Risk
4/19/2012
12:10 PM
Connect Directly
RSS
E-Mail
50%
50%

Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats

Our first Federal Government Cybersecurity Survey reveals what concerns IT teams the most, and how they’re fighting back with continuous monitoring and other technologies.

InformationWeek Green - April 2012
InformationWeek Green
Download the entire April 2012 issue of InformationWeek Government, distributed in an all-digital format as part of our Green Initiative
(Registration required.)

Threats Vs. Readiness

Cybersecurity is the No. 1 priority of federal IT professionals, by a long shot. That's been the key finding of InformationWeek's Federal Government IT Priorities Survey each of the past two years, and you don't have to look any further than the threats posed by Anonymous, LulzSec, or WikiLeaks to understand why.

What are the most dangerous cyberthreats? And how are agencies responding? InformationWeek launched our 2012 Federal Government Cybersecurity Survey to find out. Our poll of 106 federal IT pros involved in IT security for their organizations was conducted in March. We asked respondents to rank the threats they face and their readiness to deal with them. We inquired about cybersecurity spending and where agencies are investing. And we probed into the most significant challenges they face.

Our survey results show that organized cybercriminals and hacktivists are viewed as the greatest threats to IT security. At the same time, government IT pros say they're least prepared for leaks that take place through social media. And a crush of competing priorities is the biggest challenge to effective execution.

The good news is that agencies feel they've made significant improvements in cybersecurity. This is the perception of agencies themselves, as well as the assessment of government evaluators charged with monitoring progress under the Federal Information Systems Management Act (FISMA).

Despite the progress, attacks are on the rise, and agencies must continue to bolster their defenses. In a report to Congress published in March on FISMA implementation in fiscal year 2011, the Office of Management and Budget (OMB) disclosed that the number of computer security incidents reported to the U.S. Computer Emergency Readiness Team (US-CERT) that impacted government agencies rose 5%, to 43,889. Longer term, federal computer security incidents have risen 650% over five years, according to a report released last fall by the Government Accountability Office. In explaining that increase, the GAO cited persistent weaknesses in information security controls, due to incomplete implementation of security programs.

So clearly, there's room for improvement in how agencies prepare and respond. Step one is raising awareness of cyberthreats and establishing an organizational commitment to readiness. It's imperative that an agency's top leaders--not just chief information security officers and their information assurance teams--get behind the effort. Steps to improve security include meeting the FISMA requirements and also understanding the security implications of new technologies such as virtualization and cloud computing.

To read the rest of the article,
Download the April 2012 issue of InformationWeek Government

The New Threat Landscape

Our full report on federal cybersecurity is free with registration.

This report includes 26 pages of action-oriented analysis, packed with 15 charts. What you'll find:
  • The top cybersecurity priorities of federal agencies
  • How FISMA compliance affects cybersecurity planning
Get This And All Our Reports


Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio