Cyberattacks pose an increasingly dangerous threat to the world, and can greatly impact the ability of governments, corporations, and individuals alike to protect their sensitive data. Those aiming to steal sensitive data or interrupt technology based communications will go to great lengths to carry out their directives.
To better understand the current cybersecurity landscape, the Government Business Council (GBC) and Dell Security performed analysis via survey in February 2016 as a follow up to GBC’s 2014 research study. The survey gauged the evolving opinions of federal level government leaders regarding how they perceive current threats.
When comparing the 2014 data to the findings of the 2016 survey, GBC and Dell determined that there has been an overall decrease in employee confidence pertaining to their agency’s cyber abilities.
Andy Vallila, Security Leader at Dell Software, told Homeland Security Today, “As agencies like the Department of Homeland Security (DHS) deal with these security threats, a holistic security plan that includes identity and access management, next-generation firewalls, email security, employee training and access governance, and protection for all potential agency network touch points will be critical.”
“DHS – and any agencies dealing with sensitive information – need a comprehensive, proactive approach to security,” Vallila added.
The 2016 survey polled 464 senior level federal employees which represented 30 federal defense and civilian agencies. Of these, 54 percent of those who responded were GS/GM 13 level and above, and cognizant of the cybersecurity issues of their agency. The results revealed that leaders are less confident in cybersecurity measures today, than they were just two years ago.
While a substantial majority of respondents believed their agency’s defensive measures were sufficient to combat cyber threats in 2015, today, that confidence has dropped dramatically, with just 35 percent of respondents indicating they are confident in their agency’s ability to protect information systems.
“Fewer than 1 in 3 feel confident in their agency’s ability to protect employees’ personal information or keep up with evolving cyber threats,” the report stated.
Threats located within electronic correspondence, such as email, remain one of the largest areas of concern, with malware and phishing described as two of the top threats. Personnel and education surrounding proper cybersecurity protocol remain two of the greatest areas of vulnerability.
The threats themselves, according to the survey report findings, are believed to come most often from hacktivists, nation states, criminal organizations, state-sponsored actors, and insiders.
The report further noted that while those who responded remained fairly confident in their organization’s network security measures, uncertainty has increased compared to two years ago. This reflects a twenty-eight point drop in confidence, as it relates to protection around evolving cyber threats.
“Cyber threats cannot be eliminated entirely, but they can be managed much more effectively. And we can best do this by aligning and focusing our efforts, by properly funding necessary cyber investments, by building strong partnerships across government and industry, and by drawing on the best ideas and talent from across the country to tackle this quintessential problem of the 21st century,” said Federal CIO Tony Scott in the report.
Report findings revealed that many agencies are not utilizing the tools available to them, including fully leveraging the Internet of Things (IoT) to strengthen the cybersecurity posture of their organizations.
“Agencies have yet to make meaningful progress in leveraging IoT or in implementing IoT cybersecurity,” the report stated. “Budget constraints, procurement delays, and bureaucratic inertia are most commonly identified as obstacles to more comprehensive defense measures, suggesting that organizational barriers present a greater challenge than technical issues with regard to agency cybersecurity enhancement.”