New Study Reveals National IT Security Challenges Mounting; Growing Sophistication of Cyber Attacks Pose Greatest Risk to U.S. Infrastructure

Share Article

Lumension Commissioned Survey “Federal Cyber Security Outlook for 2010” Provides In-Depth Dive into Endpoint Management and Cyber Security Challenges Facing Federal IT Personnel

According to a new Clarus Research Group survey commissioned by Lumension, nearly three-quarters of federal IT decision-makers who work in national defense and security departments or agencies say the possibility is “high” for a cyber attack by a foreign nation in the next year. Additionally, a third of these respondents say they have already experienced such a cyber attack within the last year.

The survey of 201 federal IT decision-makers and influencers, conducted February 18-26, 2010, also identifies the growing volume and sophistication of cyber attacks as the top IT security risks facing federal IT in the coming year. Yet, more than half of those surveyed expect only minor policy changes as a result of the recently created federal cyber security coordinator position. Of federal IT personnel surveyed, 41 percent said they spent less than 10 percent of their time over the past year working on the Comprehensive National Cyber Security Initiative -- and a solid majority, 62 percent, said they spent less than 25 percent of their time on it.

Key Findings:

  •     33 percent of respondents who work for departments or agencies affecting national security say they have experienced an attack by a foreign nation or terrorist organization in the last year;
  •     61 percent of respondents view the threat of a cyber attack from foreign nations against critical U.S. IT infrastructure in the next year as “high”;
  •     42 percent of respondents believe the U.S. government’s ability to prevent or handle these attacks is only fair or poor;
  •     64 percent of respondents identified the increasing sophistication and growth in the volume of cyber attacks as the number one IT security risk; and,
  •     49 percent of respondents believe that negligent or malicious insiders/employees are the largest IT security risk.

Additional Findings:
Only six percent of respondents rated the federal government’s overall ability to prevent or handle possible threats from cyber attacks on critical IT infrastructure in the U.S. as “excellent.” Difficulty integrating multiple technologies, aligning IT needs with department objectives and in complying with requirements were identified as the greatest challenges in managing IT security operations today. While the majority of respondents felt more confident in their level of IT security today versus a year ago, this was mainly due to improved IT security technology, collaboration between IT operations and security and internal compliance and audit requirements. However, increasing audit burdens and a lack of resources were identified as major challenges in meeting ongoing compliance requirements.

In addition, the introduction of new technologies, such as application whitelisting, whole disk encryption and device control for removable media, were identified as having an anticipated expanded use within federal IT environments. According to the survey, 76 percent of federal IT professionals expect an increased use of virtualization technology; 57 percent expect an increase in cloud computing; 63 percent say they will increase their use of social networking; and 66 percent will increase use of mobile platforms, all within the next year.

Key Conclusions:
According to the survey results, federal IT decision-makers expect that over the next few years there will continue to be a growing threat to America’s critical IT infrastructure from foreign entities and terrorist organizations. Survey respondents also view compliance as a double-edged sword: on the one hand, it helps IT departments acquire additional resources that can be used to enable new security technologies, but is also placing a growing strain on departmental resources through increasing audit burdens.

“Unfortunately, when it comes to our infrastructure, we are already under attack and are faced with the reality of a growing and advanced persistent threat from foreign entities that are targeting our critical U.S. infrastructure,” explained chairman and CEO of Lumension, Pat Clawson. “The traditional government responses we’ve seen so far, such as naming a security coordinator, announcing a cyber security initiative and focusing on compliance initiatives will not alone successfully address this problem.”

According to Clawson, “We must do three things if we are to truly empower and implement a robust national cybersecurity plan. One – we need to have an empowered cyber security czar, with budget and policy authority, reporting directly to the President. Next – given that 90 percent of our critical infrastructure is owned or managed by private entities, we need a collaborative government and private sector partnership to better understand the risks at hand and to better define IT security standards, practices, and contingency plans in the event of a major attack. And finally – we need to shift from an absolute focus on being compliant with ad-hoc audits for verification, to one of being secure and continuously monitoring our IT environment to ensure that the proper controls are always in effect.”

Methodology:
The Federal Cyber Security Outlook for 2010 survey was conducted by Washington, D.C. based Clarus Research Group and commissioned by Lumension. The survey included interviews with 201 federal government IT security decision makers and influencers who work in federal government agencies and departments that deal with national security – such as defense, foreign policy, and homeland security– as well as agencies and departments that are not dealing with national security affairs.

National Security = Respondent department or agency is related to national defense, homeland security or foreign policy.
Non-National Security = Respondent department or agency is not included in the above category and includes personnel in departments involving domestic issues and program administration.

Supporting Resources:

About Lumension Security, Inc.
Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes vulnerability management, endpoint protection, data protection, antivirus and reporting and compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Texas, Utah, Florida, Ireland, Luxembourg, the United Kingdom, Australia, and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at lumension.com.

Lumension, the Lumension logo, and the tagline “IT Secured. Success Optimized.” are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Catherine Castro

Jessica Sutera
Visit website