Cyber Attacks on Government Agencies On the Rise
Federal agencies hampered by tight budgets have to contend with increasing threats from spam and malware.
More and more, U.S. federal agencies are seeing inappropriate Internet access breaches, rogue devices and denial of service attacks. A key reason why: federal agencies are hindered by budget constraints that prevent information technology (IT) improvements. Agencies also have to juggle competing priorities, complex internal environments and poor top-level decision-making when it comes to cyber management, asserts a recent study from Herndon, Virginia-based SolarWinds Worldwide. The company conducted a survey of 200 federal government IT professionals in July to assess their cybersecurity challenges during the past 12 months.
According to the report, the security threats at federal agencies are coming from careless insiders, foreign governments, the general hacking community, “hacktivists,” malicious insiders, terrorists, for-profit criminals and industrial spies.
Half of the respondents—from civilian agencies in particular—indicated an increase in spam and malware attacks, while more than a third saw a rise in ransomware and social engineering-related breaches. Only one-fifth indicated a decrease in cybersecurity threats.
Most respondents to the survey did agree that federal agencies are more proactive regarding IT security when compared to five years ago. The level of attacks, however, has not abated.
"Our survey shows that public sector IT pros are burdened by increasingly sophisticated cyber attacks, challenged by the need to secure data in the midst of modernization and cloud migration efforts, and required to train employees who are unknowingly introducing vulnerabilities into government systems,” said Mav Turner, senior director of product strategy, SolarWinds. “These are Herculean tasks for teams with limited resources.”
Even though IT improvements are clearly needed to prevent attacks, one-third cited that modernization has posed more of a challenge than contributing to successful risk management. Moreover, despite perceptions of strong information technology (IT) measures at some agencies, views on security event detection don’t correspond. Only 60 percent of respondents who rated their agency’s cybersecurity control abilities as “good” or “excellent” had confidence that their systems could detect rogue devices on the network within minutes. Those respondents that had confidence in their IT systems generally came from defense agencies. Far fewer civilian respondents indicated that their organization could detect cyber attacks within minutes.
As far as implementation of the National Institute of Standards and Technology’s (NIST’s) "Framework for Improving Critical Infrastructure Cybersecurity," most respondents felt that their agencies have at least somewhat of a “maturity” in each of the five areas of the framework, the ability to identity, protect, detect, respond and recover from cybersecurity attacks. Nonetheless, the framework is still confusing to 38 percent of the federal IT professionals who responded to the survey.