Federal IT Managers' Biggest Worries: Insider Negligence, Sophisticated Attacks
Federal government IT and cyber-security professionals are worried about sophisticated threats and the level of visibility they have in their networks, Cisco found in a recent online survey. Many of the professionals are seeing the cloud as a way to improve security while reducing costs.
Employee behavior, increasingly sophisticated cyber-threats and lengthy IT processes top the list of cyber-security concerns by federal agencies, according to the results of a Cisco report released Sept. 14. The "Federal Cyber-Security Study" explored the security challenges faced by the IT staffs in the federal government.
IT staffs remain concerned about trust within their departments, the survey found. Nearly two-thirds of the respondents said the greatest risks in the next 12 months will likely come from sophisticated attacks, "negligent use of data" by internal personnel and increased activity on social media sites.
Improving trust, visibility and resilience is "critical" to improving an agency's cyber-security posture, regardless of whether the focus is on "building clouds, securing networks or managing information technology procurements," said Bill Cooper, director of cyber-security programs at Cisco Systems.
About 70 percent of staffs are concerned about the increasingly sophisticated nature of cyber-attacks. Nearly half of the staffs surveyed said their agency had experienced at least one phishing attack in the past 12 months, the survey found.
Theft or loss of computers, mobile devices and other portable media was the second most common cyber-incident, at 32 percent, followed by denial of service attacks and data infiltration, at 18 percent and 15 percent, respectively. The respondents felt there needs to be more visibility into the networks to secure their agency, and only half said they have a clear picture of all network activity.
Increased visibility would allow agencies and departments to identify "hot spots," find and fix vulnerabilities, and improve response times. About 65 percent felt education and training would be most useful to address cyber-security challenges. Approximately 58 percent said network intrusion detection capabilities would be useful, and 51 percent felt maintaining situational awareness is important.
In light of looming budget cuts, respondents said they plan to invest in networks and people to fight off cyber-threats. Half of the respondents said they plan to invest in ways to identify system vulnerabilities, and 37 percent plan to increase training. Another 32 percent plan to develop threat-resistant networks, although it was not clear from the study what technology or processes were meant by that.