Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

U.S. Federal Agencies Vulnerable to Data Threats: Survey

A survey conducted by data protection company Vormetric and analyst firm 451 Research shows that a majority of IT security professionals in United States federal agencies feel their organization is vulnerable to data threats.

A survey conducted by data protection company Vormetric and analyst firm 451 Research shows that a majority of IT security professionals in United States federal agencies feel their organization is vulnerable to data threats.

The survey is part of Vormetric’s 2016 Data Threat Report, which is based on information provided by 1,100 senior IT security executives from large enterprises around the world, including more than 100 who work in U.S. federal government organizations.

According to the report, 90 percent of IT professionals working for the U.S. government feel their organization is vulnerable to data threats, and 61 percent have admitted already suffering a breach. Nearly half of respondents named skill shortages and budgets as the main challenges in improving data security.

Despite an increasing number of reports describing attacks carried out by nation-state actors against the U.S. government, most security experts working in federal agencies are more concerned about cybercriminals (76 percent) – nation-state hackers ranked only fourth with 47 percent. As for internal threats, 64 percent named privileged users, followed by contractor accounts at 43 percent.

When asked about the areas where they plan on spending more over the next year, the top answers were network defenses (53 percent), and analysis and correlation tools (46 percent). While data-at-rest defenses are considered highly efficient for securing data, only 37 percent of respondents will increase spending in this category. A majority of respondents (60 percent) believe network defenses are very efficient for data protection, but Vormetric noted that network and endpoint security actually provides little protection against multi-stage attacks.

Being compliant with standards does not necessarily mean an organization is properly protecting sensitive information, as demonstrated by many recent high-profile data breaches. However, well over half of IT security pros working at federal agencies believe that meeting compliance is highly effective for protecting data.

The study shows that steps in the right direction are being taken, with many respondents stating their intention to increase spending in sensitive data protection, invest in data-at-rest defenses, and implementing newer and more efficient data security tools.

“Public sector organizations need to realize that doing more of the same won’t help us achieve an improved data security posture,” said Tina Stewart, VP of marketing at Vormetric. “More attention must be paid to techniques that protect critical information even when peripheral security has failed, and data-at-rest security controls such as encryption, access control, tokenization and monitoring of data access patterns are some of the best ways to achieve this.”

A report released this month by the Office of Management and Budget shows that federal agencies reported a total of more than 77,000 incidents in the fiscal year 2015, which represents a 10 percent increase compared to the previous year. The incidents included denial-of-service attacks, unauthorized access, social engineering, phishing, policy violations, equipment-related issues, malware, suspicious network activity, and non-cyber incidents involving personal information.

Related: Suffocating Volume of Security Alerts Challenge Incident Response

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...