How State Governments Struggle With Cyber-threats
-
How State Governments Struggle With Cyber-threats
State governments often have trouble hiring staffers with well-rounded cyber-security skills, leading to outsourcing many cyber-security functions. -
Leading Suspects
47% of survey respondents describe phishing, pharming and other related incidents as "very high" threats, and 42% said the same about social engineering. Nearly three of 10 describe ransomware as a very high threat. -
Authorized Approach
67% said they have a "documented and approved" cyber-security strategy, up from 55% who said this in 2014. -
Slight Bump
Just 31% said their state cyber-security budget has increased more than 6% this year, but that's up from 21% who said this in 2014. -
Top Focuses of Cyber-security Budgets
Incident response: 83%, Logical access control: 79%, Compliance and risk management: 69%, Cyber-security research and development: 57%, Audit or certification costs: 48% -
Hiring Spree
73% of survey respondents said they employ the equivalent of no less than six full-time workers as part of their enterprise cyber-security team, and 22% said they're employing the equivalent of at least 16 full-time staffers. -
Compensation Situation
96% said their state's salary rates and pay grade structures negatively impact their ability to develop, support and maintain their cyber-security workforce. -
Learning Curve
56% said their staff has gaps in cyber-security competencies. -
Most Common Outsourced Cyber-security Functions
Cyber threat risk assessments: 54%, Forensics/legal support: 44%, Cyber threat management and monitoring services: 35%, Vulnerability management: 27%, Audit log analysis and reports: 23% -
Hot Topic
45% of survey respondents said the subject of cyber-security is presented or discussed at agency/office executive leadership meetings every month, up from 30% who indicated this was happening in 2014. -
Defense Plan
30% said training and awareness will be a top cyber-security initiative for 2016, while 37% cited the implementation of monitoring/security operations centers (SOCs). -
Biggest Barriers in Addressing Cyber-security Challenges
Lack of sufficient funding: 80%, Lack of cyber-security professionals: 51%, Lack of documented processes: 45%, Increasing sophistication of threats: 45%, Absence of visibility and influence within the enterprise: 33%
With phishing, social engineering and ransomware emerging as significant threats, state governments are increasing their efforts—and boosting their budgets—to enhance their cyber-security programs, according to a recent survey from Deloitte and the National Association of State Chief Information Officers (NASCIO). The accompanying study, titled "State Governments at Risk: Turning Strategy and Awareness into Progress," focuses strictly on the challenges seen at the state government level—along with how state CISOs and their teams are responding. But the findings prove revealing for organizations within all sectors, many of which are dealing with the same complex issues. With a slight uptick in available funding, for example, states are looking to increase investment into incident response, access control and compliance/risk management solutions. Like private enterprises, they're struggling to hire staffers who can cover all gaps in cyber-security competencies. As a result, they're outsourcing functions such as cyber-threat risk assessments and forensics/legal support. As threats continue to grow and shift in nature, "we need to begin viewing the management of cyber-risk as a core function of running government operations," according to the report. CISOs, CIOs and other tech and security leaders representing a total of 49 U.S. states and territories took part in the research.