Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SolarWinds Federal Cybersecurity Survey 2015

17,586 views

Published on

In December 2014, Market Connections, a leading government market research provider, in conjunction with SolarWinds conducted its second annual blind survey of 200 IT and IT security decision makers in the federal government, military and intelligence communities in an effort to uncover their most critical IT security challenges and to determine how to make potential security threats visible so IT can confront them. Respondents weighed in on top cybersecurity threat sources, obstacles to threat prevention, necessary tools for threat prevention, and their concerns, investment and policies regarding cybersecurity.

Visit http://www.solarwinds.com/federal to learn more.

Published in: Technology
  • Hi there! Get Your Professional Job-Winning Resume Here - Check our website! http://bit.ly/resumpro
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

SolarWinds Federal Cybersecurity Survey 2015

  1. 1. © 2015 Market Connections, Inc. SolarWinds® Federal Cybersecurity Survey Summary Report 2015 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  2. 2. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Background and Objectives 2 SolarWinds contracted Market Connections to design and conduct an online survey among 200 federal government IT decision makers and influencers in December 2014. SolarWinds was not revealed as the sponsor of the survey. The main objectives of the survey were to: • Determine challenges faced by IT professionals to prevent insider and external IT security threats • Gauge confidence levels of combating insider and external IT security threats • Measure change in concern and investment of resources in addressing threats • Determine the most important IT security tools used to mitigate risk associated with insider and external threats • Quantify common causes of IT security breaches caused by the careless employee Throughout the report, notable significant differences are reported. Due to rounding, graphs may not add up to 100%. BACKGROUND AND OBJECTIVES
  3. 3. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3 Organizations Represented RESPONDENT CLASSIFICATIONS • If a respondent did not work for any of the specific organization types noted below, the survey was terminated. Which of the following best describes your current employer? What agency do you work for? 2% 3% 3% 39% 54% 0% 10% 20% 30% 40% 50% 60% Federal Legislature Intelligence Agency Federal Judicial Branch Department of Defense or Military Service Federal, Civilian or Independent Government Agency Organizations Represented Sample Organizations Represented (In Alphabetical Order) Air Force Department of the Interior (DOI) Army Department of Transportation (DOT) Department of Agriculture (USDA) Department of Treasury (TREAS) Department of Commerce (DOC) Department of Veteran Affairs (VA) Department of Defense (DOD) Environmental Protection Agency (EPA) Department of Energy (DOE) Judicial/Courts Department of Health and Human Services (HHS) Marine Corps Department of Homeland Security (DHS) National Aeronautics and Space Administration (NASA) Department of Labor (DOL) Navy Department of Justice (DOJ) Social Security Administration (SSA) Department of State (DOS) US Postal Service (USPS) N=200
  4. 4. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8% 17% 40% 41% 43% 50% 0% 10% 20% 30% 40% 50% 60% Other involvement in IT security and/or IT operations and management solutions Make the final decision regarding IT security and/or IT operations and management solutions or contractors Manage or implement security and/or IT operations and management solutions Develop technical requirements for IT security and/or IT operations and management solutions Evaluate or recommend firms offering IT security and/or IT operations and management solutions On a team that makes decisions regarding IT security and/or IT operations and management solutions 4 Decision Making Involvement RESPONDENT CLASSIFICATIONS How are you involved in your organization’s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all that apply) • All respondents are knowledgeable or involved in decisions and recommendations regarding IT operations and management and IT security solutions and services. Note: Multiple responses allowed N=200
  5. 5. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4% 13% 22% 13% 14% 36% 0% 10% 20% 30% 40% 1-2 Years 3-4 Years 5-9 Years 10-14 Years 15-20 Years 20+ Years Tenure 12% 1% 7% 7% 10% 32% 33% 0% 5% 10% 15% 20% 25% 30% 35% Other CSO/CISO Security/IA director or manager CIO/CTO Security/IA staff IT/IS staff IT director/manager Job Function RESPONDENT CLASSIFICATIONS 5 Which of the following best describes your current job title/function? How long have you been working at your current agency? Job Function and Tenure • A variety of job functions and tenures is represented in the sample, with most being IT management and working at their agency for over 20 years. Examples Include: • Program Manager • Engineer • Director Operations N=200
  6. 6. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4% 4% 6% 6% 7% 8% 9% 13% 17% 29% 0% 5% 10% 15% 20% 25% 30% 35% Other Lack of clear standards Lack of manpower Lack of technical solutions available at my agency Inadequate collaboration with other internal teams or departments Lack of training for personnel Lack of top-level direction and leadership Competing priorities and other initiatives Complexity of internal environment Budget constraints 6 IT Security Obstacles IT SECURITY OBSTACLES, THREATS AND BREACHES • Budget constraints top the list of significant obstacles to maintaining or improving agency IT security. This has decreased from 40% in the SolarWinds CyberSecurity Survey conducted Q1 2014. What is the most significant high-level obstacle to maintaining or improving IT security at your agency? N=200 = statistically significant difference January 2014: Budget constraints 40%
  7. 7. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1% 3% 3% 10% 14% 18% 23% 30% 38% 46% 53% 0% 10% 20% 30% 40% 50% 60% None of the above plague my agency Unsure if these threats plague my agency Other Industrial spies For-profit crime Terrorists Malicious insiders Hacktivists Foreign governments General hacking community Careless/untrained insiders 7 Sources of Security Threats IT SECURITY OBSTACLES, THREATS AND BREACHES • Careless/untrained insiders are noted as the largest source of security threat at federal agencies. This has increased from 42% in the SolarWinds CyberSecurity Survey conducted in Q1 2014. What are the greatest sources of IT security threats to your agency? (select all that apply) Note: Multiple responses allowed N=200 Defense Civilian General hacking community 33% 55% For-profit crime 8% 18% = statistically significant difference January 2014: Careless untrained insiders 42%
  8. 8. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5% 15% 20% 24% 29% 29% 33% 42% 47% 0% 10% 20% 30% 40% 50% Other Backup servers File servers and storage arrays In transit through the network Employee or contractor owned mobile device (BYOD) Cloud servers Government owned mobile device Removable storage media (USB drive, CDs, etc.) Employee or contractor desktop/laptop 8 At-Risk Data Location IT SECURITY OBSTACLES, THREATS AND BREACHES • About half of respondents indicate data on employee or contractor personal computers and removable storage media is most at risk. Where do you think your government agency’s data is most at risk? Note: Multiple responses allowed N=200
  9. 9. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 9 Change in Concern and Resources IT SECURITY OBSTACLES, THREATS AND BREACHES How has your organization’s concern changed over the last two years for the following types of IT security threats? How has your organization’s investment in resources changed over the last two years for the following types of IT security threats? • Federal agencies’ concern has increased in the last two years for internal and external threats, but the investment in resources lags slightly. N=200 1% 4% 3% 1% 2% 2%3% 7% 6% 2% 8% 7% 16% 38% 39% 28% 45% 48% 44% 29% 31% 46% 32% 33% 37% 23% 22% 23% 14% 11% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Malicious external threats Malicious insider threats Accidental/careless insider threats Malicious external threats Malicious insider threats Accidental/careless insider threats Investment in ResourcesConcern Significantly increased Somewhat increased Remained the same Somewhat decreased Significantly decreased
  10. 10. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 10 Source of Damaging Breaches IT SECURITY OBSTACLES, THREATS AND BREACHES • Malicious external threats are considered more damaging than malicious internal threats, but the majority believe malicious insider threats to be equally as damaging as malicious external threats. • Respondents indicate malicious insiders to be more damaging than careless insiders, but more than one-third believe accidental insiders to be equally as damaging as malicious insiders. Of the two, which source of breach would be more costly or damaging to your organization? Those perpetrated by: 37% 26% 38% Most Damaging Breach Source Malicious external threats Malicious internal threats Both are the same 43% 22% 35% Most Damaging Insider Breach Malicious insider Accidental/ careless insider Both are the same N=200
  11. 11. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11 Organization Security Policies ORGANIZATION IT SECURITY POLICIES • The majority of respondents indicate having a formal IT security policy for end users that supplements current federal security policies. • Three-quarters of the respondents indicate that policy communication is done frequently and regularly. Does your organization have a formal IT security policy for end users that supplements current federal security policies such as DISA STIGs and NIST FISMA? How are these IT security policies communicated to end users? 85% 7% 9% Organization Has IT Security Policy Yes No Not sure 4% 4% 48% 55% 56% 76% 0% 20% 40% 60% 80% Other They are not communicated or reviewed They are available for access via an internal system/Intranet Whenever there is an update in policy After initial hire Frequently and regularly (i.e., via email reminders and tips) How Policies Are Communicated N=200 N= 170 Note: Multiple responses allowed
  12. 12. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12 Security Policy Confidence ORGANIZATION IT SECURITY POLICIES Please rate your confidence in your organization’s IT security policies and practices at combating the following types of security threats: 9% 14% 14% 52% 55% 56% 39% 31% 31% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Malicious external threats Malicious insider threats Accidental/careless insider threats Not at all confident Somewhat confident Very confident N=200 • Slightly more than half of respondents are somewhat confident in their security polices at combating internal and external security threats. Only about one-third are very confident.
  13. 13. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 13 Obstacles to Threat Prevention PREVENTING AND MITIGATING THREATS What would be the top obstacles or challenges when trying to prevent threats at your federal government agency? Note: Multiple responses allowed N=200 Malicious Insider Threat Accidental/ Careless Insider Threat Malicious External Threat Increased use of mobile technology 44% 56% 47% Inadequate monitoring of user authentication activity and failures 41% 39% 32% Inadequate automation of IT asset management 38% 39% 34% Inadequate log data analysis to indicate possible insider threats 38% 36% 32% Inadequate configuration management of IT infrastructure 35% 30% 32% Legal or ethical issues that restrict efforts to profile or identify insider/external threats 31% 27% 22% Insufficient security training for government employees or contractors 30% 46% 28% Inadequate change management approval process 30% 35% 22% Insufficient clearance process and background investigations 30% 22% 15% Lack of executive buy-in for security strategy or resource investment 30% 30% 19% None of the above 9% 8% 9% = statistically significant difference= top obstacle • The increased use of mobile technology is noted as the top obstacle for preventing threats, though there are multiple significant differences seen among the different types of threats.
  14. 14. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14 Obstacles to Threat Prevention PREVENTING AND MITIGATING THREATS What would be the top obstacles or challenges when trying to prevent threats at your federal government agency? N=200 • Respondents with tenure of 20 years or more see the lack of executive buy-in as an obstacle to preventing accidental insider threats. Civilian agency respondents see the lack of executive buy- in more of an obstacle for malicious external threats. • Respondents with tenure of 10 years or more see an inadequate change management approval process as an obstacle to preventing malicious external threats. • Relative to IT/Security staff, respondents at a manager or director level see inadequate automation of IT asset management more as an obstacle preventing accidental insider threats. = statistically significant difference 11% 24% 0% 5% 10% 15% 20% 25% 30% 35% Lack of executive buy-in for security strategy or resource investment Obstacle Preventing Malicious External Threats by Agency Type Defense Civilian Obstacle Preventing Accidental Insider Threat by Tenure < 10 years 10-20 years > 20 years Lack of executive buy-in for security strategy or resource investment 24% 23% 42% Obstacle Preventing Malicious External Threat by Tenure < 10 years 10-20 years > 20 years Inadequate change management approval process 13% 25% 30% Obstacle Preventing Accidental Insider Threat by Job Level IT/Security Staff IT/Security Manager/ Director Inadequate automation of IT asset management 34% 51%
  15. 15. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 15 Tools to Prevent Threats PREVENTING AND MITIGATING THREATS • IT security tools that are deemed most useful to mitigate risks differ whether the threat is internal or external. In your opinion, what are the most important IT security tools used to mitigate the risk associated with insider/external threats? Note: Multiple responses allowed N=200 Top Tier Malicious Insider Threat Accidental/ Careless Insider Threat Malicious External Threat Identity and access management tools 46% 39% 39% Internal threat detection/intelligence 44% 36% 29% Intrusion detection and prevention tools 43% 32% 50% Security incident and event management or log management 42% 31% 37% Advanced security/threat analytics 40% 23% 37% Web security or web content filtering gateways 37% 29% 38% File and disk encryption 35% 30% 41% IT configuration management and reporting 34% 28% 26% Patching 34% 27% 34% Next-generation firewalls (NGFW) 34% 28% 42% = statistically significant difference= Most important tool
  16. 16. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 16 Tools to Prevent Threats PREVENTING AND MITIGATING THREATS • A greater proportion of respondents indicate web application firewalls as a useful tool to mitigate malicious external threats relative to internal threats. • A significantly greater proportion of respondents indicate internal security training is a useful tool to prevent risk associated with careless insider threats. In your opinion, what are the most important IT security tools used to mitigate the risk associated with insider threats? Note: Multiple responses allowed N=200 Lower Tier Malicious Insider Threat Accidental/ Careless Insider Threat Malicious External Threat Network Admission Control (NAC) 33% 31% 30% Endpoint forensics 31% 27% 25% Advanced endpoint protection 30% 27% 31% Web Application Firewall (WAF) 29% 23% 38% Mobile device management or mobile-specific security tools 28% 29% 27% Endpoint and mobile security 27% 27% 28% Internal security training 27% 50% 25% Cloud application security management or auditing 26% 23% 24% IT asset management and reporting 23% 26% 21% = statistically significant difference
  17. 17. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4% 24% 28% 31% 33% 36% 37% 37% 41% 44% 49% 0% 10% 20% 30% 40% 50% 60% Other Insecure configuration of IT assets Incorrect disposal of hardware Not applying security updates Incorrect use of approved personal devices Device loss Poor password management Using personal devices that are against company IT… Accidentally deleting, corrupting or modifying critical… Data copied to insecure device Phishing attacks 17 Accidental Insider Breach Causes INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES • The most common causes of accidental insider IT security breaches are phishing attacks, followed by data copied to an insecure device and accidentally deleting, corrupting or modifying critical data. What are the most common causes of accidental insider IT security breaches caused by the untrained or careless employee? Note: Multiple responses allowed N=200 Defense Civilian Device loss 26% 43% = statistically significant difference IT/ Security Staff IT/Security Manager/ Director Insecure configuration of IT assets 17% 36%
  18. 18. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 18 Insider Threat Detection Difficulties INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES • The volume of network activity is noted most often as what makes insider threat detection and prevention most difficult. One third also note the lack of IT staff training, the use of cloud services and pressure to change configuration quickly versus securely. In today’s environment, what makes insider threat detection and prevention more difficult? 3% 19% 22% 23% 24% 24% 26% 27% 27% 30% 34% 35% 35% 40% 0% 10% 20% 30% 40% 50% Other Functionality of and access to critical systems Inadequate change control practices Complexity of monitoring tools Inadequate configuration management of IT assets Inadequate visibility into users’ network activity Inadequate monitoring of storage devices Growing adoption of BYOD Cost of sophisticated tools Use of mobile devices Pressure to change IT configurations quickly more so than… Growing use of cloud services Lack of IT staff training Volume of network activity Defense Civilian Inadequate configuration management of IT assets 17% 28% Inadequate monitoring of storage devices 18% 32% = statistically significant difference Note: Multiple responses allowed N=200 IT/ Security Staff IT/Security Manager/ Director Volume of network activity 29% 44%
  19. 19. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 19 Select Comments COMMENTS Please feel free to share any other comments or concerns regarding your agency’s IT security challenges and success stories. It is a huge priority to address them [security breaches] and we are doing our best within our allotted funding. (IT Analyst, VA) Security is a challenge, and the enemy is increasingly sophisticated, keeping ahead of technology advances and ever increasingly attempting to break into our networks. (Chief Engineer, Army) Interestingly we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems. People do what they want to do and there are so many people (particularly younger) who view security as interference and also have some skills to successfully work around security protocols. (Director of Operations, DCMA) The employees just need to get used to "The Suck" of security. It will take time to work in an environment which is designed to protect the organization and the individual. (Defense Coordinating Officer, Army) Our security holes begin at the top. [Senior managers] expect that they are protected and they are above any security holes - to the effect, they insist on admin rights to network resources. The administration supports this view and turn a "blind eye" to the risk. (Network Manager, Federal Agency) “
  20. 20. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Contact Information RESEARCH TO INFORM YOUR BUSINESS DECISIONS Laurie Morrow, Director of Research Services | Market Connections, Inc. 14555 Avion Parkway, Suite 125 | Chantilly, VA 20151 | 703.378.2025, ext. 101 LaurieM@marketconnectionsinc.com Lisa M. Sherwin Wulf, Federal Marketing Leader | SolarWinds 703.234.5386 Lisa.SherwinWulf@solarwinds.com www.solarwinds.com/federal LinkedIn: SolarWinds Government 20

×