Virtualization Technology News and Information
Article
RSS
VMblog Expert Interview: SolarWinds Explores Public Sector Cybersecurity Survey Report Findings and Challenges

interview-solarwinds-shopp 

SolarWinds recently announced the findings of its seventh Public Sector Cybersecurity Survey Report. The survey includes responses from 400 IT operations and security decision makers, including 200 federal, 100 state and local, and 100 education respondents.

To find out more, VMblog spoke with Brandon Shopp, Group Vice President, Product Strategy at SolarWinds.

VMblog: Cybersecurity is top of mind for organizations across a variety of industries in 2022. With this in mind, what are some of the most important takeaways from the survey organizations should consider in 2022?

Brandon Shopp:  For the first time in five years, external threats overshadowed internal threats as the greatest cybersecurity concern for the public sector, according to the SolarWinds Public Sector Cybersecurity Survey Report. Public sector IT professionals noted the general hacking community (56%) as the largest source of security threats at public sector organizations. In parallel, the survey also found the public sector has had growing concerns when it comes to ransomware (66%), malware (65%), and phishing (63%) over the last year. As the threat landscape continues to evolve, it's important for public sector organizations of all scales to reevaluate their security posture.

VMblog: Which emerging themes and trends from this survey's data surprised you?

Shopp:  The biggest surprise is even though security threats have increased over the last year, IT professionals' ability to detect and remediate threats hasn't, with 60% of respondents noting both the time to detection and time to resolution remained the same or worsened between 2020 and 2021. However, it's encouraging to see a majority of the public sector is committed to investing in solutions to address these external threats, with network security software (77%) being the top priority. Additionally, the data also shows an increased awareness and adoption of zero trust among public sector IT professionals and a commitment to adopt the cybersecurity best practices outlined in the Biden Administration's Cybersecurity Executive Order.

VMblog: What steps can tech professionals take to improve their time to detect and resolve threats?

Shopp:  For IT security, almost 70% of the respondents ranked intrusion detection and prevention and access management as the highest priorities. To maximize visibility and protect your organization's ecosystem, IT must implement best practices-such as zero trust-and work to define an asset management strategy. To mitigate risk, public sector organizations should take steps to do the following:

  • Take a zero-trust approach to protect data and protect against breaches. More than three-fourths of public sector organizations use a formal or informal zero-trust approach, and we'd like to see this number increase in years to come.
  • Normalize risk aversion. The public sector must adopt a mentality in which even "medium" risk exposure is unacceptable.
  • Prioritize skills development. Investment in upskilling and training is good, creating time for it is great, but truly prioritizing skills development is even better-and will have a significant impact when it comes to protecting an organization.

VMblog: How can the public and private sectors partner to help address vulnerabilities?

Shopp:  The public and private sectors must collaborate to address the increasingly complex cyber threat landscape. The Biden Administration's Cybersecurity Executive Order, which urges enhanced data sharing between the public and private sectors, is an important step toward reducing barriers to information sharing. Respondents of our survey ranked improving investigative and remediation capabilities and reducing barriers to sharing threat information between government and private sectors as the most impactful objectives of the Cybersecurity Executive Order. Taking these steps suggests public sector organizations are already heading in the right direction to fight the rising tide of external threats.

VMblog: Lack of training (40%), low budgets and resources (37%), and the expanded perimeter (32%) as a result of increased remote work continue to plague public sector security pros. How can organizations and IT teams band together to tackle these challenges?

Shopp:  With the evolving security landscape, it's more important than ever for IT professionals to remain vigilant and implement solutions providing visibility into systems to identify and address potential risks. IT leaders and tech pros have an opportunity ahead to align on priorities and policies to address the lack of training and resources as a barrier to tackling these important challenges. Collaboration will benefit individual organizations and the entire public sector in managing, mitigating, and preventing future risk.

##

Published Tuesday, March 08, 2022 7:29 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<March 2022>
SuMoTuWeThFrSa
272812345
6789101112
13141516171819
20212223242526
272829303112
3456789