SolarWinds announced today the results of its third annual Government Cybersecurity Survey, which explores major hindrances for IT security improvement, including exposure during consolidation and modernisation processes, threats from foreign governments and careless or untrained insiders.
The findings also highlight how the implementation of IT security management tools help mitigate threats, strengthening security strategies.
"As government IT departments move through the process of consolidation and modernisation, the complexity of IT environments increases significantly and the responsibility of managing both legacy infrastructure and upgraded systems places a considerable burden on IT pros," said Mav Turner, director of product strategy, SolarWinds.
"When completed, consolidation and modernisation projects will provide more efficient and secure environments, but this isn’t going to happen overnight, so additional attention must be given to securing environments against threats no matter where they originate."
Organisational obstacles present IT security challenge
Almost half (48%) of respondents stated that IT consolidation and modernisation efforts have resulted in an increase in IT security challenges because transitions are incomplete (48%), enterprise management tools are too complex (46%), and there is a lack of familiarity with new systems (44%)
In contrast, 20% of respondents indicated that modernisation and consolidation can decrease security challenges citing replacing legacy software (55%) and equipment (52%) and simplified administration and management (42%) as key contributors to this result.
Behind budget constraints (29%), the greatest obstacles to improving IT security are complexity of internal environments (16%) followed by inadequate collaboration with other internal teams (12%).
Foreign governments now rival careless or untrained insiders as biggest threat to IT security
For the first time, foreign governments tied with careless or untrained insiders as the greatest IT security threat, with 48% of respondents indicating that they top their list.
Careless and untrained insiders dropped from 2015 responses when 53% of respondents saw insiders as the biggest threat, but is still higher than 2014 (42%),
Foreign governments saw an increase of 10% points over 2015, indicating it is a top security threat.
When asked to compare their agency’s IT security attack vulnerability with last year, respondents claimed the increased sophistication of threats (44%) made their agencies more vulnerable, followed by volume of attacks (26%) and end user policy violations (24%).
Implementing tools and strategies mitigate IT security threats
While 84% of respondents see their investment in security tools increasing (51%) in 2016 or staying the same (33%) as it was in 2015, it is important to ensure that the investment is in the right security tools.
Of the 62% of respondents whose agencies currently use patch management software, 45% have seen a decrease in the time required to detect a security breach and 44 percent a decrease in the time required to respond.
Of the 62% of respondents whose agencies currently use configuration management software, 47% have seen a decrease in the time required to respond to security breaches.
Only 36% of respondents said their agencies security information and event management (SIEM) products in place, but those that have a SIEM solution implemented are significantly more equipped to detect almost every single threat listed in the survey
72% of respondents currently use Smart Card / Common Access Card for authentication, and 38% say increased use of Smart Cards for dual-factor authentication makes them less vulnerable to security attacks
"SolarWinds’ annual cybersecurity survey tracks the sources of IT security threats and challenges that government IT professionals face.
"This year it was good to see that 28% of respondents feel less vulnerable, in spite of 38% seeing an increase in the number of IT security incidents," said Laurie Morrow, director of research services, Market Connections, Inc.
"These insights and the extended research provides insight into how agencies ensure their IT security in light of internal change and an ever-growing list of external threats."
SolarWinds® Solutions for Government
SolarWinds software is available on the US General Services Administration (GSA) Schedule, Department of Defence ESI, and other contract vehicles.
US Government certifications and approvals include Army CoN, Air Force APL, Navy DADMS, and technical requirements include FIPS compatibility, DISA STIGs, and National Institute of Standards and Technology (NIST) compliance.
SolarWinds also has hundreds of built-in automated compliance reports, which meet requirements of all major auditing authorities, including DISA STIG, FISMA and NIST.
SolarWinds’ thwack® online user community provides information on Smart Card and Common Access Card (CAC) product support and a number of innovative compliance report templates available to download for free, which are designed to help users prepare for an inspection.