Internal Federal Cybersecurity Threats Nearly as Prevalent as External, SolarWinds Survey Reveals

a
Sea-Air-Space 2014 Show Daily News - Solarwinds
 
 
 
Internal Federal Cybersecurity Threats Nearly as Prevalent as External, SolarWinds Survey Reveals
 
SolarWinds, a leading provider of powerful and affordable IT management software, today announced the results of its cybersecurity survey among federal IT Professionals, revealing that while the majority of respondents describe their agencies as cybersecurity-ready, many still face attacks and threats by both malicious intruders and careless and untrained insiders, and they are tasked with mastering IT security despite organizational and budget challenges.

In early 2014, Market Connections, a leader in providing customized government market research, in conjunction with SolarWinds conducted a blind online survey of 200 IT and IT security professional decision makers in the federal government and military. Nearly all respondents (94%) rated their agencies' cybersecurity readiness as good or excellent, asserting that they have the necessary cybersecurity tools, processes and policies in place. Despite their confidence, though, federal IT departments still face a myriad of cybersecurity threats.
     
SolarWinds, a leading provider of powerful and affordable IT management software, today announced the results of its cybersecurity survey among federal IT Professionals, revealing that while the majority of respondents describe their agencies as cybersecurity-ready, many still face attacks and threats by both malicious intruders and careless and untrained insiders, and they are tasked with mastering IT security despite organizational and budget challenges.
While the Majority of Federal IT Pros Claim Their Agencies Are Cybersecurity-Ready, They Still Face Malicious Outsider Threats as Well as Internal Ignorance, and They Must Prevent and Mitigate These Attacks Despite Organizational Issues and Budget Constraints
     
Federal IT's Biggest Cybersecurity Hazards: People
External hacking is the top cybersecurity threat plaguing federal agencies, according to half of respondents. Other human-caused threats include insider data leakage and theft (29%), mobile device theft (20%, or 25% among Civilian-only), and physical security attacks (18%).
Some respondents even admitted they "don't know what they don't know" -- nine percent were unsure if any cyber threats affected their agency.

Agency Insiders Nearly as Damaging as External Attackers

While 47 percent of respondents said the general hacking community is first to blame for cybersecurity breaches, careless and untrained insiders are a close second (42%), indicating that insiders may inadvertently pose nearly as many risks as deliberate, malicious hackers.
Further, 53 percent of Defense-only IT Pros named careless and untrained insiders their top security threat sources -- more so than foreign governments (48%) and terrorists (31%).
Another 26 percent of Defense IT Pros said malicious insiders endanger their own agencies.

"Despite the many rules and system lockdowns in place in federal IT organizations, people are by nature uncontrollable and therefore are absolutely the greatest risks to IT security," said Chris LaPoint, VP Product Management, SolarWinds. "While federal IT Pros can't change these human behaviors, they can take control of their IT infrastructures by implementing continuous monitoring of networks, servers and applications and finding the right technologies to quickly mitigate threats."

Obstacles to Maintaining Federal Cybersecurity
Budget constraints are the single most significant obstacle to maintaining or improving IT security, said 40 percent of respondents. Other obstacles represent internal organizational challenges like competing priorities (19%) and complex internal environments (14%).
Hindrances to implementing the appropriate IT security tools include lack of budget (63%) and organizational issues or "turf battles" (42%), as well as cost concerns for maintenance, upgrades and training.

Given the variety of cybersecurity threats and the unpredictability of human behavior, coupled with low budget and organizational challenges, federal IT Pros must consider taking a more pragmatic and unified approach to addressing the availability, performance, and security of their infrastructures: collect once, report to many. This means selecting tools that can address continuous monitoring across both IT Operations and Information Security domains.

Continuous monitoring of IT infrastructures can help federal IT Pros safeguard against human error and quickly identify vulnerabilities, compliance issues and other threats by automatically collecting data and reporting on the performance, availability and security posture of an IT infrastructure.

Two-thirds of survey respondents have at least one continuous monitoring solution implemented and the majority see positive return on investment.
IT Pros employing continuous monitoring can detect risky behavior faster than those without. For example, 46 percent of users can detect rogue devices on the network in minutes compared to 23 percent of non-users, and 30 percent of users can detect when firewall rules are out of compliance within minutes compared to 16 percent of non-users.

"SolarWinds' study provides detailed insight into threats and challenges government IT agencies face -- whether external or internally born," said Laurie Morrow, director of research services, Market Connections, Inc. "This research will help federal IT Professionals take a closer look at their cybersecurity infrastructures and identify strategies for monitoring and preventing future security disturbances."

SolarWinds Solutions for Government
SolarWinds provides IT management and monitoring solutions to numerous common public sector IT challenges including continuous monitoring, cybersecurity, network operations, compliance, data center consolidation, cloud computing, mobile workforce and devices, and scaling to the enterprise.

To learn more visit Solarwinds during Sea-Air-Space 2014 on booth 2605