and respond, but most are looking at data on a polling time frame rather than live. The one that we use polls servers every 30 minutes so a Ton of damage can be done before it actually can do anything about it.

My biggest gripe about SIEM is that they are generally created by those people that can read binary (not figure it out, but actually read it) and they build a product that normal humans really struggle to deal with. That said the Solarwinds LEM is easier to use than many of them, but lacks some of the features that the big packages have - so there's a trade off.

Level 10

I was just given the task of hunting down a device that triggered a brute force attack warning on our Cisco WLC.  After digging into it, the big freakout was due to some brilliant end user entering the wireless password incorrectly 20 different times in a 60-minute time frame.  Glad to have the alert but not happy to hunt down nonsense caused by fat-fingered EUs.

About the Author
I've been in IT for almost 30 years beginning in the stockroom and working my way up through operations to help build and develop the Automated Operations Team at Radioshack before Enterprise Management was a cool thing. Working in several different shops over the years has exposed me to a number of different challenges regarding monitoring and alerting. I am a amateur radio operator, Skywarn spotter for the National Weather Service, and a volunteer firefighter in a rural county just West of Fort Worth.