Federal Cybersecurity Survey Reveals Government Regulations, Careless Insiders, and IT Modernization Complicate Federal Agencies’ Security Posture
Agencies with strong IT controls are better prepared for security threats and are better able to manage risk.
HERNDON, VA – September 18, 2017 – SolarWinds, a leading provider of powerful and affordable IT management software, today revealed the findings of its fourth annual Federal Cybersecurity Survey.*
“Our survey shows that public sector IT pros are burdened by increasingly sophisticated cyberattacks, challenged by the need to secure data in the midst of modernization and cloud migration efforts, and required to train employees who are unknowingly introducing vulnerabilities into government systems,” said Mav Turner, senior director of product strategy, SolarWinds. “These are Herculean tasks for teams with limited resources.”
2017 Key Findings for the Federal Sector
Over half of respondents (52 percent) indicate that regulations and mandates posed more of a challenge to managing risk.
- Respondents were twice as likely to feel that the Risk Management Framework posed a challenge to managing risk than to contributing to success.
- While respondents were generally more positive about the benefits of other security regulations (FISMA, NIST Framework for Improving Critical Infrastructure Cybersecurity, DISA STIGS, and HIPAA), many still believe that these mandates contribute to risk management problems.
- The majority (55 percent) of respondents feel that NIST’s Cybersecurity Framework has been successful in promoting a dialogue about managing risk, and more than eight in ten indicate their agencies are at least somewhat mature in each of the five areas of the Framework. Still, over a third (38 percent) agree that federal IT professionals don’t fully understand the Framework.
Compliance and risk management do not go hand-in-hand.
- Three quarters (75 percent) of respondents agree federal agencies are more proactive regarding IT security than they were five years ago.
- Though the majority (60 percent) agree that compliance has helped their agency improve its cybersecurity capabilities, seven in ten (70 percent) believe that being compliant does not necessarily mean being secure. Over half (54 percent) believe that security regulations and mandates can lead to complacency since tasks are performed to ‘check a box.’
Technology upgrades, cloud migration and network modernization contribute to risk management challenges.
- Forty-three percent of respondents believe that IT modernization efforts have contributed to successful risk management, but 34 percent indicate that these efforts have posed more of a challenge. Nineteen percent noted no change at all.
- Significantly more defense (51 percent) than civilian respondents (37 percent) indicate IT modernization initiatives contributed to successfully managing risk.
- Only 20 percent of respondents believe cloud computing has contributed to improved risk management, while 68 percent believe cloud computing is posing more of a challenge or having no effect on an agency’s risk management posture.
- Two-thirds (66 percent) of respondents think that efforts to modernize networks have resulted in an increase in IT security challenges.
Careless or untrained insiders and foreign governments are noted as the largest sources of security threats at federal agencies.
- Fifty-four percent of respondents indicated that careless/untrained insiders represent the greatest security threat to their agency, up from 48 percent last year and the highest in four years.
- Foreign governments are again ranked number two as a source of security threats, as indicated by 48 percent of respondents.
- The threat of malicious insiders is also on the rise, up from 22 percent to 29 percent overall this year. Significantly more defense (40 percent) than civilian respondents (21 percent) indicate malicious insiders are a security threat at their agency.
High-performing agencies with excellent IT controls experience fewer cyberthreats, a faster response time, and more positive results from IT modernization initiatives.
- High-performing agencies are more likely to indicate they have experienced a decrease in multiple cyber security threats in the past 12 months—double or triple the proportion of government agencies with less sophisticated IT control processes.
- Respondents that indicate their agency’s ability to provide evidence of IT controls as excellent or good are significantly more able than respondents who rate their agency’s ability as fair/poor to detect most security threats within minutes.
- High-performing agencies with excellent IT controls are more likely to note IT modernization has successfully contributed to their ability to manage risk as part of its overall security posture relative to agencies rating their controls as fair/poor, 61 percent versus 36 percent, respectively.
“An important message in this year’s report is that government agencies need to develop strong IT controls,” said Joe Kim, EVP, Engineering and Global CTO. “Agencies that have adopted these practices see more benefits from their technology investments, are better prepared for security threats, and more successful managing risk during modernization projects.”
*In August-September 2017, independent research firm Market Connections, Inc. surveyed 200 IT security professionals in U.S. federal civilian and defense agencies on behalf of SolarWinds. Full survey results are available upon request.
Connect with SolarWinds
SolarWinds provides powerful and affordable IT management software to customers worldwide, from Fortune 500® enterprises to small businesses, managed service providers (MSPs), government agencies, and educational institutions. We are committed to focusing exclusively on IT, MSP, and DevOps professionals, and strive to eliminate the complexity that our customers have been forced to accept from traditional enterprise software vendors. Regardless of where the IT asset or user sits, SolarWinds delivers products that are easy to find, buy, use, maintain, and scale while providing the power to address key areas of the infrastructure from on-premises to the cloud. This focus and commitment to excellence in end-to-end hybrid IT performance management has established SolarWinds as the worldwide leader in both network management software and MSP solutions, and is driving similar growth across the full spectrum of IT management software. Our solutions are rooted in our deep connection to our user base, which interacts in our THWACK online community to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at www.solarwinds.com.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.
© 2017 SolarWinds Worldwide, LLC. All rights reserved.