Federal IT Top Worries: Complex Attacks, Inside Threats

What's worrying federal IT professionals most? The increased sophistication of cyber attacks and insider threats top the list of cyber security concerns, according to a new study. Federal IT teams also continue to struggle with budget cuts and long waits for supervisor approval in their attempts to secure their networks, the study finds.

71% of those who responded to a new federal cyber security study listed the increased sophistication of attacks as the top security risk that they expect to face in the next 12 months. Negligent use of information by internal personnel was a risk cited by 63% of respondents. Cisco System sponsored the study, which was conducted by Market Connections and surveyed 200 federal IT decision makers.

Increased use of social media also is troubling more than a majority of respondents, with 63% citing it as a top concern for the next year. Federal agencies increasingly are using social media to engage with the public, even though they have worries about security and privacy risks.

One surprising result of the survey: Cloud computing ranked relatively low on the list of federal cyber security concerns, with only 35% of survey respondents citing it as a top risk for the next 12 months.

[ Pacific Northwest National Laboratory CIO Jerry Johnson takes you inside the cyber attack that he faced down--and shares his security lessons learned, in Anatomy of a Zero-Day Attack.]

Like social media, cloud computing's use among the feds is on the rise as part of efforts to increase efficiencies and reduce costs. Security has been a chief worry that in the past has impeded its use. However, other research also has found that federal IT officials slowly are warming to the security of the cloud, so signs seem to indicate that concerns about its risks are slackening.

While cybersecurity concerns vary, phishing continues to be the top threat federal agencies face, according to the survey, with nearly half of those surveyed saying that their department or agency has faced a phishing attack in the last 12 months.

This finding is in line with reports from the government’s own United States Computer Emergency Readiness Team (US-CERT), which logs reports of cyber attacks on federal networks. In its analysis of 2010 attacks, phishing remained the top threat.

Even as they take preventative measures to secure against these and other cybersecurity risks, federal IT professionals continue to face limitations to doing so. More than half (55%) said it takes too long to get approval from supervisors to put solutions in place to protect networks. Federal budget cuts also negatively affect cyber security goals, 53% reported. Adapting quickly to the evolving nature of threats also is a problem for federal agencies, 46% of respondents said.

Agencies also lack an effective process to respond to a cyber attack, according to 51% of those surveyed, while half of respondents said that they lack a clear picture of all of the activity on networks.

Join us for GovCloud 2011, a day-long event where IT professionals in federal, state, and local government will develop a deeper understanding of cloud options. Register now.