WASHINGTON — Hacking is the largest source of security threats to the public sector, surpassing insiders for the first time in five years, according to a new survey released today.
In a report released by SolarWinds — an IT management and software company who contracted Market Connections to conduct the survey — 56% of respondents said the general hacking community was one of the largest source of security threats at public sector organizations, followed by careless or untrained insiders at 52% and foreign governments at 47%.
400 IT decision makers responded to the online survey conducted in Oct. 2021 — 200 from the federal level, 100 from the state and local level, and 100 more from the education level. A majority of the respondents worked at civilian federal agencies, with the next highest cadre coming from the Department of Defense. Nearly half of the participants were IT staff, with IT director/manager the second largest portion of respondents and security staff making up a distant third. Others included chief information and technology officers, chief security and information security officers.
According to the report, participants from state and local governments were significantly more likely to be concerned about the threat from the general hacking community than those working for federal civilian agencies, who were more likely to indicate careless insiders as a top threat.
DoD employees, however, were more likely to list foreign governments as the top threat.
“Public sector organizations are increasingly concerned about the threats from foreign governments,” said Tim Brown, CISO and Vice President of Security at SolarWinds. “In looking at the survey data, it’s encouraging that a majority of the public sector is actively seeking to follow the roadmap outlined in the [Biden] Administration’s Cybersecurity Executive Order, including enhanced data sharing between public and private sectors.”
Public sector respondents’ concern over ransomware, malware and phishing increased the most over the last year.
A plurality of respondents, 30%, listed budget constraints as the biggest obstacles to maintaining or improving IT security. Insufficient training of IT staff, shortage of funding and resources and the expanded security perimeter created by remote or hybrid work were the top three impediments listed to detection and remediation of security issues.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.