Survey Says Government is the Biggest Cybersecurity Threat

A new survey says that government is the target of cybercriminals and nation state attackers, citing the OPM security breach as an example.

The State of Cybersecurity in Local, State and Federal Government, sponsored by Hewlett Packard Enterprise and conducted by Ponemon Institute, says that a lack of skilled personnel is a challenge at both federal and state and local organizations. However, the challenge is more severe at the state and local level (62 percent say this is a major challenge). At the federal level, 53 percent of respondents say not having the necessary expertise is a disadvantage.

Both groups see lack of budgetary resources as an issue. State and local respondents say they are not as involved as they should be in sharing of threat intelligence. Federal respondents say it is dealing with organizational politics that keep them from achieving a strong cybersecurity posture within their organizations.

Top security threats differ between federal and state and local organizations. The primary security threat facing federal organizations is the negligent insider followed by the zero-dayattack and third party or contractor mistakes. State and local agencies say it is the failure to patch known vulnerabilities, negligent insiders and zero-day attacks. Federal respondents are far more concerned about nation-state attackers (30 percent) versus state and local respondents (16 percent).

State and local governments are not prepared to deal with cybersecurity threats. In many cases, the federal government has a much stronger cybersecurity posture than state and local governments. In fact, 60 percent of respondents describe the maturity level of theirorganization’s cybersecurity program or activities as mature, but only 38 percent of state and local respondents say their agencies have achieved that level of maturity in their cybersecurity initiatives.

The research also reveals the following four areas where the federal government is outpacing state and local agencies:

Ability to recover. Fifty-five percent of federal respondents rate their ability to recover from a cyber attack as very high. In contrast, only 28 percent of state and local respondents say their ability is very high.
Ability to prevent. Forty-one percent of federal respondents rate their ability to prevent a cyber attack as very high. In contrast, only 19 percent of state and local respondents rate the ability as very high.
Ability to quickly detect. Forty-six percent of rate their ability to quickly detect a cyber attack as very high and 32 percent of state and local agencies are confident they would detect an attack.
Ability to contain. Fifty-two percent of federal respondents say they rate their organization’s ability to contain a cyber attack as very high and 38 percent of respondents are very confident in being able to contain an attack.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?