SolarWinds recently announced the findings of its seventh Public Sector Cybersecurity Survey Report. The survey includes responses from 400 IT operations and security decision makers, including 200 federal, 100 state and local, and 100 education respondents.
To find out more, VMblog spoke with Brandon Shopp, Group Vice President, Product Strategy at SolarWinds.
VMblog: Cybersecurity is top of mind for
organizations across a variety of industries in 2022. With this in mind, what
are some of the most important takeaways from the survey organizations should
consider in 2022?
Brandon Shopp: For the first time in five years, external threats overshadowed
internal threats as the greatest cybersecurity concern for the public sector,
according to the SolarWinds
Public Sector
Cybersecurity Survey Report. Public sector IT professionals noted the general hacking community
(56%) as the largest source of security threats at public sector organizations.
In parallel, the survey also found the public sector has had growing concerns
when it comes to ransomware (66%), malware (65%), and phishing (63%) over the
last year. As the threat landscape continues to evolve, it's important for
public sector organizations of all scales to reevaluate their security posture.
VMblog: Which emerging themes and trends
from this survey's data surprised you?
Shopp: The biggest surprise is even though security threats have increased over
the last year, IT professionals' ability to detect and remediate threats hasn't,
with 60% of respondents noting both the time to detection and time to
resolution remained the same or worsened between 2020 and 2021. However, it's
encouraging to see a majority of the public sector is committed to investing in
solutions to address these external threats, with network security software
(77%) being the top priority. Additionally, the data also shows an increased
awareness and adoption of zero trust among public sector IT professionals and a
commitment to adopt the cybersecurity best practices outlined in the Biden
Administration's Cybersecurity Executive Order.
VMblog: What steps can tech professionals
take to improve their time to detect and resolve threats?
Shopp: For IT security, almost 70% of the respondents ranked intrusion
detection and prevention and access management as the highest priorities. To
maximize visibility and protect your organization's ecosystem, IT must
implement best practices-such as zero trust-and work to define an asset
management strategy. To mitigate risk, public sector organizations should take
steps to do the following:
- Take a zero-trust approach to protect data and
protect against breaches. More than three-fourths of public sector
organizations use a formal or informal zero-trust approach, and we'd like to
see this number increase in years to come.
- Normalize risk aversion. The public sector must
adopt a mentality in which even "medium" risk exposure is unacceptable.
- Prioritize skills
development.
Investment in upskilling and training is good, creating time for it is great,
but truly prioritizing skills development is even better-and will have a
significant impact when it comes to protecting an organization.
VMblog:
How can the
public and private sectors partner to help address vulnerabilities?
Shopp: The public and private sectors must
collaborate to address the increasingly complex cyber threat landscape. The Biden
Administration's Cybersecurity Executive Order, which urges enhanced data
sharing between the public and private sectors, is an important step toward
reducing barriers to information sharing. Respondents of our survey ranked
improving investigative and remediation capabilities and reducing barriers to
sharing threat information between government and private sectors as the most
impactful objectives of the Cybersecurity Executive Order. Taking these steps
suggests public sector organizations are already heading in the right direction
to fight the rising tide of external threats.
VMblog: Lack of training (40%), low
budgets and resources (37%), and the expanded perimeter (32%) as a result of
increased remote work continue to plague public sector security pros. How can
organizations and IT teams band together to tackle these challenges?
Shopp: With the evolving security landscape, it's more important than ever for IT
professionals to remain vigilant and implement solutions providing visibility
into systems to identify and address potential risks. IT leaders and tech pros
have an opportunity ahead to align on priorities and policies to address the
lack of training and resources as a barrier to tackling these important
challenges. Collaboration will benefit individual organizations and the entire public
sector in managing, mitigating, and preventing future risk.
##