CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Data Protection

U.S. Federal Agencies Vulnerable to Data Threats: Survey

A survey conducted by data protection company Vormetric and analyst firm 451 Research shows that a majority of IT security professionals in United States federal agencies feel their organization is vulnerable to data threats.

A survey conducted by data protection company Vormetric and analyst firm 451 Research shows that a majority of IT security professionals in United States federal agencies feel their organization is vulnerable to data threats.

The survey is part of Vormetric’s 2016 Data Threat Report, which is based on information provided by 1,100 senior IT security executives from large enterprises around the world, including more than 100 who work in U.S. federal government organizations.

According to the report, 90 percent of IT professionals working for the U.S. government feel their organization is vulnerable to data threats, and 61 percent have admitted already suffering a breach. Nearly half of respondents named skill shortages and budgets as the main challenges in improving data security.

Despite an increasing number of reports describing attacks carried out by nation-state actors against the U.S. government, most security experts working in federal agencies are more concerned about cybercriminals (76 percent) – nation-state hackers ranked only fourth with 47 percent. As for internal threats, 64 percent named privileged users, followed by contractor accounts at 43 percent.

When asked about the areas where they plan on spending more over the next year, the top answers were network defenses (53 percent), and analysis and correlation tools (46 percent). While data-at-rest defenses are considered highly efficient for securing data, only 37 percent of respondents will increase spending in this category. A majority of respondents (60 percent) believe network defenses are very efficient for data protection, but Vormetric noted that network and endpoint security actually provides little protection against multi-stage attacks.

Being compliant with standards does not necessarily mean an organization is properly protecting sensitive information, as demonstrated by many recent high-profile data breaches. However, well over half of IT security pros working at federal agencies believe that meeting compliance is highly effective for protecting data.

The study shows that steps in the right direction are being taken, with many respondents stating their intention to increase spending in sensitive data protection, invest in data-at-rest defenses, and implementing newer and more efficient data security tools.

“Public sector organizations need to realize that doing more of the same won’t help us achieve an improved data security posture,” said Tina Stewart, VP of marketing at Vormetric. “More attention must be paid to techniques that protect critical information even when peripheral security has failed, and data-at-rest security controls such as encryption, access control, tokenization and monitoring of data access patterns are some of the best ways to achieve this.”

Advertisement. Scroll to continue reading.

A report released this month by the Office of Management and Budget shows that federal agencies reported a total of more than 77,000 incidents in the fiscal year 2015, which represents a 10 percent increase compared to the previous year. The incidents included denial-of-service attacks, unauthorized access, social engineering, phishing, policy violations, equipment-related issues, malware, suspicious network activity, and non-cyber incidents involving personal information.

Related: Suffocating Volume of Security Alerts Challenge Incident Response

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...