Federal agencies have identified the accidental insider as the number one threat to IT security, time and time again over the past several years. This year, however, foreign governments are tied with careless or untrained insiders, according to a survey by SolarWinds, a leading provider of powerful and affordable IT management software.
SolarWinds’ third annual Federal Cybersecurity Survey is based on the responses of 200 IT security professionals in US federal civilian and defense agencies surveyed by independent research firm Market Connections in December 2015 and January 2016. The survey explores the biggest obstacles to improving IT security, including exposure during consolidation and modernization processes, as well as the threats posed by foreign governments and careless or untrained insiders.
The survey found that 48 percent of respondents name foreign governments the top IT security threat, compared to only 38 percent in 2015—an increase of 10 percentage points—putting foreign governments and accidental insiders at a tie for the number one threat to federal cybersecurity.
Last year, as Homeland Security Today reported, 53 percent of respondents saw insiders as the biggest threat, compared to 42 percent in 2014. Federal agencies continue to identify the accidental insider as a greater threat than the malicious insider.
“There has been no significant reduction in the various sources of security threats,” the survey results stated. “Since 2014, respondents indicate significant increases in threats from foreign governments and hacktivists.”
Respondents cited consolidation and modernization as major federal IT security concerns. Almost half of respondents stated that IT consolidation and modernization efforts have resulted in an increase in IT security challenges because transitions are incomplete, enterprise management tools are too complex, and there is a lack of familiarity with new systems.
On the other hand, 20 percent of respondents indicated that modernization and consolidation can decrease security challenges, with respondents citing replacing legacy software and equipment and simplified administration and management as key contributors to this result.
“As federal IT departments move through the process of consolidation and modernization, the complexity of IT environments increases significantly and the responsibility of managing both legacy infrastructure and upgraded systems places a considerable burden on IT pros,” said Mav Turner, director of product strategy, SolarWinds. “When completed, consolidation and modernization projects will provide more efficient and secure environments, but this isn’t going to happen overnight, so additional attention must be given to securing environments against threats no matter where they originate.”
Respondents believe the increasing sophistication of threats makes their agency more vulnerable to attack. While the majority feel their agency is just as vulnerable to attack as last year, more feel the agency is less vulnerable as opposed to more vulnerable.
“SolarWinds’ annual cybersecurity survey tracks the sources of IT security threats and challenges that federal IT professionals face. This year it was good to see that 28 percent of respondents feel less vulnerable in spite of 38 percent seeing an increase in the number of IT security incidents,” said Laurie Morrow, director of research services, Market Connections, Inc. “These insights and the extended research provides insight into how agencies ensure their IT security in light of internal change and an ever-growing list of external threats.”
In responding to these threats in the year ahead, most respondents see their investment in security tools increasing in 2016 or at least staying the same as it was in 2015.
SolarWinds emphasized the importance of investing in the right tools. Increased use of SmartCards, which are used by about three-quarters of IT professionals, for dual-factor authentication is given the most credit for making agencies less vulnerable to attack than a year ago.
