A survey conducted by data protection company Vormetric and analyst firm 451 Research shows that a majority of IT security professionals in United States federal agencies feel their organization is vulnerable to data threats.
The survey is part of Vormetric’s 2016 Data Threat Report, which is based on information provided by 1,100 senior IT security executives from large enterprises around the world, including more than 100 who work in U.S. federal government organizations.
According to the report, 90 percent of IT professionals working for the U.S. government feel their organization is vulnerable to data threats, and 61 percent have admitted already suffering a breach. Nearly half of respondents named skill shortages and budgets as the main challenges in improving data security.
Despite an increasing number of reports describing attacks carried out by nation-state actors against the U.S. government, most security experts working in federal agencies are more concerned about cybercriminals (76 percent) – nation-state hackers ranked only fourth with 47 percent. As for internal threats, 64 percent named privileged users, followed by contractor accounts at 43 percent.
When asked about the areas where they plan on spending more over the next year, the top answers were network defenses (53 percent), and analysis and correlation tools (46 percent). While data-at-rest defenses are considered highly efficient for securing data, only 37 percent of respondents will increase spending in this category. A majority of respondents (60 percent) believe network defenses are very efficient for data protection, but Vormetric noted that network and endpoint security actually provides little protection against multi-stage attacks.
Being compliant with standards does not necessarily mean an organization is properly protecting sensitive information, as demonstrated by many recent high-profile data breaches. However, well over half of IT security pros working at federal agencies believe that meeting compliance is highly effective for protecting data.
The study shows that steps in the right direction are being taken, with many respondents stating their intention to increase spending in sensitive data protection, invest in data-at-rest defenses, and implementing newer and more efficient data security tools.
“Public sector organizations need to realize that doing more of the same won’t help us achieve an improved data security posture,” said Tina Stewart, VP of marketing at Vormetric. “More attention must be paid to techniques that protect critical information even when peripheral security has failed, and data-at-rest security controls such as encryption, access control, tokenization and monitoring of data access patterns are some of the best ways to achieve this.”
A report released this month by the Office of Management and Budget shows that federal agencies reported a total of more than 77,000 incidents in the fiscal year 2015, which represents a 10 percent increase compared to the previous year. The incidents included denial-of-service attacks, unauthorized access, social engineering, phishing, policy violations, equipment-related issues, malware, suspicious network activity, and non-cyber incidents involving personal information.
Related: Suffocating Volume of Security Alerts Challenge Incident Response
