We commission several surveys of the IT marketplace every year. It’s one of the ways by which we keep up with broader technology trends so as to make sure that our security solutions meet your needs.
With so many changes taking place in technology, our surveys usually cover new ground. But this year, we took the opportunity to revisit a federal cybersecurity survey from two years ago, with some unanticipated results.
This year’s Government Business Council survey of federal leaders, Achieving Holistic Cybersecurity: 2016 Progress Report, follows up on a similar GBC survey from 2014. More than 450 respondents, all familiar with cybersecurity efforts, completed the survey. These included representatives from over 30 federal agencies, including both defense and civilian agencies.
The most significant change from 2014 to 2016 was the sharp drop in respondents’ confidence that their agency’s defensive measures were capable of successfully combating cyber threats. That was a 30% drop, And it wasn’t just about overall confidence in agency cybersecurity. We saw a similar drop in confidence that agencies were able to secure the respondents own personal information from cyber attack as well.
Sometimes we go into these surveys with a general idea of what to expect from the results. Sometimes we’re on the money, sometimes not. After all, the purpose of these activities includes finding out what we don’t know. In this instance, given the many publicized data breaches and cyber attacks against federal agencies, it was logical to assume that confidence would fall off somewhat. But we didn’t expect this dramatic a fall-off.
As I mentioned up top, we often have multiple surveys in process. While we’re still working on consolidating and analyzing the results, it’s worth noting that the drop in cybersecurity confidence appears to be much more significant at the federal level than in state and local governments or in the commercial sector. This, too, is somewhat surprising, given that data breaches and cyber attacks are prevalent across the spectrum of government, education, and private enterprise.
Another takeaway from the GBC survey: Individuals’ actions are just as important to cyber defense as is a secure identity and network infrastructure. Respondents identified email embedded with malware and phishing/spear phishing as top cyber threats. These techniques are most dangerous if users can’t spot them and respond without taking a moment to ask themselves whether the email is legitimate (my Tip of the Day: If an email Contains Lots of Sentences with Too many Inappropriate Capitalizations, be Very Suspicious). Cyber literacy, awareness, and workforce education are critical, and were noted by respondents as areas in need of significant improvement. We come back to the title of the survey report, “Achieving Holistic Cybersecurity.” Any approach to improving cybersecurity must, to be effective, include people and processes as well as technology.
There’s more useful information in the survey report, including progress on agency implementation of Internet of Things (IoT) technologies, and respondents’ view of organizational factors which are challenges to improving agency cybersecurity. Please take the time to read the GBC survey report:
Our One Identity solutions and SonicWALL next-generation firewalls and other network security solutions can aid in your efforts to better protect your agency against cyber threats. Learn more at departmentofyes.com.