Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Federal IT Top Worries: Complex Attacks, Inside Threats

Government IT professionals also say that long waits for approvals are hindering their ability to secure networks, according to a new study.

What's worrying federal IT professionals most? The increased sophistication of cyber attacks and insider threats top the list of cyber security concerns, according to a new study. Federal IT teams also continue to struggle with budget cuts and long waits for supervisor approval in their attempts to secure their networks, the study finds.

71% of those who responded to a new federal cyber security study listed the increased sophistication of attacks as the top security risk that they expect to face in the next 12 months. Negligent use of information by internal personnel was a risk cited by 63% of respondents. Cisco System sponsored the study, which was conducted by Market Connections and surveyed 200 federal IT decision makers.

Increased use of social media also is troubling more than a majority of respondents, with 63% citing it as a top concern for the next year. Federal agencies increasingly are using social media to engage with the public, even though they have worries about security and privacy risks.

One surprising result of the survey: Cloud computing ranked relatively low on the list of federal cyber security concerns, with only 35% of survey respondents citing it as a top risk for the next 12 months.

[ Pacific Northwest National Laboratory CIO Jerry Johnson takes you inside the cyber attack that he faced down--and shares his security lessons learned, in Anatomy of a Zero-Day Attack.]

Like social media, cloud computing's use among the feds is on the rise as part of efforts to increase efficiencies and reduce costs. Security has been a chief worry that in the past has impeded its use. However, other research also has found that federal IT officials slowly are warming to the security of the cloud, so signs seem to indicate that concerns about its risks are slackening.

While cybersecurity concerns vary, phishing continues to be the top threat federal agencies face, according to the survey, with nearly half of those surveyed saying that their department or agency has faced a phishing attack in the last 12 months.

This finding is in line with reports from the government’s own United States Computer Emergency Readiness Team (US-CERT), which logs reports of cyber attacks on federal networks. In its analysis of 2010 attacks, phishing remained the top threat.

Even as they take preventative measures to secure against these and other cybersecurity risks, federal IT professionals continue to face limitations to doing so. More than half (55%) said it takes too long to get approval from supervisors to put solutions in place to protect networks. Federal budget cuts also negatively affect cyber security goals, 53% reported. Adapting quickly to the evolving nature of threats also is a problem for federal agencies, 46% of respondents said.

Agencies also lack an effective process to respond to a cyber attack, according to 51% of those surveyed, while half of respondents said that they lack a clear picture of all of the activity on networks.

Join us for GovCloud 2011, a day-long event where IT professionals in federal, state, and local government will develop a deeper understanding of cloud options. Register now.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.