Cybersecurity is one of the most important issues facing federal agencies today. With an unrelenting cycle of cyber attacks and new cyber risks cropping up every day, federal agencies are urgently looking to identify solutions while bolstering their cybersecurity precautions.
In an effort to better understand the sentiments and priorities of federal IT decision makers, as well as the roadblocks they face in addressing this massive challenge, SolarWinds conducted its fourth annual Federal Cybersecurity Survey in July of this year. The survey was conducted among 200 federal government IT decision makers and explored their views on some of the federal government’s most pressing issues in cybersecurity.
One key finding that SolarWinds discovered is that cyberattacks are not the only factors causing concern among federal IT leaders.
“Our survey shows that public sector IT pros are burdened by increasingly sophisticated cyberattacks, challenged by the need to secure data in the midst of modernization and cloud migration efforts, and required to train employees who are unknowingly introducing vulnerabilities into government systems,” said Mav Turner, senior director of product strategy, SolarWinds. “These are Herculean tasks for teams with limited resources.”
Other findings in the cybersecurity survey revealed that unnecessary or excessive regulation often creates a hurdle in securing systems and compliance does not equal true security. Some specific data points from the report include:
- While respondents were generally more positive about the benefits of other security regulations (FISMA, NIST Framework for Improving Critical Infrastructure Cybersecurity, DISA STIGS, and HIPAA), 52% of respondents believe these mandates contribute to risk management problems.
- The majority (55 percent) of respondents feel that NIST’s Cybersecurity Framework has been successful in promoting a dialogue about managing risk, and more than eight in ten indicate their agencies are at least somewhat mature in each of the five areas of the Framework. Still, over a third (38 percent) agree that federal IT professionals don’t fully understand the Framework.
- Though the majority (60 percent) agree that compliance has helped their agency improve its cybersecurity capabilities, seven in ten (70 percent) believe that being compliant does not necessarily mean being secure. Over half (54 percent) believe that security regulations and mandates can lead to complacency since tasks are performed to ‘check a box.’
While IT modernization at the center of several federal agencies’ strategies in coming years is meant to address concerns like cybersecurity, many IT leaders believe that modernization process is proving difficult to manage. In fact, the report stated, “Only 20 percent of respondents believe cloud computing has contributed to improved risk management, while 68 percent believe cloud computing is posing more of a challenge or having no effect on an agency’s risk management posture.”
However, the cybersecurity survey revealed that high-performing agencies with excellent IT controls (meaning they have already undergone much of the IT modernization process) experience fewer cyber threats and faster response times. These findings suggest that modernization does address security needs and reduces IT professionals’ pain points, though the process itself is trying.
“An important message in this year’s report is that government agencies need to develop strong IT controls,” said Joe Kim, EVP, Engineering and Global CTO of SolarWinds. “Agencies that have adopted these practices see more benefits from their technology investments, are better prepared for security threats, and more successful managing risk during modernization projects.”
You can find the full cybersecurity survey on SlideShare here.
Want to learn more about the survey results and what they mean for federal agencies? You can register for the webinar here.