SlideShare a Scribd company logo
1 of 40
Download to read offline
© 2017 Market Connections, Inc.
SolarWinds®
Federal Cybersecurity Survey
Summary Report
2017
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Background and Objectives
2
SolarWinds contracted Market Connections to design and conduct an online survey among 200 federal
government IT decision makers and influencers in July 2017. SolarWinds was not revealed as the sponsor of
the survey.
The main objectives of the survey were to:
• Determine challenges faced by IT professionals to prevent IT security threats
• Quantify sources and types of IT security threats
• Determine elements that aid successful management of risk
• Gauge sentiments regarding mandates and compliance
• Address the affects of network modernization on agency IT security challenges
• Quantify security issues regarding the Internet of Things (IoT)
Throughout the report, notable significant differences are reported.
Due to rounding, graphs may not add up to 100%.
BACKGROUND AND OBJECTIVES
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
1%
2%
3%
40%
55%
0% 10% 20% 30% 40% 50% 60%
Federal Legislature
Federal Judicial Branch
Intelligence Agency
Department of Defense or
Military Service
Federal, Civilian or Independent
Government Agency
Organizations Represented
RESPONDENT CLASSIFICATIONS 3
• A variety of defense and civilian agencies are represented in the survey sample.
Organizations Represented
Which of the following best describes your current employer?
What agency do you work for?
N=200
Sample Organizations Represented
(In Alphabetical Order)
Air Force Department of the Interior (DOI)
Army Department of Transportation (DOT)
Department of Commerce (DOC) Department of Treasury (TREAS)
Department of Defense (DOD) Department of Veteran Affairs (VA)
Department of Health and Human
Services (HHS)
Environmental Protection Agency
(EPA)
Department of Homeland Security
(DHS)
Navy
Department of Justice (DOJ)
Securities and Exchange Commission
(SEC)
Department of Labor (DOL) Social Security Administration (SSA)
Department of State (DOS) US Postal Service (USPS)
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RESPONDENT CLASSIFICATIONS 4
• All respondents are knowledgeable or involved in decisions and recommendations regarding IT operations and
management and IT security solutions and services.
Decision Making Involvement
How are you involved in your organization’s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all that apply)
N=200
Note: Multiple responses allowed
6%
24%
46%
47%
50%
51%
0% 10% 20% 30% 40% 50% 60%
Other involvement
Make the final decision
Manage or implement security/IT operations
Evaluate or recommend firms
Develop technical requirements
On a team that makes decisions
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RESPONDENT CLASSIFICATIONS 5
• A variety of job functions and tenures are represented in the sample, with most being IT management and
working at their current agency for over 20 years.
Job Function and Tenure
Which of the following best describes your current job title/function?
How long have you been working at your current agency?
N=200
12%
2%
6%
11%
14%
26%
28%
0% 10% 20% 30%
Other
CSO/CISO
CIO/CTO
Security/IA director
or manager
Security/IA staff
IT/IS staff
IT director/manager
Job Function
Examples Include:
• Director of
Procurement
• Program Manager
• Strategic Planner
1%
4%
8%
20%
21%
18%
28%
0% 10% 20% 30% 40%
Less than 1 Year
1-2 Years
3-4 Years
5-9 Years
10-14 Years
15-20 Years
20+ Years
Tenure
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
AGENCY ASSESSMENT 6
Agency Assessment – Evidence of IT Controls
How would you describe your agency’s ability to provide managers and auditors with evidence of appropriate IT controls?
N=200
2%
18%
52%
27%
Poor - We lack the necessary tools & documentation to
provide evidence of IT controls.
Fair - We have outdated policies, procedures and
technology in place. Reports are generated on an ad-hoc
basis.
Good - We have updated policies, procedures and
technology. Reports are generated on a regular basis.
Excellent - We have documented policies, procedures and
technology in place to validate controls via scheduled
reports.
0% 10% 20% 30% 40% 50% 60%
Excellent/
Good
79%
• More than three quarters describe their agency’s ability to provide managers and auditors with evidence of
appropriate IT controls as either excellent or good.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS AND BREACHES 7
• Similar to the 2016 survey, budget constraints top the list of significant obstacles to maintaining or improving agency IT
security.
IT Security Obstacles
What is the most significant high-level obstacle to maintaining or improving IT security at your agency?
N=200
2%
2%
4%
5%
7%
8%
11%
15%
16%
30%
0% 5% 10% 15% 20% 25% 30% 35%
Other
Lack of technical solutions available at my agency
Lack of clear standards
Lack of manpower
Inadequate collaboration with other internal teams
Lack of training for personnel
Lack of top-level direction and leadership
Complexity of internal environment
Competing priorities and other initiatives
Budget constraints
By Agency Type
Defense Civilian
2% 11%
By Agency’s Ability to Provide
Managers with Evidence of IT Controls
Excellent Good Fair/Poor
7% 19% 21%
= statistically significant difference
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS AND BREACHES 8
• Careless/untrained insiders and foreign governments are noted as the largest sources of security threats at federal
agencies. Significantly more defense than civilian respondents indicate malicious insiders is a security threat at
their agency.
Sources of Security Threats
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200
Note: Multiple responses allowed
2%
1%
2%
12%
17%
20%
29%
34%
38%
48%
54%
0% 10% 20% 30% 40% 50% 60%
None of the above
Other
Unsure of these threats
Industrial spies
For-profit crime
Terrorists
Malicious insiders
Hacktivists
General hacking community
Foreign governments
Careless/untrained insiders
By Agency Type
Defense Civilian
40% 21%
= statistically significant difference
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS AND BREACHES 9
• There has been no significant reduction in the various sources of security threats. Since 2014, respondents
indicate significant increases in threats from both careless/untrained and malicious insiders.
Sources of Security Threats – Trend
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200
Note: Multiple responses allowed = statistically significant difference= top 3 sources
2014 2015 2016 2017
Careless/untrained
insiders
42% 53% 48% 54%
Foreign governments 34% 38% 48% 48%
General hacking
community
47% 46% 46% 38%
Hacktivists 26% 30% 38% 34%
Malicious insiders 17% 23% 22% 29%
Terrorists 21% 18% 24% 20%
For-profit crime 11% 14% 18% 17%
Industrial spies 6% 10% 16% 12%
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
12%
10%
18%
16%
11%
14%
9%
12%
14%
16%
74%
68%
58%
59%
60%
49%
54%
45%
35%
32%
14%
22%
23%
25%
29%
37%
37%
43%
50%
52%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
APT
Mobile device theft
Physical security attacks
Insider data leakage/Theft
Denial of service
External hacking
Ransomware
Social engineering
Malware
SPAM
Decreased No Change Increased
IT SECURITY OBSTACLES, THREATS AND BREACHES 10
• In the past 12 months, half of respondents have seen SPAM and malware increase at their agency.
Change in Security Threats
In the past 12 months, has your agency seen any changes in the following types of cyber security threats?
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS AND BREACHES 11
• Significantly more civilian than defense respondents
indicate seeing an increase in malware.
• A significantly greater proportion of respondents that
rate their agency’s ability to provide managers with
evidence of IT controls as fair/poor tend to indicate they
have seen an increase in SPAM, external hacking, and
denial of service.
• A significantly greater proportion of respondents that
rate their agency’s ability to provide evidence of IT
controls as excellent indicate they have seen a decrease
in most cyber security threats.
Change in Security Threats Differences
In the past 12 months, has your agency seen any changes in the following types of cyber security threats?
% DECREASED
By Agency’s Ability to Provide
Managers with Evidence of IT Controls
Excellent Good Fair/Poor
Physical security attacks 30% 16% 10%
Insider data leakage/Theft 26% 11% 17%
Malware 26% 11% 10%
Social engineering 22% 10% 5%
Denial of service 22% 9% 2%
APT 20% 11% 2%
= statistically significant difference
% INCREASED
By Agency’s Ability to Provide
Managers with Evidence of IT Controls
Excellent Good Fair/Poor
SPAM 39% 56% 62%
External hacking 30% 35% 52%
Denial of service 26% 23% 48%
% INCREASED By Agency Type
Defense Civilian
Malware 42% 57%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS AND BREACHES 12
• Half of respondents note a shortage of funding and resources is the greatest impediment to detection and
remediation of security issues at their agency.
Impediments of Detection and Remediation
Which of the following are the greatest impediments to detection and remediation of security issues at your agency? (select all that apply)
N=200
Note: Multiple responses allowed
4%
18%
20%
20%
21%
22%
30%
31%
38%
50%
0% 10% 20% 30% 40% 50% 60%
Other
Lack of central reporting and remediation controls
Difficulty seeing into cloud-based applications and processes
Insufficient collection of operational & security-related data to detect threats
Lack of visibility into the network traffic and logs
Inability to link response systems to root out the cause
Insufficient training of IT staff to detect, respond and remediate security issues
Insufficient user awareness training
Shortage of skills
Shortage of funding and resources
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS AND BREACHES 13
• A greater proportion of respondents that indicate their agency’s ability to provide evidence of IT controls as
fair/poor indicate significantly more insufficient IT and user training, insufficient data collection and monitoring,
and lack of central reporting controls are impediments to detecting and remediating security issues.
• A significantly greater proportion of civilian than defense respondents indicate inability to link response systems
to root out the cause is an impediment to detecting and remediating issues.
Impediments Differences
Which of the following are the greatest impediments to detection and remediation of security issues at your agency? (select all that apply)
N=200
Note: Multiple responses allowed = statistically significant difference
By Agency’s Ability to Provide Managers
with Evidence of IT Controls
Excellent Good Fair/Poor
Insufficient training of IT staff to detect,
respond and remediate security issues
26% 26% 43%
Insufficient user awareness training 24% 29% 45%
Insufficient collection or monitoring of
operational and security-related data to
correlate events and detect threats
22% 14% 33%
Lack of central reporting and remediation
controls
13% 14% 36%
By Agency Type
Defense Civilian
Inability to link response
systems to root out the
cause
15% 27%
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RISK MANAGEMENT 14
• Respondents most often indicate tools to monitor and report risk and IT modernization have contributed to
successfully managing risk. Still, one third note IT modernization has posed more of a challenge.
Managing Risk
How have the items below challenged or contributed to your agency’s ability to manage risk as part of its overall security posture in the past 12 months?
46% 43% 38% 34%
20% 34%
26%
22%
30% 19%
28%
34%
3% 5% 8% 10%
Tools to monitor and
report risk
IT modernization Network optimization Data center optimization
DK/NA
Had no effect
Posed more of a
challenge
Contributed to
success
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RISK MANAGEMENT 15
• Significantly more defense than civilian respondents indicate IT modernization contributed to successfully
managing risk.
• A significantly greater proportion of respondents that rate their agency’s ability to provide evidence of IT controls
as excellent note IT modernization, tools to monitor and report risk, network optimization, and data center
optimization have contributed to success.
Managing Risk – Differences
How have the items below challenged or contributed to your agency’s ability to manage risk as part of its overall security posture in the past 12 months?
Contributed to Success
By Agency’s Ability to Provide
Managers with Evidence of IT Controls
Excellent Good Fair/Poor
IT modernization 61% 37% 36%
Tools to monitor and report risk 57% 40% 45%
Network optimization 54% 30% 38%
Data center optimization 48% 32% 24%
= statistically significant difference
Contributed to Success By Agency Type
Defense Civilian
IT modernization 51% 37%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RISK MANAGEMENT 16
• Most respondents are split between cloud computing posing more of a challenge or having no effect.
Respondents most often indicate Internet of Things had no effect, followed by posed more of a challenge.
• A significantly greater proportion of respondents that rate their agency’s ability to provide evidence of IT controls
as fair/poor note cloud computing posed more of a challenge.
Managing Risk (Continued)
How have the items below challenged or contributed to your agency’s ability to manage risk as part of its overall security posture in the past 12 months?
20%
9%
34%
32%
34%
42%
12% 17%
Cloud computing Internet of Things (IoT)
DK/NA
Had no effect
Posed more of a
challenge
Contributed to
success
= statistically significant difference
Posed More of
a Challenge
By Agency’s Ability to Provide
Managers with Evidence of IT Controls
Excellent Good Fair/Poor
Cloud
computing
26% 32% 48%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RISK MANAGEMENT 17
• Over half indicate regulations and mandates posed more of a challenge.
• Over half of respondents that indicate regulations contributed to success note Risk Management Framework
contributed to their ability to manage risk, while over half that indicate regulations posed more of a challenge
note Risk Management Framework posed more of a challenge to managing risk.
Managing Risk - Regulations and Mandates
How have the items below challenged or contributed to your agency’s ability to manage risk as part of its overall security posture in the past 12 months? What specific regulations and
mandates have contributed/posed more of a challenge to your agency’s ability to manage risk as part of its overall security posture in the past 12 months?
24%
52%
20%
4%
Regulations and Mandates
DK/NA
Had no effect
Posed more of a
challenge
Contributed to success
Contributed to
Success
(n=47)
Posed More of
a Challenge
(n=104)
Risk Management Framework 53% 51%
NIST Framework for Improving
Critical Infrastructure Cybersecurity 51% 38%
FISMA 47% 31%
DISA STIGs 38% 23%
NIST Publications 30% 28%
HIPAA 23% 26%
PCI 13% 8%
Other 4% 4%
N=200
Note: Multiple responses allowed
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RISK MANAGEMENT 18
• Respondents most often indicate their organization can detect rogue devices on the network within minutes.
Security Event Detection Speed
How long does it typically take your organization to detect and/or analyze the following security events?
N=200
4%
4%
14%
6%
5%
7%
6%
7%
4%
2%
2%
3%
3%
1%
4%
2%
2%
3%
14%
4%
3%
9%
6%
7%
8%
4%
6%
33%
27%
22%
20%
19%
16%
20%
12%
18%
30%
44%
36%
31%
36%
28%
25%
34%
25%
17%
18%
23%
30%
32%
38%
40%
42%
44%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Patches not up to date
Phishing attacks
Cross site scripting attacks
Unauthorized configuration changes
Presence of malware or ransomware
Misuse/abuse of credentials
Inappropriate internet access by insiders
Distributed denial of device attacks
Rogue devices on the network
Don't know/unsure No ability to detect Within a few weeks Within a few days Within one day Within minutes
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RISK MANAGEMENT 19
• Respondents that indicate their agency’s ability to provide evidence of IT controls as excellent or good are
significantly more able than respondents who rate their agency’s ability as fair/poor to detect most security
threats within minutes.
Security Event Detection Speed Differences
How long does it typically take your organization to detect and/or analyze the following security events?
N=200
Within Minutes
By Agency’s Ability to Provide Managers with
Evidence of IT Controls
Excellent Good Fair/Poor
Rogue devices on the network 59% 43% 29%
Inappropriate internet access by insiders 59% 39% 14%
Distributed denial of device attacks 52% 43% 24%
Misuse/abuse of credentials 50% 42% 14%
Presence of malware or ransomware 44% 32% 19%
Unauthorized configuration changes 44% 32% 7%
Cross site scripting attacks 39% 20% 10%
Patches not up to date 31% 14% 5%
Phishing attacks 30% 17% 5%
= statistically significant difference
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RISK MANAGEMENT 20
• Those who indicate their IT security practices are more robust than the commercial sector are significantly more
able to detect rogue devices, distributed denial of device attacks, inappropriate internet access by insiders, and
unauthorized configuration changes within minutes.
• A significantly greater proportion of defense than civilian respondents indicate their organization can detect
misuse of credentials within minutes.
Security Event Detection Speed Differences
How long does it typically take your organization to detect and/or analyze the following security events?
N=200 = statistically significant difference
Within Minutes
By Agency's IT Security Practices Relative to the
Commercial Sector
More Robust On Par Not as Robust
Rogue devices on the
network 62% 38% 28%
Distributed denial of device
attacks
52% 36% 36%
Inappropriate internet
access by insiders 49% 39% 23%
Unauthorized configuration
changes 45% 25% 15%
Within Minutes By Agency Type
Defense Civilian
Misuse/Abuse of
credentials
48% 32%
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
6% 4% 4% 4% 4%
6%
3% 7% 12% 12%
46%
44%
45%
45% 48%
42% 50% 44% 38% 34%
IDENTIFY PROTECT DETECT RESPOND RECOVER
Mature
Somewhat mature
Not at all mature
DK
COMPLIANCE AND MANDATE SENTIMENTS 21
• The majority of respondents describe their agency at least somewhat mature for all five areas of the NIST
Framework for Improving Critical Infrastructure Cybersecurity. The weakest areas are RESPOND and RECOVER
with 12% noting they are not at all mature.
NIST Framework Maturity
How would you describe your agency’s maturity of each of the five areas of the NIST Framework for Improving Critical Infrastructure Cybersecurity?
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
COMPLIANCE AND MANDATE SENTIMENTS 22
• A significantly greater proportion of respondents that
indicate their IT security practices are at least on par with the
commercial sector, respondents that indicate their agency’s
ability to provide evidence of IT controls as excellent, and
respondents prepared to manage IoT devices describe their
agency’s maturity in each of the five areas of the NIST
Framework for Improving Critical Infrastructure Cybersecurity
as mature.
NIST Framework Maturity
How would you describe your agency’s maturity of each of the five areas of the NIST Framework for Improving Critical Infrastructure Cybersecurity?
= statistically significant difference
Mature
By Agency’s Ability to Provide Managers
with Evidence of IT Controls
Excellent Good Fair/Poor
Identify 67% 35% 31%
Protect 67% 45% 38%
Detect 65% 38% 36%
Respond 59% 36% 19%
Recover 61% 30% 12%
Mature
By Agency's IT Security Practices Relative to
the Commercial Sector
More Robust On Par Not as Robust
Identify 65% 36% 18%
Protect 70% 47% 21%
Detect 71% 39% 10%
Respond 52% 37% 18%
Recover 51% 32% 13%
Mature
By Preparedness to Discover, Manage and
Secure Internet of Things (IoT) Devices
Completely
Prepared/Some
Enhancements
Required
Major Upgrades of
Security Controls
Needed/Totally
Unprepared
Identify 47% 32%
Protect 57% 30%
Detect 54% 21%
Respond 46% 19%
Recover 43% 12%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
COMPLIANCE AND MANDATE SENTIMENTS 23
• Over half of respondents agree the NIST Cybersecurity Framework has been successful in promoting a dialog
about managing risk. Opinions are split as to whether federal IT professionals fully understand the Framework.
NIST Framework
To what extent do you agree or disagree with the following statements regarding IT security?
10%
6%
25%
10%
27%
30%
33%
44%
6%
11%
0% 20% 40% 60% 80% 100%
Federal IT professionals fully understand the NIST
Cybersecurity Framework
Since its introduction in 2014 the NIST Cybersecurity
Framework has been successful in promoting a dialogue
about managing risk
Strongly disagree Somewhat disagree Neither agree or disagree Somewhat agree Strongly agree
% Strongly/
Somewhat
Agree
55%
38%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
4%
4%
2%
9%
10%
8%
30%
28%
15%
45%
41%
48%
12%
18%
26%
0% 20% 40% 60% 80% 100%
My agency’s ability to pass OMB, CCRI and other audits
has improved
Compliance has helped my agency improve its
cybersecurity capabilities
Regarding IT security, federal agencies are more proactive
than they were 5 years ago
Strongly disagree Somewhat disagree Neither agree or disagree Somewhat agree Strongly agree
COMPLIANCE AND MANDATE SENTIMENTS 24
• Three quarters agree federal agencies are more proactive regarding IT security than they were five years ago.
Security Improvement
To what extent do you agree or disagree with the following statements regarding IT security?
% Strongly/
Somewhat
Agree
75%
60%
56%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
COMPLIANCE AND MANDATE SENTIMENTS 25
• Seven in ten agree that being compliant does not necessarily mean being secure.
Compliance and Risk Management
To what extent do you agree or disagree with the following statements regarding IT security?
4%
2%
4%
18%
14%
8%
24%
26%
18%
43%
46%
32%
10%
13%
39%
0% 20% 40% 60% 80% 100%
Security regulations and mandates lead to complacency
since tasks are performed to ‘check a box’
Risk management is too often treated as a compliance
issue at my agency
Being compliant does not necessarily mean being secure
Strongly disagree Somewhat disagree Neither agree or disagree Somewhat agree Strongly agree
% Strongly/
Somewhat
Agree
70%
58%
54%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
COMPLIANCE AND MANDATE SENTIMENTS 26
• Over two thirds agree implementation of relevant standards is critical to achieve their cybersecurity targets.
Success Factors
To what extent do you agree or disagree with the following statements regarding IT security?
4%
3%
8%
4%
26%
26%
44%
40%
18%
28%
0% 20% 40% 60% 80% 100%
Agencies that merge and balance both risk management
and compliance are more likely to avoid IT security issues
Implementation of relevant standards is critical to achieve
our cybersecurity targets
Strongly disagree Somewhat disagree Neither agree or disagree Somewhat agree Strongly agree
% Strongly/
Somewhat
Agree
68%
62%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
COMPLIANCE AND MANDATE SENTIMENTS 27
• A significantly greater proportion of civilian than defense respondents agree federal IT professionals fully
understand the NIST Cybersecurity Framework.
• A greater proportion of respondents that indicate their agency’s ability to provide evidence of IT controls as
excellent or good and respondents that are prepared to manage IoT devices agree their agency’s ability to pass
OMB, CCRI and other audits has improved.
Sentiment Differences
To what extent do you agree or disagree with the following statements regarding IT security?
= statistically significant difference
% Strongly /Somewhat Agree By Agency Type
Defense Civilian
Federal IT professionals fully understand
the NIST Cybersecurity Framework
28% 46%
% Strongly /Somewhat Agree
By Agency’s Ability to Provide Managers
with Evidence of IT Controls
Excellent Good Fair/Poor
My agency’s ability to pass
OMB, CCRI and other audits
has improved
63% 63% 31%
% Strongly /Somewhat Agree
By Preparedness to Discover, Manage and
Secure Internet of Things (IoT) Devices
Completely
Prepared/Some
Enhancements
Required
Major Upgrades of
Security Controls
Needed/Totally
Unprepared
My agency’s ability to pass
OMB, CCRI and other audits
has improved
62% 42%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
NETWORK MODERNIZATION 28
• Two thirds think federal agencies’ efforts regarding network modernization has resulted in an increase in IT
security challenges.
Network Modernization
Do you think federal agencies’ efforts regarding network modernization have resulted in an increase or decrease in the IT security challenges faced?
N=200
66%
13%
20%
Increase
Decrease
No effect
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
NETWORK MODERNIZATION 29
• Half of the respondents that believe IT security challenges have increased as a result of network modernization
indicate it is due to more vulnerabilities in new technology stacks, the burden of supporting new and legacy
systems and lack of training on new technologies.
Increased Security Challenges
What are the reasons you believe IT security challenges have increased as a result of network modernization? (select all that apply)
N=133
Note: Multiple responses allowed
3%
39%
42%
50%
51%
53%
0% 10% 20% 30% 40% 50% 60%
Other
New technologies are not deployed correctly
New technologies are not fully deployed
Lack of training on new technologies
Burden of supporting new technologies and legacy systems
More vulnerabilities in new technology stacks
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
What are the reasons you believe IT security challenges have decreased as a result of network modernization? (select all that apply)
NETWORK MODERNIZATION 30
• Most respondents that believe IT security challenges have decreased as a result of network modernization believe
it is due to better tools for automated protection and remediation.
Decreased Security Challenges
N=26
Note: Multiple responses allowed
0%
19%
31%
54%
65%
85%
0% 20% 40% 60% 80% 100%
Other
Fewer systems to maintain
Newer technologies contain smaller attack surfaces
Less legacy equipment to maintain
Stronger built-in security features of new equipment
Better tools for automated protection and remediation
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
NETWORK MODERNIZATION 31
• Lack of funding is the top factor that respondents indicate hinders their agency’s ability to advance its network
modernization efforts. One half also noted the federal procurement process as hindrance.
Obstacles of Network Modernization
What are the top three factors that hinder your agency’s ability to advance its network modernization efforts? (select three)
N=200
Note: Multiple responses allowed
2%
20%
24%
31%
34%
38%
50%
55%
0% 10% 20% 30% 40% 50% 60%
Other
Unrealistic goals and timelines
Lack of top management commitment
Increasing network complexity
Lack of skilled staff
Conflicting priorities
Complex and long federal procurement process
Lack of funding
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
TOOLS AND PRACTICES 32
• Over two thirds indicate the effectiveness is high for Smart Card/CAC to foster network and application security.
Security Product Effectiveness
The following are tools and practices that foster network and application security. Please indicate the effectiveness for each.
8%
6%
8%
2%
4%
4%
4%
3%
2%
3%
14%
7%
9%
11%
8%
8%
7%
6%
4%
4%
48%
51%
48%
49%
47%
44%
44%
44%
38%
26%
32%
36%
36%
38%
42%
45%
46%
48%
56%
68%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Messaging security software
SIEM software
File integrity monitoring software
Web application security tools
Configuration management software
Patch management software
Network admission control (NAC) solutions
Endpoint security software
Identity and access management tools
Smart Card / Common Access Card
Don't use Low Moderate High
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
TOOLS AND PRACTICES 33
• A significantly greater proportion of respondents that indicate their agency’s ability to provide evidence of IT
controls is excellent indicate most tools are high in effectiveness in fostering network and application security.
• A significantly greater proportion of defense respondents indicate Smart Cards are effective, while significantly
more civilian respondents indicate endpoint security, patch management, and messaging security software are
highly effective.
Security Product Effectiveness Differences
The following are tools and practices that foster network and application security. For each, please indicate the effectiveness for each.
High
By Agency’s Ability to Provide Managers with
Evidence of IT Controls
Excellent Good Fair/Poor
Endpoint security software 61% 44% 38%
Network admission control (NAC) solutions 61% 40% 38%
Configuration management software 57% 41% 21%
Web application security tools 56% 30% 33%
Patch management software 54% 46% 31%
File integrity monitoring software 52% 38% 10%
SIEM software 52% 35% 21%
Messaging security software 46% 28% 21%
= statistically significant difference
High By Agency Type
Defense Civilian
Smart Card / Common access
card for authentication 76% 61%
Endpoint security software 36% 56%
Patch management software 30% 56%
Messaging security software 20% 40%
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
INTERNET OF THINGS 34
• The majority of respondents indicate some enhancements are required to discover, manage and secure Internet
of Things (IoT) devices.
• A greater proportion of respondents that indicate their agency’s ability to provide evidence of IT controls as
excellent and those who indicate their IT security practices are more robust than the commercial sector are
completely prepared.
Agency Assessment – Prepared for IoT
Given the current state of your agency’s overall security controls, how would you rate your preparedness to discover, manage and secure Internet of Things (IoT) devices?
N=200
5%
24%
60%
12%
Totally unprepared
Major upgrades of security
controls needed
Some enhancements required
Completely prepared
0% 10% 20% 30% 40% 50% 60% 70%
By Agency's IT Security Practices Relative to
the Commercial Sector
More Robust On Par Not as Robust
Completely prepared 23% 8% 3%
Some enhancements required 61% 65% 44%
Major upgrades needed 14% 22% 44%
By Agency’s Ability to Provide Managers
with Evidence of IT Controls
Excellent Good Fair/Poor
Completely prepared 30% 7% 2%
Some enhancements required 52% 68% 48%
Major upgrades needed 15% 24% 33%
= statistically significant difference
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
INTERNET OF THINGS 35
• Increased attack surface is noted most often as the greatest security challenge that agencies will face as the
Internet of Things (IoT) evolves.
IoT Security Challenges
What are the three greatest security challenges and concerns that agencies will face as the Internet of Things (IoT) evolves? (select three)
N=200
Note: Multiple responses allowed
2%
22%
22%
26%
33%
35%
36%
36%
38%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Other
Collection of IoT device data by third parties
Inability to detect and inventory IoT devices
Lack of updates of IoT devices
Out of date software/firmware running on IoT devices
Potential data privacy issues
Lack of IT staff knowledgeable of IoT
Inconsistency of the security on connected devices
Increased attack surface
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SECURITY COMPARISON TO COMMERCIAL SECTOR 36
• Nearly half feel their agency’s security practices and protocols are on par with the commercial sector.
Security Comparison to Commercial Sector
In general, how would you compare your agency’s IT security practices and protocols relative to those in the commercial sector? My agency’s security practices and protocols are:
N=200
34%
46%
20%
More robust than the
commercial sector
On par with the
commercial sector
Not as robust as the
commercial sector
0%
10%
20%
30%
40%
50%
My agency’s security practices and protocols are…
= statistically significant difference
By Agency’s Ability to Provide
Managers with Evidence of IT Controls
Excellent Good Fair/Poor
More robust than the
commercial sector 52% 33% 17%
By Agency Type
Defense Civilian
More robust than the
commercial sector
45% 26%
By Preparedness to Discover, Manage and
Secure Internet of Things (IoT) Devices
Completely
Prepared/Some
Enhancements
Required
Major Upgrades of
Security Controls
Needed/Totally
Unprepared
More robust than the
commercial sector 41% 19%
• Defense respondents, those who rate their agency’s ability to provide
evidence of IT controls as excellent, and those that are prepared to manage
IoT devices indicate significantly more that their agency’s security practices
are more robust than the commercial sector.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Select Comments
COMMENTS 37
Please feel free to share any other comments or concerns regarding your agency’s IT security challenges and success stories. (open end)
Hard to hire skilled people in a timely fashion, huge gaps in knowledge. [CIVILIAN]
Despite all the outside threats, our worst security problems have come from insider issues - some of it malfeasance, some of
it ignorance, some of it laziness. This despite non-stop documented training in all these area. [DEFENSE]
Conflicting compliance and procurement regulations. [DEFENSE]
A big problem for us is a desire on the part of many to integrate our software system with contractors that serve us. Not a
bad idea except we literally have 50,000 different contractors we deal with on a daily basis. This may be possible for some of
the largest contractors but not all. [DEFENSE]
Poor BYOD policies have led to more challenges. [DEFENSE]
Our equipment is shamefully outdated. [CIVILIAN]
Complexity of regulatory framework adds to challenges. [DEFENSE]
“
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
KEY TAKEAWAYS 38
Key Takeaways
• Overall, the majority of agency decision makers rate themselves highly for evidence of appropriate IT
controls and believe they are on par with or more robust than the commercial sector in terms of IT security
practices and tools. Three quarters believe federal agencies are more proactive regarding IT security than
five years ago.
• Budget constraints continue to be an obstacle to improving IT security at their agencies as well as impeding
the detection and remediation of security issues. Lack of funding is also hindering agencies’ ability to
advance its network modernization efforts.
• Careless/untrained insiders, foreign governments and the general hacking community continue to be the
top sources of IT security threats similar to the past three years. SPAM and Malware are noted as
increasing in the last 12 months.
• Though the majority agree that compliance has helped their agency improve its cybersecurity capabilities,
seven in ten believe that being compliant does not necessarily mean being secure. Over half believe that
security regulations and mandates can lead to complacency since tasks are performed to ‘check a box’.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
KEY TAKEAWAYS 39
Key Takeaways
• The majority believe that NIST’s Cybersecurity Framework has been successful in promoting a dialogue
about managing risk and more than eight in ten indicate their agencies are at least somewhat mature in
each of the five areas of the Framework. Still over a third agree that federal IT professionals don’t fully
understand the Framework.
• Two-thirds think that federal agencies’ effort regarding network modernization has resulted in an increase
of IT security challenges. Respondents cite more vulnerabilities in new technology stacks, the burden of
supporting new and legacy systems and lack of training on new technologies as reasons for the increased
challenges.
• Few feel their agencies are completely prepared to discover, manage and secure the Internet of Things. The
majority believe that at least some enhancements are required. IoT brings a number of security challenges,
most notably an increased attack surface, inconsistency of security in connected devices and the lack of
knowledgeable IT staff.
• Smart Cards and identify access management tools are rated most often as highly effective tools that foster
network and application security.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
RESEARCH TO INFORM STRATEGIC DECISION-MAKING 40
Contact Information
Laurie Morrow, VP, Research Strategy | Market Connections, Inc.
11350 Random Hills Road, Suite 800 | Fairfax, VA 22033 | 703.378.2025
LaurieM@marketconnectionsinc.com
Lisa M. Sherwin Wulf, Director of Marketing - Federal & National Government| SolarWinds
703.386.2628
Lisa.SherwinWulf@solarwinds.com
www.solarwinds.com/federal
LinkedIn: SolarWinds Government

More Related Content

What's hot

Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
TLS 1.3 Adoption in the Enterprise: Growing Encryption Use Extends to New St...
TLS 1.3 Adoption in the Enterprise:  Growing Encryption Use Extends to New St...TLS 1.3 Adoption in the Enterprise:  Growing Encryption Use Extends to New St...
TLS 1.3 Adoption in the Enterprise: Growing Encryption Use Extends to New St...Enterprise Management Associates
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for SecurityTripwire
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...Precisely
 
Top 10 leading fraud detection and prevention solution providers
Top 10 leading fraud detection and prevention solution providersTop 10 leading fraud detection and prevention solution providers
Top 10 leading fraud detection and prevention solution providersMerry D'souza
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
NFP Speak: COVID-19 Webinar Series - Part 3 - IT & Cybersecurity Risk Awareness
NFP Speak: COVID-19 Webinar Series - Part 3 - IT & Cybersecurity Risk AwarenessNFP Speak: COVID-19 Webinar Series - Part 3 - IT & Cybersecurity Risk Awareness
NFP Speak: COVID-19 Webinar Series - Part 3 - IT & Cybersecurity Risk AwarenessCitrin Cooperman
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataEnterprise Management Associates
 

What's hot (20)

Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
TLS 1.3 Adoption in the Enterprise: Growing Encryption Use Extends to New St...
TLS 1.3 Adoption in the Enterprise:  Growing Encryption Use Extends to New St...TLS 1.3 Adoption in the Enterprise:  Growing Encryption Use Extends to New St...
TLS 1.3 Adoption in the Enterprise: Growing Encryption Use Extends to New St...
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for Security
 
Productivity 3.0
Productivity 3.0Productivity 3.0
Productivity 3.0
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
 
Top 10 leading fraud detection and prevention solution providers
Top 10 leading fraud detection and prevention solution providersTop 10 leading fraud detection and prevention solution providers
Top 10 leading fraud detection and prevention solution providers
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
NFP Speak: COVID-19 Webinar Series - Part 3 - IT & Cybersecurity Risk Awareness
NFP Speak: COVID-19 Webinar Series - Part 3 - IT & Cybersecurity Risk AwarenessNFP Speak: COVID-19 Webinar Series - Part 3 - IT & Cybersecurity Risk Awareness
NFP Speak: COVID-19 Webinar Series - Part 3 - IT & Cybersecurity Risk Awareness
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
 

Similar to SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Modernization, and Careless Insiders Undermine Federal Agencies’ Security Posture

SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...SolarWinds
 
SolarWinds Federal Cybersecurity Survey 2015
SolarWinds Federal Cybersecurity Survey 2015SolarWinds Federal Cybersecurity Survey 2015
SolarWinds Federal Cybersecurity Survey 2015SolarWinds
 
SolarWinds Public Sector Cybersecurity Survey Report 2020
SolarWinds Public Sector Cybersecurity Survey Report 2020SolarWinds Public Sector Cybersecurity Survey Report 2020
SolarWinds Public Sector Cybersecurity Survey Report 2020SolarWinds
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsIvanti
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...SolarWinds
 
SolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity SurveySolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity SurveySolarWinds
 
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...SolarWinds
 
SolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring SurveySolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring SurveySolarWinds
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Enterprise Management Associates
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summarypatmisasi
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey  Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 

Similar to SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Modernization, and Careless Insiders Undermine Federal Agencies’ Security Posture (20)

SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
SolarWinds Federal Cybersecurity Survey 2015
SolarWinds Federal Cybersecurity Survey 2015SolarWinds Federal Cybersecurity Survey 2015
SolarWinds Federal Cybersecurity Survey 2015
 
SolarWinds Public Sector Cybersecurity Survey Report 2020
SolarWinds Public Sector Cybersecurity Survey Report 2020SolarWinds Public Sector Cybersecurity Survey Report 2020
SolarWinds Public Sector Cybersecurity Survey Report 2020
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
 
SolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity SurveySolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity Survey
 
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
 
SolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring SurveySolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring Survey
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey  Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 

More from SolarWinds

SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...SolarWinds
 
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...SolarWinds
 
Government Webinar: Alerting and Reporting in the Age of Observability
Government Webinar: Alerting and Reporting in the Age of ObservabilityGovernment Webinar: Alerting and Reporting in the Age of Observability
Government Webinar: Alerting and Reporting in the Age of ObservabilitySolarWinds
 
Government and Education Webinar: Full Stack Observability
Government and Education Webinar: Full Stack ObservabilityGovernment and Education Webinar: Full Stack Observability
Government and Education Webinar: Full Stack ObservabilitySolarWinds
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsSolarWinds
 
Government and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
Government and Education Webinar: Real-Time Mission, CIO, and Command DashboardsGovernment and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
Government and Education Webinar: Real-Time Mission, CIO, and Command DashboardsSolarWinds
 
Government and Education Webinar: Simplify Your Database Performance Manageme...
Government and Education Webinar: Simplify Your Database Performance Manageme...Government and Education Webinar: Simplify Your Database Performance Manageme...
Government and Education Webinar: Simplify Your Database Performance Manageme...SolarWinds
 
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...SolarWinds
 
Government and Education Webinar: Leverage Automation to Improve IT Operations
Government and Education Webinar: Leverage Automation to Improve IT OperationsGovernment and Education Webinar: Leverage Automation to Improve IT Operations
Government and Education Webinar: Leverage Automation to Improve IT OperationsSolarWinds
 
Government and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceGovernment and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceSolarWinds
 
Government and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid WorkforceGovernment and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid WorkforceSolarWinds
 
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...SolarWinds
 
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds
 
Government and Education Webinar: Zero-Trust Panel Discussion
Government and Education Webinar: Zero-Trust Panel Discussion Government and Education Webinar: Zero-Trust Panel Discussion
Government and Education Webinar: Zero-Trust Panel Discussion SolarWinds
 
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...SolarWinds
 
Government and Education Webinar: SQL Server—Advanced Performance Tuning
Government and Education Webinar: SQL Server—Advanced Performance Tuning Government and Education Webinar: SQL Server—Advanced Performance Tuning
Government and Education Webinar: SQL Server—Advanced Performance Tuning SolarWinds
 
Government and Education Webinar: Recovering IP Addresses on Your Network
Government and Education Webinar: Recovering IP Addresses on Your NetworkGovernment and Education Webinar: Recovering IP Addresses on Your Network
Government and Education Webinar: Recovering IP Addresses on Your NetworkSolarWinds
 
Government and Education Webinar: Optimize Performance With Advanced Host Mon...
Government and Education Webinar: Optimize Performance With Advanced Host Mon...Government and Education Webinar: Optimize Performance With Advanced Host Mon...
Government and Education Webinar: Optimize Performance With Advanced Host Mon...SolarWinds
 
Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges SolarWinds
 
Government and Education Webinar: SQL Server—Indexing for Performance
Government and Education Webinar: SQL Server—Indexing for PerformanceGovernment and Education Webinar: SQL Server—Indexing for Performance
Government and Education Webinar: SQL Server—Indexing for PerformanceSolarWinds
 

More from SolarWinds (20)

SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
SolarWinds Government and Education Webinar: Greatest SolarWinds Features I N...
 
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
SolarWinds Government and Education Webinar: Gaps Exist in Your Monitoring In...
 
Government Webinar: Alerting and Reporting in the Age of Observability
Government Webinar: Alerting and Reporting in the Age of ObservabilityGovernment Webinar: Alerting and Reporting in the Age of Observability
Government Webinar: Alerting and Reporting in the Age of Observability
 
Government and Education Webinar: Full Stack Observability
Government and Education Webinar: Full Stack ObservabilityGovernment and Education Webinar: Full Stack Observability
Government and Education Webinar: Full Stack Observability
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
 
Government and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
Government and Education Webinar: Real-Time Mission, CIO, and Command DashboardsGovernment and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
Government and Education Webinar: Real-Time Mission, CIO, and Command Dashboards
 
Government and Education Webinar: Simplify Your Database Performance Manageme...
Government and Education Webinar: Simplify Your Database Performance Manageme...Government and Education Webinar: Simplify Your Database Performance Manageme...
Government and Education Webinar: Simplify Your Database Performance Manageme...
 
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
 
Government and Education Webinar: Leverage Automation to Improve IT Operations
Government and Education Webinar: Leverage Automation to Improve IT OperationsGovernment and Education Webinar: Leverage Automation to Improve IT Operations
Government and Education Webinar: Leverage Automation to Improve IT Operations
 
Government and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application PerformanceGovernment and Education Webinar: Improving Application Performance
Government and Education Webinar: Improving Application Performance
 
Government and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid WorkforceGovernment and Education: IT Tools to Support Your Hybrid Workforce
Government and Education: IT Tools to Support Your Hybrid Workforce
 
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
Government and Education Webinar: There's More Than One Way to Monitor SQL Da...
 
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...
 
Government and Education Webinar: Zero-Trust Panel Discussion
Government and Education Webinar: Zero-Trust Panel Discussion Government and Education Webinar: Zero-Trust Panel Discussion
Government and Education Webinar: Zero-Trust Panel Discussion
 
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
Government and Education: Leveraging The SolarWinds Orion Assistance Program ...
 
Government and Education Webinar: SQL Server—Advanced Performance Tuning
Government and Education Webinar: SQL Server—Advanced Performance Tuning Government and Education Webinar: SQL Server—Advanced Performance Tuning
Government and Education Webinar: SQL Server—Advanced Performance Tuning
 
Government and Education Webinar: Recovering IP Addresses on Your Network
Government and Education Webinar: Recovering IP Addresses on Your NetworkGovernment and Education Webinar: Recovering IP Addresses on Your Network
Government and Education Webinar: Recovering IP Addresses on Your Network
 
Government and Education Webinar: Optimize Performance With Advanced Host Mon...
Government and Education Webinar: Optimize Performance With Advanced Host Mon...Government and Education Webinar: Optimize Performance With Advanced Host Mon...
Government and Education Webinar: Optimize Performance With Advanced Host Mon...
 
Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges Government and Education Webinar: Conquering Remote Work IT Challenges
Government and Education Webinar: Conquering Remote Work IT Challenges
 
Government and Education Webinar: SQL Server—Indexing for Performance
Government and Education Webinar: SQL Server—Indexing for PerformanceGovernment and Education Webinar: SQL Server—Indexing for Performance
Government and Education Webinar: SQL Server—Indexing for Performance
 

Recently uploaded

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 

Recently uploaded (20)

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 

SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Modernization, and Careless Insiders Undermine Federal Agencies’ Security Posture

  • 1. © 2017 Market Connections, Inc. SolarWinds® Federal Cybersecurity Survey Summary Report 2017 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  • 2. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Background and Objectives 2 SolarWinds contracted Market Connections to design and conduct an online survey among 200 federal government IT decision makers and influencers in July 2017. SolarWinds was not revealed as the sponsor of the survey. The main objectives of the survey were to: • Determine challenges faced by IT professionals to prevent IT security threats • Quantify sources and types of IT security threats • Determine elements that aid successful management of risk • Gauge sentiments regarding mandates and compliance • Address the affects of network modernization on agency IT security challenges • Quantify security issues regarding the Internet of Things (IoT) Throughout the report, notable significant differences are reported. Due to rounding, graphs may not add up to 100%. BACKGROUND AND OBJECTIVES
  • 3. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1% 2% 3% 40% 55% 0% 10% 20% 30% 40% 50% 60% Federal Legislature Federal Judicial Branch Intelligence Agency Department of Defense or Military Service Federal, Civilian or Independent Government Agency Organizations Represented RESPONDENT CLASSIFICATIONS 3 • A variety of defense and civilian agencies are represented in the survey sample. Organizations Represented Which of the following best describes your current employer? What agency do you work for? N=200 Sample Organizations Represented (In Alphabetical Order) Air Force Department of the Interior (DOI) Army Department of Transportation (DOT) Department of Commerce (DOC) Department of Treasury (TREAS) Department of Defense (DOD) Department of Veteran Affairs (VA) Department of Health and Human Services (HHS) Environmental Protection Agency (EPA) Department of Homeland Security (DHS) Navy Department of Justice (DOJ) Securities and Exchange Commission (SEC) Department of Labor (DOL) Social Security Administration (SSA) Department of State (DOS) US Postal Service (USPS)
  • 4. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RESPONDENT CLASSIFICATIONS 4 • All respondents are knowledgeable or involved in decisions and recommendations regarding IT operations and management and IT security solutions and services. Decision Making Involvement How are you involved in your organization’s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all that apply) N=200 Note: Multiple responses allowed 6% 24% 46% 47% 50% 51% 0% 10% 20% 30% 40% 50% 60% Other involvement Make the final decision Manage or implement security/IT operations Evaluate or recommend firms Develop technical requirements On a team that makes decisions
  • 5. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RESPONDENT CLASSIFICATIONS 5 • A variety of job functions and tenures are represented in the sample, with most being IT management and working at their current agency for over 20 years. Job Function and Tenure Which of the following best describes your current job title/function? How long have you been working at your current agency? N=200 12% 2% 6% 11% 14% 26% 28% 0% 10% 20% 30% Other CSO/CISO CIO/CTO Security/IA director or manager Security/IA staff IT/IS staff IT director/manager Job Function Examples Include: • Director of Procurement • Program Manager • Strategic Planner 1% 4% 8% 20% 21% 18% 28% 0% 10% 20% 30% 40% Less than 1 Year 1-2 Years 3-4 Years 5-9 Years 10-14 Years 15-20 Years 20+ Years Tenure
  • 6. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. AGENCY ASSESSMENT 6 Agency Assessment – Evidence of IT Controls How would you describe your agency’s ability to provide managers and auditors with evidence of appropriate IT controls? N=200 2% 18% 52% 27% Poor - We lack the necessary tools & documentation to provide evidence of IT controls. Fair - We have outdated policies, procedures and technology in place. Reports are generated on an ad-hoc basis. Good - We have updated policies, procedures and technology. Reports are generated on a regular basis. Excellent - We have documented policies, procedures and technology in place to validate controls via scheduled reports. 0% 10% 20% 30% 40% 50% 60% Excellent/ Good 79% • More than three quarters describe their agency’s ability to provide managers and auditors with evidence of appropriate IT controls as either excellent or good.
  • 7. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. IT SECURITY OBSTACLES, THREATS AND BREACHES 7 • Similar to the 2016 survey, budget constraints top the list of significant obstacles to maintaining or improving agency IT security. IT Security Obstacles What is the most significant high-level obstacle to maintaining or improving IT security at your agency? N=200 2% 2% 4% 5% 7% 8% 11% 15% 16% 30% 0% 5% 10% 15% 20% 25% 30% 35% Other Lack of technical solutions available at my agency Lack of clear standards Lack of manpower Inadequate collaboration with other internal teams Lack of training for personnel Lack of top-level direction and leadership Complexity of internal environment Competing priorities and other initiatives Budget constraints By Agency Type Defense Civilian 2% 11% By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor 7% 19% 21% = statistically significant difference
  • 8. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. IT SECURITY OBSTACLES, THREATS AND BREACHES 8 • Careless/untrained insiders and foreign governments are noted as the largest sources of security threats at federal agencies. Significantly more defense than civilian respondents indicate malicious insiders is a security threat at their agency. Sources of Security Threats What are the greatest sources of IT security threats to your agency? (select all that apply) N=200 Note: Multiple responses allowed 2% 1% 2% 12% 17% 20% 29% 34% 38% 48% 54% 0% 10% 20% 30% 40% 50% 60% None of the above Other Unsure of these threats Industrial spies For-profit crime Terrorists Malicious insiders Hacktivists General hacking community Foreign governments Careless/untrained insiders By Agency Type Defense Civilian 40% 21% = statistically significant difference
  • 9. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. IT SECURITY OBSTACLES, THREATS AND BREACHES 9 • There has been no significant reduction in the various sources of security threats. Since 2014, respondents indicate significant increases in threats from both careless/untrained and malicious insiders. Sources of Security Threats – Trend What are the greatest sources of IT security threats to your agency? (select all that apply) N=200 Note: Multiple responses allowed = statistically significant difference= top 3 sources 2014 2015 2016 2017 Careless/untrained insiders 42% 53% 48% 54% Foreign governments 34% 38% 48% 48% General hacking community 47% 46% 46% 38% Hacktivists 26% 30% 38% 34% Malicious insiders 17% 23% 22% 29% Terrorists 21% 18% 24% 20% For-profit crime 11% 14% 18% 17% Industrial spies 6% 10% 16% 12%
  • 10. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12% 10% 18% 16% 11% 14% 9% 12% 14% 16% 74% 68% 58% 59% 60% 49% 54% 45% 35% 32% 14% 22% 23% 25% 29% 37% 37% 43% 50% 52% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% APT Mobile device theft Physical security attacks Insider data leakage/Theft Denial of service External hacking Ransomware Social engineering Malware SPAM Decreased No Change Increased IT SECURITY OBSTACLES, THREATS AND BREACHES 10 • In the past 12 months, half of respondents have seen SPAM and malware increase at their agency. Change in Security Threats In the past 12 months, has your agency seen any changes in the following types of cyber security threats? N=200
  • 11. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. IT SECURITY OBSTACLES, THREATS AND BREACHES 11 • Significantly more civilian than defense respondents indicate seeing an increase in malware. • A significantly greater proportion of respondents that rate their agency’s ability to provide managers with evidence of IT controls as fair/poor tend to indicate they have seen an increase in SPAM, external hacking, and denial of service. • A significantly greater proportion of respondents that rate their agency’s ability to provide evidence of IT controls as excellent indicate they have seen a decrease in most cyber security threats. Change in Security Threats Differences In the past 12 months, has your agency seen any changes in the following types of cyber security threats? % DECREASED By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor Physical security attacks 30% 16% 10% Insider data leakage/Theft 26% 11% 17% Malware 26% 11% 10% Social engineering 22% 10% 5% Denial of service 22% 9% 2% APT 20% 11% 2% = statistically significant difference % INCREASED By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor SPAM 39% 56% 62% External hacking 30% 35% 52% Denial of service 26% 23% 48% % INCREASED By Agency Type Defense Civilian Malware 42% 57% N=200
  • 12. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. IT SECURITY OBSTACLES, THREATS AND BREACHES 12 • Half of respondents note a shortage of funding and resources is the greatest impediment to detection and remediation of security issues at their agency. Impediments of Detection and Remediation Which of the following are the greatest impediments to detection and remediation of security issues at your agency? (select all that apply) N=200 Note: Multiple responses allowed 4% 18% 20% 20% 21% 22% 30% 31% 38% 50% 0% 10% 20% 30% 40% 50% 60% Other Lack of central reporting and remediation controls Difficulty seeing into cloud-based applications and processes Insufficient collection of operational & security-related data to detect threats Lack of visibility into the network traffic and logs Inability to link response systems to root out the cause Insufficient training of IT staff to detect, respond and remediate security issues Insufficient user awareness training Shortage of skills Shortage of funding and resources
  • 13. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. IT SECURITY OBSTACLES, THREATS AND BREACHES 13 • A greater proportion of respondents that indicate their agency’s ability to provide evidence of IT controls as fair/poor indicate significantly more insufficient IT and user training, insufficient data collection and monitoring, and lack of central reporting controls are impediments to detecting and remediating security issues. • A significantly greater proportion of civilian than defense respondents indicate inability to link response systems to root out the cause is an impediment to detecting and remediating issues. Impediments Differences Which of the following are the greatest impediments to detection and remediation of security issues at your agency? (select all that apply) N=200 Note: Multiple responses allowed = statistically significant difference By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor Insufficient training of IT staff to detect, respond and remediate security issues 26% 26% 43% Insufficient user awareness training 24% 29% 45% Insufficient collection or monitoring of operational and security-related data to correlate events and detect threats 22% 14% 33% Lack of central reporting and remediation controls 13% 14% 36% By Agency Type Defense Civilian Inability to link response systems to root out the cause 15% 27%
  • 14. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RISK MANAGEMENT 14 • Respondents most often indicate tools to monitor and report risk and IT modernization have contributed to successfully managing risk. Still, one third note IT modernization has posed more of a challenge. Managing Risk How have the items below challenged or contributed to your agency’s ability to manage risk as part of its overall security posture in the past 12 months? 46% 43% 38% 34% 20% 34% 26% 22% 30% 19% 28% 34% 3% 5% 8% 10% Tools to monitor and report risk IT modernization Network optimization Data center optimization DK/NA Had no effect Posed more of a challenge Contributed to success N=200
  • 15. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RISK MANAGEMENT 15 • Significantly more defense than civilian respondents indicate IT modernization contributed to successfully managing risk. • A significantly greater proportion of respondents that rate their agency’s ability to provide evidence of IT controls as excellent note IT modernization, tools to monitor and report risk, network optimization, and data center optimization have contributed to success. Managing Risk – Differences How have the items below challenged or contributed to your agency’s ability to manage risk as part of its overall security posture in the past 12 months? Contributed to Success By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor IT modernization 61% 37% 36% Tools to monitor and report risk 57% 40% 45% Network optimization 54% 30% 38% Data center optimization 48% 32% 24% = statistically significant difference Contributed to Success By Agency Type Defense Civilian IT modernization 51% 37% N=200
  • 16. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RISK MANAGEMENT 16 • Most respondents are split between cloud computing posing more of a challenge or having no effect. Respondents most often indicate Internet of Things had no effect, followed by posed more of a challenge. • A significantly greater proportion of respondents that rate their agency’s ability to provide evidence of IT controls as fair/poor note cloud computing posed more of a challenge. Managing Risk (Continued) How have the items below challenged or contributed to your agency’s ability to manage risk as part of its overall security posture in the past 12 months? 20% 9% 34% 32% 34% 42% 12% 17% Cloud computing Internet of Things (IoT) DK/NA Had no effect Posed more of a challenge Contributed to success = statistically significant difference Posed More of a Challenge By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor Cloud computing 26% 32% 48% N=200
  • 17. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RISK MANAGEMENT 17 • Over half indicate regulations and mandates posed more of a challenge. • Over half of respondents that indicate regulations contributed to success note Risk Management Framework contributed to their ability to manage risk, while over half that indicate regulations posed more of a challenge note Risk Management Framework posed more of a challenge to managing risk. Managing Risk - Regulations and Mandates How have the items below challenged or contributed to your agency’s ability to manage risk as part of its overall security posture in the past 12 months? What specific regulations and mandates have contributed/posed more of a challenge to your agency’s ability to manage risk as part of its overall security posture in the past 12 months? 24% 52% 20% 4% Regulations and Mandates DK/NA Had no effect Posed more of a challenge Contributed to success Contributed to Success (n=47) Posed More of a Challenge (n=104) Risk Management Framework 53% 51% NIST Framework for Improving Critical Infrastructure Cybersecurity 51% 38% FISMA 47% 31% DISA STIGs 38% 23% NIST Publications 30% 28% HIPAA 23% 26% PCI 13% 8% Other 4% 4% N=200 Note: Multiple responses allowed
  • 18. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RISK MANAGEMENT 18 • Respondents most often indicate their organization can detect rogue devices on the network within minutes. Security Event Detection Speed How long does it typically take your organization to detect and/or analyze the following security events? N=200 4% 4% 14% 6% 5% 7% 6% 7% 4% 2% 2% 3% 3% 1% 4% 2% 2% 3% 14% 4% 3% 9% 6% 7% 8% 4% 6% 33% 27% 22% 20% 19% 16% 20% 12% 18% 30% 44% 36% 31% 36% 28% 25% 34% 25% 17% 18% 23% 30% 32% 38% 40% 42% 44% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Patches not up to date Phishing attacks Cross site scripting attacks Unauthorized configuration changes Presence of malware or ransomware Misuse/abuse of credentials Inappropriate internet access by insiders Distributed denial of device attacks Rogue devices on the network Don't know/unsure No ability to detect Within a few weeks Within a few days Within one day Within minutes
  • 19. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RISK MANAGEMENT 19 • Respondents that indicate their agency’s ability to provide evidence of IT controls as excellent or good are significantly more able than respondents who rate their agency’s ability as fair/poor to detect most security threats within minutes. Security Event Detection Speed Differences How long does it typically take your organization to detect and/or analyze the following security events? N=200 Within Minutes By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor Rogue devices on the network 59% 43% 29% Inappropriate internet access by insiders 59% 39% 14% Distributed denial of device attacks 52% 43% 24% Misuse/abuse of credentials 50% 42% 14% Presence of malware or ransomware 44% 32% 19% Unauthorized configuration changes 44% 32% 7% Cross site scripting attacks 39% 20% 10% Patches not up to date 31% 14% 5% Phishing attacks 30% 17% 5% = statistically significant difference
  • 20. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RISK MANAGEMENT 20 • Those who indicate their IT security practices are more robust than the commercial sector are significantly more able to detect rogue devices, distributed denial of device attacks, inappropriate internet access by insiders, and unauthorized configuration changes within minutes. • A significantly greater proportion of defense than civilian respondents indicate their organization can detect misuse of credentials within minutes. Security Event Detection Speed Differences How long does it typically take your organization to detect and/or analyze the following security events? N=200 = statistically significant difference Within Minutes By Agency's IT Security Practices Relative to the Commercial Sector More Robust On Par Not as Robust Rogue devices on the network 62% 38% 28% Distributed denial of device attacks 52% 36% 36% Inappropriate internet access by insiders 49% 39% 23% Unauthorized configuration changes 45% 25% 15% Within Minutes By Agency Type Defense Civilian Misuse/Abuse of credentials 48% 32%
  • 21. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6% 4% 4% 4% 4% 6% 3% 7% 12% 12% 46% 44% 45% 45% 48% 42% 50% 44% 38% 34% IDENTIFY PROTECT DETECT RESPOND RECOVER Mature Somewhat mature Not at all mature DK COMPLIANCE AND MANDATE SENTIMENTS 21 • The majority of respondents describe their agency at least somewhat mature for all five areas of the NIST Framework for Improving Critical Infrastructure Cybersecurity. The weakest areas are RESPOND and RECOVER with 12% noting they are not at all mature. NIST Framework Maturity How would you describe your agency’s maturity of each of the five areas of the NIST Framework for Improving Critical Infrastructure Cybersecurity? N=200
  • 22. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. COMPLIANCE AND MANDATE SENTIMENTS 22 • A significantly greater proportion of respondents that indicate their IT security practices are at least on par with the commercial sector, respondents that indicate their agency’s ability to provide evidence of IT controls as excellent, and respondents prepared to manage IoT devices describe their agency’s maturity in each of the five areas of the NIST Framework for Improving Critical Infrastructure Cybersecurity as mature. NIST Framework Maturity How would you describe your agency’s maturity of each of the five areas of the NIST Framework for Improving Critical Infrastructure Cybersecurity? = statistically significant difference Mature By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor Identify 67% 35% 31% Protect 67% 45% 38% Detect 65% 38% 36% Respond 59% 36% 19% Recover 61% 30% 12% Mature By Agency's IT Security Practices Relative to the Commercial Sector More Robust On Par Not as Robust Identify 65% 36% 18% Protect 70% 47% 21% Detect 71% 39% 10% Respond 52% 37% 18% Recover 51% 32% 13% Mature By Preparedness to Discover, Manage and Secure Internet of Things (IoT) Devices Completely Prepared/Some Enhancements Required Major Upgrades of Security Controls Needed/Totally Unprepared Identify 47% 32% Protect 57% 30% Detect 54% 21% Respond 46% 19% Recover 43% 12% N=200
  • 23. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. COMPLIANCE AND MANDATE SENTIMENTS 23 • Over half of respondents agree the NIST Cybersecurity Framework has been successful in promoting a dialog about managing risk. Opinions are split as to whether federal IT professionals fully understand the Framework. NIST Framework To what extent do you agree or disagree with the following statements regarding IT security? 10% 6% 25% 10% 27% 30% 33% 44% 6% 11% 0% 20% 40% 60% 80% 100% Federal IT professionals fully understand the NIST Cybersecurity Framework Since its introduction in 2014 the NIST Cybersecurity Framework has been successful in promoting a dialogue about managing risk Strongly disagree Somewhat disagree Neither agree or disagree Somewhat agree Strongly agree % Strongly/ Somewhat Agree 55% 38% N=200
  • 24. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4% 4% 2% 9% 10% 8% 30% 28% 15% 45% 41% 48% 12% 18% 26% 0% 20% 40% 60% 80% 100% My agency’s ability to pass OMB, CCRI and other audits has improved Compliance has helped my agency improve its cybersecurity capabilities Regarding IT security, federal agencies are more proactive than they were 5 years ago Strongly disagree Somewhat disagree Neither agree or disagree Somewhat agree Strongly agree COMPLIANCE AND MANDATE SENTIMENTS 24 • Three quarters agree federal agencies are more proactive regarding IT security than they were five years ago. Security Improvement To what extent do you agree or disagree with the following statements regarding IT security? % Strongly/ Somewhat Agree 75% 60% 56% N=200
  • 25. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. COMPLIANCE AND MANDATE SENTIMENTS 25 • Seven in ten agree that being compliant does not necessarily mean being secure. Compliance and Risk Management To what extent do you agree or disagree with the following statements regarding IT security? 4% 2% 4% 18% 14% 8% 24% 26% 18% 43% 46% 32% 10% 13% 39% 0% 20% 40% 60% 80% 100% Security regulations and mandates lead to complacency since tasks are performed to ‘check a box’ Risk management is too often treated as a compliance issue at my agency Being compliant does not necessarily mean being secure Strongly disagree Somewhat disagree Neither agree or disagree Somewhat agree Strongly agree % Strongly/ Somewhat Agree 70% 58% 54% N=200
  • 26. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. COMPLIANCE AND MANDATE SENTIMENTS 26 • Over two thirds agree implementation of relevant standards is critical to achieve their cybersecurity targets. Success Factors To what extent do you agree or disagree with the following statements regarding IT security? 4% 3% 8% 4% 26% 26% 44% 40% 18% 28% 0% 20% 40% 60% 80% 100% Agencies that merge and balance both risk management and compliance are more likely to avoid IT security issues Implementation of relevant standards is critical to achieve our cybersecurity targets Strongly disagree Somewhat disagree Neither agree or disagree Somewhat agree Strongly agree % Strongly/ Somewhat Agree 68% 62% N=200
  • 27. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. COMPLIANCE AND MANDATE SENTIMENTS 27 • A significantly greater proportion of civilian than defense respondents agree federal IT professionals fully understand the NIST Cybersecurity Framework. • A greater proportion of respondents that indicate their agency’s ability to provide evidence of IT controls as excellent or good and respondents that are prepared to manage IoT devices agree their agency’s ability to pass OMB, CCRI and other audits has improved. Sentiment Differences To what extent do you agree or disagree with the following statements regarding IT security? = statistically significant difference % Strongly /Somewhat Agree By Agency Type Defense Civilian Federal IT professionals fully understand the NIST Cybersecurity Framework 28% 46% % Strongly /Somewhat Agree By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor My agency’s ability to pass OMB, CCRI and other audits has improved 63% 63% 31% % Strongly /Somewhat Agree By Preparedness to Discover, Manage and Secure Internet of Things (IoT) Devices Completely Prepared/Some Enhancements Required Major Upgrades of Security Controls Needed/Totally Unprepared My agency’s ability to pass OMB, CCRI and other audits has improved 62% 42% N=200
  • 28. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. NETWORK MODERNIZATION 28 • Two thirds think federal agencies’ efforts regarding network modernization has resulted in an increase in IT security challenges. Network Modernization Do you think federal agencies’ efforts regarding network modernization have resulted in an increase or decrease in the IT security challenges faced? N=200 66% 13% 20% Increase Decrease No effect
  • 29. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. NETWORK MODERNIZATION 29 • Half of the respondents that believe IT security challenges have increased as a result of network modernization indicate it is due to more vulnerabilities in new technology stacks, the burden of supporting new and legacy systems and lack of training on new technologies. Increased Security Challenges What are the reasons you believe IT security challenges have increased as a result of network modernization? (select all that apply) N=133 Note: Multiple responses allowed 3% 39% 42% 50% 51% 53% 0% 10% 20% 30% 40% 50% 60% Other New technologies are not deployed correctly New technologies are not fully deployed Lack of training on new technologies Burden of supporting new technologies and legacy systems More vulnerabilities in new technology stacks
  • 30. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. What are the reasons you believe IT security challenges have decreased as a result of network modernization? (select all that apply) NETWORK MODERNIZATION 30 • Most respondents that believe IT security challenges have decreased as a result of network modernization believe it is due to better tools for automated protection and remediation. Decreased Security Challenges N=26 Note: Multiple responses allowed 0% 19% 31% 54% 65% 85% 0% 20% 40% 60% 80% 100% Other Fewer systems to maintain Newer technologies contain smaller attack surfaces Less legacy equipment to maintain Stronger built-in security features of new equipment Better tools for automated protection and remediation
  • 31. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. NETWORK MODERNIZATION 31 • Lack of funding is the top factor that respondents indicate hinders their agency’s ability to advance its network modernization efforts. One half also noted the federal procurement process as hindrance. Obstacles of Network Modernization What are the top three factors that hinder your agency’s ability to advance its network modernization efforts? (select three) N=200 Note: Multiple responses allowed 2% 20% 24% 31% 34% 38% 50% 55% 0% 10% 20% 30% 40% 50% 60% Other Unrealistic goals and timelines Lack of top management commitment Increasing network complexity Lack of skilled staff Conflicting priorities Complex and long federal procurement process Lack of funding
  • 32. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. TOOLS AND PRACTICES 32 • Over two thirds indicate the effectiveness is high for Smart Card/CAC to foster network and application security. Security Product Effectiveness The following are tools and practices that foster network and application security. Please indicate the effectiveness for each. 8% 6% 8% 2% 4% 4% 4% 3% 2% 3% 14% 7% 9% 11% 8% 8% 7% 6% 4% 4% 48% 51% 48% 49% 47% 44% 44% 44% 38% 26% 32% 36% 36% 38% 42% 45% 46% 48% 56% 68% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Messaging security software SIEM software File integrity monitoring software Web application security tools Configuration management software Patch management software Network admission control (NAC) solutions Endpoint security software Identity and access management tools Smart Card / Common Access Card Don't use Low Moderate High N=200
  • 33. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. TOOLS AND PRACTICES 33 • A significantly greater proportion of respondents that indicate their agency’s ability to provide evidence of IT controls is excellent indicate most tools are high in effectiveness in fostering network and application security. • A significantly greater proportion of defense respondents indicate Smart Cards are effective, while significantly more civilian respondents indicate endpoint security, patch management, and messaging security software are highly effective. Security Product Effectiveness Differences The following are tools and practices that foster network and application security. For each, please indicate the effectiveness for each. High By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor Endpoint security software 61% 44% 38% Network admission control (NAC) solutions 61% 40% 38% Configuration management software 57% 41% 21% Web application security tools 56% 30% 33% Patch management software 54% 46% 31% File integrity monitoring software 52% 38% 10% SIEM software 52% 35% 21% Messaging security software 46% 28% 21% = statistically significant difference High By Agency Type Defense Civilian Smart Card / Common access card for authentication 76% 61% Endpoint security software 36% 56% Patch management software 30% 56% Messaging security software 20% 40% N=200
  • 34. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. INTERNET OF THINGS 34 • The majority of respondents indicate some enhancements are required to discover, manage and secure Internet of Things (IoT) devices. • A greater proportion of respondents that indicate their agency’s ability to provide evidence of IT controls as excellent and those who indicate their IT security practices are more robust than the commercial sector are completely prepared. Agency Assessment – Prepared for IoT Given the current state of your agency’s overall security controls, how would you rate your preparedness to discover, manage and secure Internet of Things (IoT) devices? N=200 5% 24% 60% 12% Totally unprepared Major upgrades of security controls needed Some enhancements required Completely prepared 0% 10% 20% 30% 40% 50% 60% 70% By Agency's IT Security Practices Relative to the Commercial Sector More Robust On Par Not as Robust Completely prepared 23% 8% 3% Some enhancements required 61% 65% 44% Major upgrades needed 14% 22% 44% By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor Completely prepared 30% 7% 2% Some enhancements required 52% 68% 48% Major upgrades needed 15% 24% 33% = statistically significant difference
  • 35. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. INTERNET OF THINGS 35 • Increased attack surface is noted most often as the greatest security challenge that agencies will face as the Internet of Things (IoT) evolves. IoT Security Challenges What are the three greatest security challenges and concerns that agencies will face as the Internet of Things (IoT) evolves? (select three) N=200 Note: Multiple responses allowed 2% 22% 22% 26% 33% 35% 36% 36% 38% 0% 5% 10% 15% 20% 25% 30% 35% 40% Other Collection of IoT device data by third parties Inability to detect and inventory IoT devices Lack of updates of IoT devices Out of date software/firmware running on IoT devices Potential data privacy issues Lack of IT staff knowledgeable of IoT Inconsistency of the security on connected devices Increased attack surface
  • 36. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. SECURITY COMPARISON TO COMMERCIAL SECTOR 36 • Nearly half feel their agency’s security practices and protocols are on par with the commercial sector. Security Comparison to Commercial Sector In general, how would you compare your agency’s IT security practices and protocols relative to those in the commercial sector? My agency’s security practices and protocols are: N=200 34% 46% 20% More robust than the commercial sector On par with the commercial sector Not as robust as the commercial sector 0% 10% 20% 30% 40% 50% My agency’s security practices and protocols are… = statistically significant difference By Agency’s Ability to Provide Managers with Evidence of IT Controls Excellent Good Fair/Poor More robust than the commercial sector 52% 33% 17% By Agency Type Defense Civilian More robust than the commercial sector 45% 26% By Preparedness to Discover, Manage and Secure Internet of Things (IoT) Devices Completely Prepared/Some Enhancements Required Major Upgrades of Security Controls Needed/Totally Unprepared More robust than the commercial sector 41% 19% • Defense respondents, those who rate their agency’s ability to provide evidence of IT controls as excellent, and those that are prepared to manage IoT devices indicate significantly more that their agency’s security practices are more robust than the commercial sector.
  • 37. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Select Comments COMMENTS 37 Please feel free to share any other comments or concerns regarding your agency’s IT security challenges and success stories. (open end) Hard to hire skilled people in a timely fashion, huge gaps in knowledge. [CIVILIAN] Despite all the outside threats, our worst security problems have come from insider issues - some of it malfeasance, some of it ignorance, some of it laziness. This despite non-stop documented training in all these area. [DEFENSE] Conflicting compliance and procurement regulations. [DEFENSE] A big problem for us is a desire on the part of many to integrate our software system with contractors that serve us. Not a bad idea except we literally have 50,000 different contractors we deal with on a daily basis. This may be possible for some of the largest contractors but not all. [DEFENSE] Poor BYOD policies have led to more challenges. [DEFENSE] Our equipment is shamefully outdated. [CIVILIAN] Complexity of regulatory framework adds to challenges. [DEFENSE] “
  • 38. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. KEY TAKEAWAYS 38 Key Takeaways • Overall, the majority of agency decision makers rate themselves highly for evidence of appropriate IT controls and believe they are on par with or more robust than the commercial sector in terms of IT security practices and tools. Three quarters believe federal agencies are more proactive regarding IT security than five years ago. • Budget constraints continue to be an obstacle to improving IT security at their agencies as well as impeding the detection and remediation of security issues. Lack of funding is also hindering agencies’ ability to advance its network modernization efforts. • Careless/untrained insiders, foreign governments and the general hacking community continue to be the top sources of IT security threats similar to the past three years. SPAM and Malware are noted as increasing in the last 12 months. • Though the majority agree that compliance has helped their agency improve its cybersecurity capabilities, seven in ten believe that being compliant does not necessarily mean being secure. Over half believe that security regulations and mandates can lead to complacency since tasks are performed to ‘check a box’.
  • 39. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. KEY TAKEAWAYS 39 Key Takeaways • The majority believe that NIST’s Cybersecurity Framework has been successful in promoting a dialogue about managing risk and more than eight in ten indicate their agencies are at least somewhat mature in each of the five areas of the Framework. Still over a third agree that federal IT professionals don’t fully understand the Framework. • Two-thirds think that federal agencies’ effort regarding network modernization has resulted in an increase of IT security challenges. Respondents cite more vulnerabilities in new technology stacks, the burden of supporting new and legacy systems and lack of training on new technologies as reasons for the increased challenges. • Few feel their agencies are completely prepared to discover, manage and secure the Internet of Things. The majority believe that at least some enhancements are required. IoT brings a number of security challenges, most notably an increased attack surface, inconsistency of security in connected devices and the lack of knowledgeable IT staff. • Smart Cards and identify access management tools are rated most often as highly effective tools that foster network and application security.
  • 40. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. RESEARCH TO INFORM STRATEGIC DECISION-MAKING 40 Contact Information Laurie Morrow, VP, Research Strategy | Market Connections, Inc. 11350 Random Hills Road, Suite 800 | Fairfax, VA 22033 | 703.378.2025 LaurieM@marketconnectionsinc.com Lisa M. Sherwin Wulf, Director of Marketing - Federal & National Government| SolarWinds 703.386.2628 Lisa.SherwinWulf@solarwinds.com www.solarwinds.com/federal LinkedIn: SolarWinds Government

Editor's Notes

  1. 1
  2. 2
  3. 37