How State Governments Struggle With Cyber-threats

 
 
By Dennis McCafferty  |  Posted 09-29-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    How State Governments Struggle With Cyber-threats
    Next

    How State Governments Struggle With Cyber-threats

    State governments often have trouble hiring staffers with well-rounded cyber-security skills, leading to outsourcing many cyber-security functions.
  • Previous
    Leading Suspects
    Next

    Leading Suspects

    47% of survey respondents describe phishing, pharming and other related incidents as "very high" threats, and 42% said the same about social engineering. Nearly three of 10 describe ransomware as a very high threat.
  • Previous
    Authorized Approach
    Next

    Authorized Approach

    67% said they have a "documented and approved" cyber-security strategy, up from 55% who said this in 2014.
  • Previous
    Slight Bump
    Next

    Slight Bump

    Just 31% said their state cyber-security budget has increased more than 6% this year, but that's up from 21% who said this in 2014.
  • Previous
    Top Focuses of Cyber-security Budgets
    Next

    Top Focuses of Cyber-security Budgets

    Incident response: 83%, Logical access control: 79%, Compliance and risk management: 69%, Cyber-security research and development: 57%, Audit or certification costs: 48%
  • Previous
    Hiring Spree
    Next

    Hiring Spree

    73% of survey respondents said they employ the equivalent of no less than six full-time workers as part of their enterprise cyber-security team, and 22% said they're employing the equivalent of at least 16 full-time staffers.
  • Previous
    Compensation Situation
    Next

    Compensation Situation

    96% said their state's salary rates and pay grade structures negatively impact their ability to develop, support and maintain their cyber-security workforce.
  • Previous
    Learning Curve
    Next

    Learning Curve

    56% said their staff has gaps in cyber-security competencies.
  • Previous
    Most Common Outsourced Cyber-security Functions
    Next

    Most Common Outsourced Cyber-security Functions

    Cyber threat risk assessments: 54%, Forensics/legal support: 44%, Cyber threat management and monitoring services: 35%, Vulnerability management: 27%, Audit log analysis and reports: 23%
  • Previous
    Hot Topic
    Next

    Hot Topic

    45% of survey respondents said the subject of cyber-security is presented or discussed at agency/office executive leadership meetings every month, up from 30% who indicated this was happening in 2014.
  • Previous
    Defense Plan
    Next

    Defense Plan

    30% said training and awareness will be a top cyber-security initiative for 2016, while 37% cited the implementation of monitoring/security operations centers (SOCs).
  • Previous
    Biggest Barriers in Addressing Cyber-security Challenges
    Next

    Biggest Barriers in Addressing Cyber-security Challenges

    Lack of sufficient funding: 80%, Lack of cyber-security professionals: 51%, Lack of documented processes: 45%, Increasing sophistication of threats: 45%, Absence of visibility and influence within the enterprise: 33%
 

With phishing, social engineering and ransomware emerging as significant threats, state governments are increasing their efforts—and boosting their budgets—to enhance their cyber-security programs, according to a recent survey from Deloitte and the National Association of State Chief Information Officers (NASCIO). The accompanying study, titled "State Governments at Risk: Turning Strategy and Awareness into Progress," focuses strictly on the challenges seen at the state government level—along with how state CISOs and their teams are responding. But the findings prove revealing for organizations within all sectors, many of which are dealing with the same complex issues. With a slight uptick in available funding, for example, states are looking to increase investment into incident response, access control and compliance/risk management solutions. Like private enterprises, they're struggling to hire staffers who can cover all gaps in cyber-security competencies. As a result, they're outsourcing functions such as cyber-threat risk assessments and forensics/legal support. As threats continue to grow and shift in nature, "we need to begin viewing the management of cyber-risk as a core function of running government operations," according to the report. CISOs, CIOs and other tech and security leaders representing a total of 49 U.S. states and territories took part in the research.

 
 
 
 
 
Dennis McCafferty is a freelance writer for Baseline Magazine.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register