20
© 2015 Market Connections, Inc. SolarWinds® Federal Cybersecurity Survey Summary Report 2015 © 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

SolarWinds Federal Cybersecurity Survey 2015

Embed Size (px)

Citation preview

Page 1: SolarWinds Federal Cybersecurity Survey 2015

© 2015 Market Connections, Inc.

SolarWinds® Federal Cybersecurity Survey Summary Report

2015

© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

Page 2: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

Background and Objectives

2

SolarWinds contracted Market Connections to design and conduct an online survey among 200 federal government IT decision makers and influencers in December 2014. SolarWinds was not revealed as the sponsor of the survey.

The main objectives of the survey were to:

• Determine challenges faced by IT professionals to prevent insider and external IT security threats

• Gauge confidence levels of combating insider and external IT security threats

• Measure change in concern and investment of resources in addressing threats

• Determine the most important IT security tools used to mitigate risk associated with insider and external threats

• Quantify common causes of IT security breaches caused by the careless employee

Throughout the report, notable significant differences are reported.

Due to rounding, graphs may not add up to 100%.

BACKGROUND AND OBJECTIVES

Page 3: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

3

Organizations Represented

RESPONDENT CLASSIFICATIONS

• If a respondent did not work for any of the specific organization types noted below, the survey was terminated.

Which of the following best describes your current employer?What agency do you work for?

2%

3%

3%

39%

54%

0% 10% 20% 30% 40% 50% 60%

Federal Legislature

Intelligence Agency

Federal Judicial Branch

Department of Defense orMilitary Service

Federal, Civilian or IndependentGovernment Agency

Organizations RepresentedSample Organizations Represented

(In Alphabetical Order)

Air Force Department of the Interior (DOI)

ArmyDepartment of Transportation

(DOT)Department of Agriculture (USDA) Department of Treasury (TREAS)

Department of Commerce (DOC)Department of Veteran Affairs

(VA)

Department of Defense (DOD) Environmental Protection Agency

(EPA)

Department of Energy (DOE) Judicial/Courts

Department of Health and Human Services (HHS)

Marine Corps

Department of Homeland Security (DHS)

National Aeronautics and Space Administration (NASA)

Department of Labor (DOL) Navy

Department of Justice (DOJ)Social Security

Administration (SSA)

Department of State (DOS) US Postal Service (USPS)

N=200

Page 4: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

8%

17%

40%

41%

43%

50%

0% 10% 20% 30% 40% 50% 60%

Other involvement in IT security and/or IToperations and management solutions

Make the final decision regarding IT security and/orIT operations and management solutions or

contractors

Manage or implement security and/or IT operationsand management solutions

Develop technical requirements for IT securityand/or IT operations and management solutions

Evaluate or recommend firms offering IT securityand/or IT operations and management solutions

On a team that makes decisions regarding ITsecurity and/or IT operations and management

solutions

4

Decision Making Involvement

RESPONDENT CLASSIFICATIONS

How are you involved in your organization’s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all that apply)

• All respondents are knowledgeable or involved in decisions and recommendations regarding IT operations and management and IT security solutions and services.

Note: Multiple responses allowed

N=200

Page 5: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

4%

13%

22%

13%

14%

36%

0% 10% 20% 30% 40%

1-2 Years

3-4 Years

5-9 Years

10-14 Years

15-20 Years

20+ Years

Tenure

12%

1%

7%

7%

10%

32%

33%

0% 5% 10% 15% 20% 25% 30% 35%

Other

CSO/CISO

Security/IA director ormanager

CIO/CTO

Security/IA staff

IT/IS staff

IT director/manager

Job Function

RESPONDENT CLASSIFICATIONS 5

Which of the following best describes your current job title/function?How long have you been working at your current agency?

Job Function and Tenure• A variety of job functions and tenures is represented in the sample, with most being IT

management and working at their agency for over 20 years.

Examples Include:

• Program Manager

• Engineer

• Director Operations

N=200

Page 6: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

4%

4%

6%

6%

7%

8%

9%

13%

17%

29%

0% 5% 10% 15% 20% 25% 30% 35%

Other

Lack of clear standards

Lack of manpower

Lack of technical solutions available at my agency

Inadequate collaboration with other internalteams or departments

Lack of training for personnel

Lack of top-level direction and leadership

Competing priorities and other initiatives

Complexity of internal environment

Budget constraints

6

IT Security Obstacles

IT SECURITY OBSTACLES, THREATS AND BREACHES

• Budget constraints top the list of significant obstacles to maintaining or improving agency IT security. This has decreased from 40% in the SolarWinds CyberSecurity Survey conducted Q1 2014.

What is the most significant high-level obstacle to maintaining or improving IT security at your agency?

N=200 = statistically significant difference

January 2014: Budget

constraints 40%

Page 7: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

1%

3%

3%

10%

14%

18%

23%

30%

38%

46%

53%

0% 10% 20% 30% 40% 50% 60%

None of the above plague my agency

Unsure if these threats plague my agency

Other

Industrial spies

For-profit crime

Terrorists

Malicious insiders

Hacktivists

Foreign governments

General hacking community

Careless/untrained insiders

7

Sources of Security Threats

IT SECURITY OBSTACLES, THREATS AND BREACHES

• Careless/untrained insiders are noted as the largest source of security threat at federal agencies. This has increased from 42% in the SolarWinds CyberSecurity Survey conducted in Q1 2014.

What are the greatest sources of IT security threats to your agency? (select all that apply)

Note: Multiple responses allowed

N=200

Defense Civilian

General hacking community 33% 55%

For-profit crime 8% 18%

= statistically significant difference

January 2014: Careless

untrained insiders 42%

Page 8: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

5%

15%

20%

24%

29%

29%

33%

42%

47%

0% 10% 20% 30% 40% 50%

Other

Backup servers

File servers and storage arrays

In transit through the network

Employee or contractor owned mobile device (BYOD)

Cloud servers

Government owned mobile device

Removable storage media (USB drive, CDs, etc.)

Employee or contractor desktop/laptop

8

At-Risk Data Location

IT SECURITY OBSTACLES, THREATS AND BREACHES

• About half of respondents indicate data on employee or contractor personal computers and removable storage media is most at risk.

Where do you think your government agency’s data is most at risk?

Note: Multiple responses allowed

N=200

Page 9: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

9

Change in Concern and Resources

IT SECURITY OBSTACLES, THREATS AND BREACHES

How has your organization’s concern changed over the last two years for the following types of IT security threats?

How has your organization’s investment in resources changed over the last two years for the following types of IT security threats?

• Federal agencies’ concern has increased in the last two years for internal and external threats, but the investment in resources lags slightly.

N=200

1% 4% 3% 1% 2% 2%3%7% 6% 2%

8% 7%16%

38% 39%

28%

45% 48%

44%

29% 31%

46%

32% 33%

37%23% 22% 23%

14% 11%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Malicious externalthreats

Malicious insiderthreats

Accidental/carelessinsider threats

Malicious externalthreats

Malicious insiderthreats

Accidental/carelessinsider threats

Investment in ResourcesConcern

Significantly increased

Somewhat increased

Remained the same

Somewhat decreased

Significantly decreased

Page 10: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

10

Source of Damaging Breaches

IT SECURITY OBSTACLES, THREATS AND BREACHES

• Malicious external threats are considered more damaging than malicious internal threats, but the majority believe malicious insider threats to be equally as damaging as malicious external threats.

• Respondents indicate malicious insiders to be more damaging than careless insiders, but more than one-third believe accidental insiders to be equally as damaging as malicious insiders.

Of the two, which source of breach would be more costly or damaging to your organization? Those perpetrated by:

37%

26%

38%

Most Damaging Breach Source

Maliciousexternal threats

Maliciousinternal threats

Both are thesame

43%

22%

35%

Most Damaging Insider Breach

Maliciousinsider

Accidental/careless insider

Both are thesame

N=200

Page 11: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

11

Organization Security Policies

ORGANIZATION IT SECURITY POLICIES

• The majority of respondents indicate having a formal IT security policy for end users that supplements current federal security policies.

• Three-quarters of the respondents indicate that policy communication is done frequently and regularly.

Does your organization have a formal IT security policy for end users that supplements current federal security policies such as DISA STIGs and NIST FISMA?How are these IT security policies communicated to end users?

85%

7%

9%

Organization Has IT Security Policy

Yes

No

Not sure

4%

4%

48%

55%

56%

76%

0% 20% 40% 60% 80%

Other

They are not communicatedor reviewed

They are available for access viaan internal system/Intranet

Whenever there is an update inpolicy

After initial hire

Frequently and regularly (i.e.,via email reminders and tips)

How Policies Are Communicated

N=200 N= 170Note: Multiple responses allowed

Page 12: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

12

Security Policy Confidence

ORGANIZATION IT SECURITY POLICIES

Please rate your confidence in your organization’s IT security policies and practices at combating the following types of security threats:

9%

14%

14%

52%

55%

56%

39%

31%

31%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Malicious external threats

Malicious insider threats

Accidental/careless insider threats

Not at all confident Somewhat confident Very confident

N=200

• Slightly more than half of respondents are somewhat confident in their security polices at combating internal and external security threats. Only about one-third are very confident.

Page 13: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

13

Obstacles to Threat Prevention

PREVENTING AND MITIGATING THREATS

What would be the top obstacles or challenges when trying to prevent threats at your federal government agency?

Note: Multiple responses allowed

N=200

Malicious Insider Threat

Accidental/Careless

Insider Threat

Malicious External Threat

Increased use of mobile technology 44% 56% 47%

Inadequate monitoring of user authentication activity and failures

41% 39% 32%

Inadequate automation of IT asset management 38% 39% 34%

Inadequate log data analysis to indicate possible insider threats

38% 36% 32%

Inadequate configuration management of IT infrastructure 35% 30% 32%

Legal or ethical issues that restrict efforts to profile or identify insider/external threats

31% 27% 22%

Insufficient security training for government employees or contractors

30% 46% 28%

Inadequate change management approval process 30% 35% 22%

Insufficient clearance process and background investigations 30% 22% 15%

Lack of executive buy-in for security strategy or resource investment

30% 30% 19%

None of the above 9% 8% 9%

= statistically significant difference= top obstacle

• The increased use of mobile technology is noted as the top obstacle for preventing threats, though there are multiple significant differences seen among the different types of threats.

Page 14: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

14

Obstacles to Threat Prevention

PREVENTING AND MITIGATING THREATS

What would be the top obstacles or challenges when trying to prevent threats at your federal government agency?

N=200

• Respondents with tenure of 20 years or more see the lack of executive buy-in as an obstacle to preventing accidental insider threats. Civilian agency respondents see the lack of executive buy-in more of an obstacle for malicious external threats.

• Respondents with tenure of 10 years or more see an inadequate change management approval process as an obstacle to preventing malicious external threats.

• Relative to IT/Security staff, respondents at a manager or director level see inadequate automation of IT asset management more as an obstacle preventing accidental insider threats.

= statistically significant difference

11%

24%

0%

5%

10%

15%

20%

25%

30%

35%

Lack of executive buy-in for security strategy orresource investment

Obstacle Preventing Malicious External Threats by Agency

Type

Defense Civilian

Obstacle Preventing Accidental Insider Threat by Tenure

< 10 years 10-20 years > 20 years

Lack of executive buy-in for security strategy or resource investment

24% 23% 42%

Obstacle Preventing Malicious External Threat by Tenure

< 10 years 10-20 years > 20 years

Inadequate change management approval process

13% 25% 30%

Obstacle Preventing Accidental Insider Threat by Job Level

IT/Security StaffIT/Security Manager/

Director

Inadequate automation of IT asset management

34% 51%

Page 15: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

15

Tools to Prevent Threats

PREVENTING AND MITIGATING THREATS

• IT security tools that are deemed most useful to mitigate risks differ whether the threat is internal or external.

In your opinion, what are the most important IT security tools used to mitigate the risk associated with insider/external threats?

Note: Multiple responses allowed

N=200

Top Tier Malicious Insider Threat

Accidental/Careless

Insider Threat

Malicious External Threat

Identity and access management tools 46% 39% 39%

Internal threat detection/intelligence 44% 36% 29%

Intrusion detection and prevention tools 43% 32% 50%

Security incident and event management or log management 42% 31% 37%

Advanced security/threat analytics 40% 23% 37%

Web security or web content filtering gateways 37% 29% 38%

File and disk encryption 35% 30% 41%

IT configuration management and reporting 34% 28% 26%

Patching 34% 27% 34%

Next-generation firewalls (NGFW) 34% 28% 42%

= statistically significant difference= Most important tool

Page 16: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

16

Tools to Prevent Threats

PREVENTING AND MITIGATING THREATS

• A greater proportion of respondents indicate web application firewalls as a useful tool to mitigate malicious external threats relative to internal threats.

• A significantly greater proportion of respondents indicate internal security training is a useful tool to prevent risk associated with careless insider threats.

In your opinion, what are the most important IT security tools used to mitigate the risk associated with insider threats?

Note: Multiple responses allowed

N=200

Lower Tier Malicious Insider Threat

Accidental/Careless

Insider Threat

Malicious External Threat

Network Admission Control (NAC) 33% 31% 30%

Endpoint forensics 31% 27% 25%

Advanced endpoint protection 30% 27% 31%

Web Application Firewall (WAF) 29% 23% 38%

Mobile device management or mobile-specific security tools 28% 29% 27%

Endpoint and mobile security 27% 27% 28%

Internal security training 27% 50% 25%

Cloud application security management or auditing 26% 23% 24%

IT asset management and reporting 23% 26% 21%

= statistically significant difference

Page 17: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

4%

24%

28%

31%

33%

36%

37%

37%

41%

44%

49%

0% 10% 20% 30% 40% 50% 60%

Other

Insecure configuration of IT assets

Incorrect disposal of hardware

Not applying security updates

Incorrect use of approved personal devices

Device loss

Poor password management

Using personal devices that are against company IT…

Accidentally deleting, corrupting or modifying critical…

Data copied to insecure device

Phishing attacks

17

Accidental Insider Breach Causes

INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES

• The most common causes of accidental insider IT security breaches are phishing attacks, followed by data copied to an insecure device and accidentally deleting, corrupting or modifying critical data.

What are the most common causes of accidental insider IT security breaches caused by the untrained or careless employee?

Note: Multiple responses allowed

N=200

Defense Civilian

Device loss 26% 43%

= statistically significant difference

IT/ Security Staff

IT/SecurityManager/ Director

Insecure configuration of IT assets

17% 36%

Page 18: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

18

Insider Threat Detection Difficulties

INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES

• The volume of network activity is noted most often as what makes insider threat detection and prevention most difficult. One third also note the lack of IT staff training, the use of cloud services and pressure to change configuration quickly versus securely.

In today’s environment, what makes insider threat detection and prevention more difficult?

3%

19%

22%

23%

24%

24%

26%

27%

27%

30%

34%

35%

35%

40%

0% 10% 20% 30% 40% 50%

Other

Functionality of and access to critical systems

Inadequate change control practices

Complexity of monitoring tools

Inadequate configuration management of IT assets

Inadequate visibility into users’ network activity

Inadequate monitoring of storage devices

Growing adoption of BYOD

Cost of sophisticated tools

Use of mobile devices

Pressure to change IT configurations quickly more so than…

Growing use of cloud services

Lack of IT staff training

Volume of network activity

Defense Civilian

Inadequate configuration management of IT assets

17% 28%

Inadequate monitoring of storage devices

18% 32%

= statistically significant difference

Note: Multiple responses allowed

N=200

IT/ Security Staff

IT/SecurityManager/ Director

Volume of networkactivity

29% 44%

Page 19: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

19

Select Comments

COMMENTS

Please feel free to share any other comments or concerns regarding your agency’s IT security challenges and success stories.

It is a huge priority to address them [security breaches] and we are doing our best within our allotted funding. (IT Analyst, VA)

Security is a challenge, and the enemy is increasingly sophisticated, keeping ahead of technology advances and ever increasingly attempting to break into our networks. (Chief Engineer, Army)

Interestingly we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems. People do what they want to do and there are so many people (particularly younger) who view security as interference and also have some skills to successfully work around security protocols. (Director of Operations, DCMA)

The employees just need to get used to "The Suck" of security. It will take time to work in an environment which is designed to protect the organization and the individual. (Defense Coordinating Officer, Army)

Our security holes begin at the top. [Senior managers] expect that they are protected and they are above any security holes - to the effect, they insist on admin rights to network resources. The administration supports this view and turn a "blind eye" to the risk. (Network Manager, Federal Agency)

Page 20: SolarWinds Federal Cybersecurity Survey 2015

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

Contact Information

RESEARCH TO INFORM YOUR BUSINESS DECISIONS

Laurie Morrow, Director of Research Services | Market Connections, Inc.

14555 Avion Parkway, Suite 125 | Chantilly, VA 20151 | 703.378.2025, ext. 101

[email protected]

Lisa M. Sherwin Wulf, Federal Marketing Leader | SolarWinds

703.234.5386

[email protected]

www.solarwinds.com/federal

LinkedIn: SolarWinds Government

20