External Threats Now Greatest Cyber Security Concern for Public Sector

The growing prominence of the general hacking community and foreign government-led cyberattacks is forcing the public sector to re-evaluate its security posture
The growing prominence of the general hacking community and foreign government-led cyberattacks is forcing the public sector to re-evaluate its security posture

SolarWinds, a Triple ‘ASTORS’ Award Winner in the 2021 AST Homeland Security Awards Program, has released the findings of their seventh Public Sector Cybersecurity Survey Report.

This survey includes responses from 400 IT operations and security decision-makers, which includes 200 federal, 100 state and local, and 100 education respondents.

“These results demonstrate that while IT security threats have increased—primarily from the general hacking community and foreign governments—the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable,” explains Brandon Shopp, Group Vice President, Product Strategy, SolarWinds.

“But the data also shows an increased awareness and adoption of zero trust, as well as a commitment to invest in IT solutions and adopt cybersecurity best practices outlined in the Administration’s Cybersecurity Executive Order.”

Brandon Shopp, Group Vice President of Product at SolarWinds
Brandon Shopp, Group Vice President of Product at SolarWinds

“It’s through these steps that public sector organizations can enhance their cybersecurity posture and fight the rising tide of external threats.”

 

2021 Key Findings Include:

  • The general hacking community (56%) is the largest source of security threats at public sector organizations, followed closely by careless/untrained insiders (52%) and foreign governments (47%).

  • For the first time in five years, careless insiders were not listed as the top security threat.

    • State and local governments (63%) are significantly more likely than other public sector groups to be concerned about the threat of the general hacking community.

    • Federal civilian agency respondents (58%) are more likely to indicate careless insiders as a threat compared to the defense community (41%).

Sources of Security Threats by Organization Type (Courtesy of SolarWinds)
Sources of Security Threats by Organization Type (Courtesy of SolarWinds)

 

  • Cybersecurity threats from foreign governments (56%) are responsible for the greatest increase in concern among public sector respondents.

    • Defense respondents (68%) are the most likely to note foreign governments as a cybersecurity threat, compared to civilian (53%), state and local government (46%), and education (25%) respondents.

 

  • When asked about specific types of security breaches, the public sector’s level of concern over ransomware (66%), malware (65%), and phishing (63%) has increased the most over the last year.

  • Time to detection and resolution have not improved at the rate of increased IT security threats and breach concerns.

    • About 60% of respondents noted both the time to detection and time to resolution remained the same or worsened between 2020 and 2021.

 

  • Lack of training (40%), low budgets and resources (37%), and the expanded perimeter (32%) as a result of increased remote work continue to plague public sector security pros.

    • Respondents also pointed to insufficient data collection and monitoring as a key impediment to threat detection (31%).

    • State government respondents (50%) indicate more so than local governments (25%) that budget constraints are an obstacle to maintaining or improving IT security.

    • Education respondents are the most likely to struggle to identify the root cause of security issues, hampering their ability to both detect and remediate such threats.

Impediments to Detection/Remediation of Security Issues (Courtesy of SolarWinds)
Impediments to Detection/Remediation of Security Issues (Courtesy of SolarWinds)

 

  • Public sector respondents suggest improving investigative and remediation capabilities, as well as reducing barriers to sharing threat information between public and private sectors, as the top priorities for compliance with the Cybersecurity Executive Order.

    • Among SLED organizations, 86% are likely to adopt cybersecurity best practices and activities from the Cybersecurity Executive Order, including almost 100% of respondents from K-12 schools.

 

  • More than 75% of public sector respondents note their organizations rely on a formal or informal zero-trust approach.

    • A majority of public sector respondents are familiar with the principle of least privilege (PoLP), and 70% of respondents are either already implementing PoLP or will implement PoLP within the next 12 months.

 

  • The majority of public sector respondents realize the importance of IT security solutions and prioritize their investments highly in the next 12 months, with network security software (77%) being the top priority.

    • IT modernization investment priority leans toward replacing legacy applications (60%) and migrating systems to the cloud (60%).

    • When it comes to customer experience, IT services management (59%) holds investment priority.

    • And for digital transformation, implementing stakeholder platforms and portals (57%) is key.

 

Tim Brown, CISO and Vice President of Security, SolarWinds
Tim Brown, CISO and Vice President of Security at SolarWinds

“Public sector organizations are increasingly concerned about the threats from foreign governments,” added Tim Brown, CISO and Vice President of Security, SolarWinds.

“In looking at the survey data, it’s encouraging that a majority of the public sector is actively seeking to follow the roadmap outlined in the Administration’s Cybersecurity Executive Order, including enhanced data sharing between public and private sectors.”

“This is a key pillar of the SolarWinds Secure by Design approach, which encourages government and industry to present a united front against criminals and foreign cyberactors.”

To view the SolarWinds 2021 Public Sector Cybersecurity Survey Report in its entirety, please click here.

SolarWinds is a leading provider of simple, powerful, and secure IT management software.

solarwinds logo

The company’s solutions give organizations worldwide, regardless of type, size, or complexity, the power to accelerate business transformation in today’s hybrid IT environments.

SolarWinds continuously engages with technology professionals (IT service and operations professionals, DevOps and SecOps professionals, and database administrators), to understand the challenges they face in maintaining high-performing and highly available IT infrastructures, applications, and environments.

The insights the company gains from them, in places like their THWACK community, allow them to address customers’ needs now, and in the future.

(THWACKcamp is a free, annual, two-day, digital IT learning event brought to you by SolarWinds. Now in its 10th year, THWACKcamp features expert speakers, interactive sessions, prizes, and much more. Join thousands of tech professionals from all disciplines, along with industry leaders, product experts, and SolarWinds customers, for our 10th annual THWACKcamp! This lively, interactive event is about people, technology, industry insights, productivity, and fresh perspectives and explores the evolving roles we play in today’s shifting IT landscape. Register now at https://slrwnds.com/TC22-Registration. Courtesy of SolarWinds and YouTube.)

Their focus on the user and commitment to excellence in end-to-end hybrid IT management has established SolarWinds as a worldwide leader in solutions for observability, IT service management, application performance, and database management.

To Learn More, please visit www.solarwinds.com.

 

SolarWinds a Triple ‘ASTORS’ Winner in 2021 Homeland Security Awards Program

2021 ‘ASTORS’ Awards Luncheon (starting front row, left to right) SIMS Software President & CEO Michael Struttmann; TENEO Risk Advisory Executive Chairman Commissioner Bill Bratton; NEC National Security Systems President Dr. Kathleen Kiernan; TSA Administrator David Pekoske; Fortior Solutions General Counsel Katherine Cowan; NEC Corporation of America Senior Vice President & Chief Experience Officer Raffie Beroukhim; TENEO Risk Advisory Chief of Staff David Cagno; Infragard National Board Member Doug Farber, Lumina Analytics Co-Founder & Chairman Allan Martin, and AMAROK Senior Vice President Sales & Marketing Mike Dorrington.
2021 ‘ASTORS’ Awards Luncheon (starting front row, left to right) SIMS Software President & CEO Michael Struttmann; TENEO Risk Advisory Executive Chairman Commissioner Bill Bratton; NEC National Security Systems President Dr. Kathleen Kiernan; TSA Administrator David Pekoske; Fortior Solutions General Counsel Katherine Cowan; NEC Corporation of America Senior Vice President & Chief Experience Officer Raffie Beroukhim; TENEO Risk Advisory Chief of Staff David Cagno; Infragard National Board Member Doug Farber, Lumina Analytics Co-Founder & Chairman Allan Martin, and AMAROK Senior Vice President Sales & Marketing Mike Dorrington.

American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program, and now in its Sixth Year, continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.

 

SolarWinds Worldwide (First of Three)

  • Best Security Incident & Event Management (SIEM)

  • Threats to IT networks continue to accelerate and evolve and while enterprising hackers from external sources test the robustness of network security parameters, internal threats in the form of careless and malicious insiders remain a major and ongoing concern.

  • It is critical that agencies take steps to combat these threats—and SolarWinds® Security Event Manager (SEM), formerly Log & Event Manager is a powerful weapon. This comprehensive SIEM solution delivers dynamic, real-time log collection and analysis for immediate and actionable threat intelligence.

(See a brief, high-level overview of the capabilities of SolarWinds Security Event Manager and how you can use the SIEM tool to detect threats, quickly respond to cyber incidents, and report compliance from a consolidated interface. Courtesy of Solarwinds Worldwide and YouTube.)

  • SEM can capture and analyze log data in real-time from multiple sources and specific incidents, allowing users to quickly identify and remediate threats, uncover policy violations, and resolve vital network issues, and users can quickly shut down breached systems, block IP addresses, kill unexpected processes, and disable user accounts.

  • SEM includes an easy-to-use, point-and-click interface and data visualization tools to quickly search log data, perform event forensics, and identify the cause of security incidents or network problems.

  • Like all SolarWinds software, SEM is built to scale and can support IT environments of all sizes, and employs a node-based license model that allows users to stay within their planned budgets as they deploy and expand their IT infrastructures across multiple data centers and geographies. 

  • SolarWinds SEM is used by nearly every U.S. federal civilian agency, DoD branch, and intelligence agency. It is available on the U.S. General Services Administration (GSA) Schedule and other contract vehicles.

 

SolarWinds Worldwide (Second of Three)

  • Best Network Security Solution

  • Successful threat mitigation requires continuous real-time monitoring of network configuration changes and potential policy violations, and alerts for automated detection and remediation of harmful security violations is essential.

  • SolarWinds® Network Configuration Manager (NCM) offers compliance auditing and leverages baselines and differential viewers to help ensure that devices are configured correctly, with an automated change control workflow, bulk configuration updates, and automatic vulnerability assessments to help teams efficiently identify and fix vulnerabilities – all in a single solution.

Reduce cost, save work hours, and remain compliant with automated network configuration management and backup.
  • NCM offers several unique and powerful features to help agency IT professionals protect against vulnerabilities and prevent unauthorized network configuration changes, and uses Cisco® IOS® and ASA vulnerability scanning and NIST FISMA, DISA STIGs, and DSS PCI compliance assessments to improve network security.

  • The software itself features hundreds of built-in compliance reports to help meet major auditing authority requirements, including DISA STIGs, NIST FISMA, and more, and THWACK®, SolarWinds’ online user community, provides a number of free report templates that can be used to prepare for an inspection.

  • NCM is built for IT environments of all sizes and can easily scale to meet growing infrastructure needs. Licensing depends on the total number of devices an IT pro manages, including firewalls, routers, switches, or any other device that supports remote access and a command line interface.

(Increase visibility to your network devices with SolarWinds® Network Configuration Manager. Save time and improve network reliability by automating network configuration and change management to reduce configuration errors, recover quickly from downtime, and improve security and compliance. Courtesy of SolarWinds and YouTube.)

 

SolarWinds Worldwide (Third of Three)

  • Best IT Access Control & Authentication System

Manage and audit access rights across your IT infrastructure.
SolarWinds® Access Rights Manager (ARM) is designed to deliver customized Active Directory (AD) and Azure AD reports—showing who has access to what, and when they accessed this data.
  • SolarWinds ARM enhances security by monitoring, analyzing, and auditing Active Directory®, Azure AD, Exchange™, SharePoint, OneDrive, and file servers to see what changes have been made, by whom, and when those changes occurred, and customized reports can be generated to demonstrate compliance with most regulatory requirements.

  • The solution also provisions and deprovisions users using role-specific templates to help assure conformity of access privilege delegation in alignment with security policies.

  • ARM helps prevent data leaks and unauthorized changes to sensitive files and data through visualization of permissions on file servers. 

  • SolarWinds ARM reduces IT workload through a web-based self-service portal, put access rights of data in the hands of data owners instead of admins.

(SolarWinds Access Rights Manager (ARM) helps IT and Security Admins meet compliance requirements with centralized provisioning, de-provisioning, management, and audit of user permissions and access to systems, data, and files while protecting their organizations from internal security breaches. Courtesy of SolarWinds and YouTube.)

  • *SolarWinds has now been recognized with Multiple Awards in all Six Annual ‘ASTORS’ Awards Programs.

 

The Annual ‘ASTORS’ Awards highlight the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition and keep our Nation safe – one facility, street, and city at a time.

Thomas Richardson, FDNY Chief of Department; Dr. Kathleen Kiernan, President of NEC National Security Systems; and Richard Blatus, FDNY Assistant Chief of Operations at the 2021 ‘ASTORS’ Awards Luncheon at ISC East.

AST Honors Thomas Richardson, FDNY Chief of Department; Dr. Kathleen Kiernan, President of NEC National Security Systems; and Richard Blatus, FDNY Assistant Chief of Operations, at the 2021 ‘ASTORS’ Awards Luncheon at ISC East.

The United States was forever changed 20 years ago on September 11th, and we were fortunate to have many of those who responded to those horrific tragedies join us at the 2021 ‘ASTORS’ Awards Luncheon.

In the days that followed 9/11, the critical needs of protecting our country catapulted us into new and innovative ways to secure our homeland – which is how many of the agencies and enterprise organizations that are today ‘ASTORS’ Awards Champions, came into being.

Our keynote speaker TSA Administrator David Pekoske delivered a moving and timely address on the strategic priorities of the 64,000 member TSA workforce in securing the transportation system, enabling safe, and in many cases, contactless travel, and more (Be sure to see Interview.)
TSA Administrator David Pekoske addressing attendees at the 2021 ‘ASTORS’ Awards Luncheon in New York City on November 17, 2021. (Be sure to see AST Exclusive Interview, facilitated by Dr. Kathleen Kiernan HERE.)

Our keynote speaker featured a moving and informative address from TSA Administrator and Vice-Admiral of the United States Coast Guard (Ret), David Pekoske; to our attendees who traveled from across the United States and abroad, on the strategic priorities of the 64,000 member TSA workforce in securing the transportation system, enabling safe, and in many cases, contactless travel.

Commissioner Bill Bratton signing copies of his latest work, ‘The Profession: A Memoir of Community, Race, and the Arc of Policing in America,’ at the 2021 ‘ASTORS’ Awards Presentation Luncheon. (Be sure to see AST Exclusive Interview with Comm Bratton, facilitated by Dr. Kathleen Kiernan HERE.)

Legendary Police Commissioner William Bratton of the New York Police Department, the Boston Police Department, and former Chief of the Los Angeles Police Department was also live at the event, meeting with attendees and signing copies of his latest work ‘The Profession: A Memoir of Community, Race, and the Arc of Policing in America,’ courtesy of the generosity of our 2021 ‘ASTORS’ Awards Premier Sponsors.

The 2021 ‘ASTORS’ Awards Program was Proudly Sponsored by AMAROK, Fortior Solutions and SIMS Software, along with Returning Premier Sponsors ATI SystemsAttivo Networks, Automatic Systems, and Reed Exhibitions.

Why American Security Today?

The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast-changing security landscape.

American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State, and local levels of government as well as firms allied to the government.

American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.

Harness the Power of the Web – with our 100% Mobile Friendly Publications

AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.
AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.

AST Digital Publications are distributed to over 75,000 qualified government and homeland security professionals, in federal, state, local, and private security sectors.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

AST Reaches both Private & Public Experts, essential to meeting these new challenges.

Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.

American Security Today

These experts are from Government at the federal, state, and local level as well as from private firms allied to the government.

AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.

AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.

Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.

(See just a few highlights of American Security Today’s 2021 ‘ASTORS’ Awards Presentation Luncheon at ISC East. Courtesy of My Pristine Images and Vimeo.)

To learn more about ‘ASTORS’ Homeland Security Award Winners solutions, be on the lookout for the 2021 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2021 ‘A Year in Review’.

The Annual CHAMPIONS edition includes a review of Annual ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firm’s products and services, including video interviews and more.

For example, please see the AST 2020 CHAMPIONS Edition.

It will serve as your Go-To Source throughout the year for ‘The Best of 2021 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and/or organization’s most pressing Homeland Security and Public Safety needs.

From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection, and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2021 ‘ASTORS’ CHAMPIONS EDITION will have what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.

It will also include featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2021 ‘ASTORS’ Awards Program.

  • For a complete list of 2021 ‘ASTORS’ Award Winners, begin HERE.

For more information on All Things American Security Today, as well as the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

  • Provides named sources
  • Reported by more than one notable outlet
  • Includes supporting video, direct statements, or photos

Subscribe to the AST Daily News Alert Here.