Risk
4/19/2012
12:10 PM
Connect Directly
RSS
E-Mail
50%
50%

Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats

Our first Federal Government Cybersecurity Survey reveals what concerns IT teams the most, and how they’re fighting back with continuous monitoring and other technologies.

InformationWeek Green - April 2012
InformationWeek Green
Download the entire April 2012 issue of InformationWeek Government, distributed in an all-digital format as part of our Green Initiative
(Registration required.)

Threats Vs. Readiness

Cybersecurity is the No. 1 priority of federal IT professionals, by a long shot. That's been the key finding of InformationWeek's Federal Government IT Priorities Survey each of the past two years, and you don't have to look any further than the threats posed by Anonymous, LulzSec, or WikiLeaks to understand why.

What are the most dangerous cyberthreats? And how are agencies responding? InformationWeek launched our 2012 Federal Government Cybersecurity Survey to find out. Our poll of 106 federal IT pros involved in IT security for their organizations was conducted in March. We asked respondents to rank the threats they face and their readiness to deal with them. We inquired about cybersecurity spending and where agencies are investing. And we probed into the most significant challenges they face.

Our survey results show that organized cybercriminals and hacktivists are viewed as the greatest threats to IT security. At the same time, government IT pros say they're least prepared for leaks that take place through social media. And a crush of competing priorities is the biggest challenge to effective execution.

The good news is that agencies feel they've made significant improvements in cybersecurity. This is the perception of agencies themselves, as well as the assessment of government evaluators charged with monitoring progress under the Federal Information Systems Management Act (FISMA).

Despite the progress, attacks are on the rise, and agencies must continue to bolster their defenses. In a report to Congress published in March on FISMA implementation in fiscal year 2011, the Office of Management and Budget (OMB) disclosed that the number of computer security incidents reported to the U.S. Computer Emergency Readiness Team (US-CERT) that impacted government agencies rose 5%, to 43,889. Longer term, federal computer security incidents have risen 650% over five years, according to a report released last fall by the Government Accountability Office. In explaining that increase, the GAO cited persistent weaknesses in information security controls, due to incomplete implementation of security programs.

So clearly, there's room for improvement in how agencies prepare and respond. Step one is raising awareness of cyberthreats and establishing an organizational commitment to readiness. It's imperative that an agency's top leaders--not just chief information security officers and their information assurance teams--get behind the effort. Steps to improve security include meeting the FISMA requirements and also understanding the security implications of new technologies such as virtualization and cloud computing.

To read the rest of the article,
Download the April 2012 issue of InformationWeek Government

The New Threat Landscape

Our full report on federal cybersecurity is free with registration.

This report includes 26 pages of action-oriented analysis, packed with 15 charts. What you'll find:
  • The top cybersecurity priorities of federal agencies
  • How FISMA compliance affects cybersecurity planning
Get This And All Our Reports


Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2014-2640
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-2641
Published: 2014-10-01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.