Risk
9/20/2011
05:07 PM
Connect Directly
RSS
E-Mail
50%
50%

Federal IT Top Worries: Complex Attacks, Inside Threats

Government IT professionals also say that long waits for approvals are hindering their ability to secure networks, according to a new study.

What's worrying federal IT professionals most? The increased sophistication of cyber attacks and insider threats top the list of cyber security concerns, according to a new study. Federal IT teams also continue to struggle with budget cuts and long waits for supervisor approval in their attempts to secure their networks, the study finds.

71% of those who responded to a new federal cyber security study listed the increased sophistication of attacks as the top security risk that they expect to face in the next 12 months. Negligent use of information by internal personnel was a risk cited by 63% of respondents. Cisco System sponsored the study, which was conducted by Market Connections and surveyed 200 federal IT decision makers.

Increased use of social media also is troubling more than a majority of respondents, with 63% citing it as a top concern for the next year. Federal agencies increasingly are using social media to engage with the public, even though they have worries about security and privacy risks.

One surprising result of the survey: Cloud computing ranked relatively low on the list of federal cyber security concerns, with only 35% of survey respondents citing it as a top risk for the next 12 months.

[ Pacific Northwest National Laboratory CIO Jerry Johnson takes you inside the cyber attack that he faced down--and shares his security lessons learned, in Anatomy of a Zero-Day Attack.]

Like social media, cloud computing's use among the feds is on the rise as part of efforts to increase efficiencies and reduce costs. Security has been a chief worry that in the past has impeded its use. However, other research also has found that federal IT officials slowly are warming to the security of the cloud, so signs seem to indicate that concerns about its risks are slackening.

While cybersecurity concerns vary, phishing continues to be the top threat federal agencies face, according to the survey, with nearly half of those surveyed saying that their department or agency has faced a phishing attack in the last 12 months.

This finding is in line with reports from the government’s own United States Computer Emergency Readiness Team (US-CERT), which logs reports of cyber attacks on federal networks. In its analysis of 2010 attacks, phishing remained the top threat.

Even as they take preventative measures to secure against these and other cybersecurity risks, federal IT professionals continue to face limitations to doing so. More than half (55%) said it takes too long to get approval from supervisors to put solutions in place to protect networks. Federal budget cuts also negatively affect cyber security goals, 53% reported. Adapting quickly to the evolving nature of threats also is a problem for federal agencies, 46% of respondents said.

Agencies also lack an effective process to respond to a cyber attack, according to 51% of those surveyed, while half of respondents said that they lack a clear picture of all of the activity on networks.

Join us for GovCloud 2011, a day-long event where IT professionals in federal, state, and local government will develop a deeper understanding of cloud options. Register now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

CVE-2014-2966
Published: 2014-07-26
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

CVE-2014-3071
Published: 2014-07-26
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.