While cybersecurity threats against public sector entities have noticeably increased, those organizations’ ability to detect and remediate them have not kept pace, a SolarWinds study found.
However, even under threats from both the “general hacking community” and nation-state sponsored crews, a growing awareness and adoption of zero trust and commitments to boost investments in cybersecurity can help public sector organizations fight back, said Brandon Shopp, SolarWinds product strategy group vice president. Adhering to best practices as outlined in the Biden Administration’s cybersecurity executive order issued in May, 2021, can also help organizations “enhance their cybersecurity posture,” he said.
Federal, State and Local Government: Cybersecurity Research Findings
To compile data for its seventh Public Sector Cybersecurity Survey Report, SolarWinds surveyed 400 IT operations and security decision makers, including 200 federal, 100 state and local, and 100 education respondents. Here are 10 of the study’s top-level findings:
- The general hacking community (56%) is the largest source of security threats at public sector organizations, followed closely by careless/untrained insiders (52%) and foreign governments (47%).
- State and local governments (63%) are significantly more likely than other public sector groups to be concerned about the threat of the general hacking community.
- Federal civilian agency respondents (58%) are more likely to indicate careless insiders as a threat compared to the defense community (41%).
- Cybersecurity threats from foreign governments (56%) are responsible for the greatest increase in concern among public sector respondents.
- The public sector’s level of concern over ransomware (66%), malware (65%), and phishing (63%) has increased the most over the last year.
- About 60% of respondents noted both the time to detection and time to resolution remained the same or worsened between 2020 and 2021.
- Lack of training (40%), low budgets and resources (37%), and the expanded perimeter (32%) as a result of increased remote work continue to plague public sector security pros.
- State government respondents (50%) indicate more so than local governments (25%) that budget constraints are an obstacle to maintaining or improving IT security.
- More than 75% of public sector respondents note their organizations rely on a formal or informal zero-trust approach.
- The majority of public sector respondents realize the importance of IT security solutions and prioritize their investments highly in the next 12 months, with network security software (77%) being the top priority.
“Public sector organizations are increasingly concerned about the threats from foreign governments,” said Tim Brown, SolarWinds chief information security officer and vice president. “It’s encouraging that a majority of the public sector is actively seeking to follow the road map outlined in the administration’s cybersecurity executive order, including enhanced data sharing between public and private sectors,” he said.