As government agencies continue modernization initiatives, administrators find themselves in precarious positions when it comes to security, a new report said.
That’s the overall feeling found in a survey issued by SolarWinds. The report found efforts to build more modern, consolidated and secure information technology environment networks increase security challenges, but management tools offer a potential antidote.
The survey connected to 200 IT security professionals in U.S. federal civilian and defense agencies to gauge perspective on the state of cybersecurity.
Here are some of the findings:
Modernization increased IT security challenges. Federal administrators managing the transition from legacy to modernized infrastructure face enormous challenges. The transition creates a large amount of IT complexities that burden administrators who must manage old and new systems that are very different from one another.
According to respondents, the awkward phase creates greater vulnerabilities, with administrators noting consolidation and modernization efforts increase security challenges due to incomplete transitions (48 percent), overly complex enterprise management tools (46 percent) and a lack of familiarity with new systems (44 percent). Other factors included cloud services adoption (35 percent), increased compliance reporting (31 percent) and, interestingly, too much consolidation (29 percent).
However, 20 percent believe the transition toward more modern and consolidated infrastructures ultimately will net more streamlined and secure networks. They said replacing legacy software (55 percent) and equipment (52 percent), the adoption of simplified administration and management systems (42 percent), and having fewer configurations to manage and support (40 percent) will help secure networks once the arduous transition phase is complete.
Foreign governments tie internal threats as chief concerns. For the first time, respondents said foreign governments are just as much of a cyber security threat as untrained internal workers. In fact, 48 percent called out foreign governments as their top threat — an increase of 10 percentage points over last year’s survey. This result ties careless or untrained insiders as respondents’ number one concern.
That’s not to say insider threats have gone away. That is not the case, rather, the number of people who feel insiders pose a major threat is still higher than it was just two years ago. And while 29 percent cited budget concerns as the top inhibitor to improving IT security, 12 percent mentioned inadequate collaboration with other teams — indicating internal discrepancies can be a major cause of security vulnerabilities.
Investing in the right security tools can help mitigate threats. It’s not just about investing in security tools, it’s about investing in the right security tools, respondents said.
It is important administrators wisely use funds and invest in the best tools for the job. Patch management software is among the solutions administrators invest in and use to great effect, with 62 percent indicating their agencies partake in the practice. Of those, 45 percent noted a decrease in the time required to detect a security breach, while 44 percent experienced a decrease in the amount of time it takes them to respond to a breach.
Respondents noted security information and event management (SIEM) solutions as highly effective in combating threats. While only 36 percent said their agencies had such tools in place, administrators who use SIEM tools felt significantly more equipped to detect just about any potential threats.
While threats remain prevalent, the survey indicated progress is trending in the right direction. While a majority of respondents still feel their agencies are just as vulnerable to attacks now as a year ago, there is an increase in the number of respondents who feel agencies have become less vulnerable. This is likely due to the fact administrators have become highly cognizant about the potential threats and are using the proper solutions to fight them.
Click here to download the report.