CYBERSECURITY RESILIENCE

Similar documents
CLOSING IN FEDERAL ENDPOINT SECURITY

MOVING MISSION IT SERVICES TO THE CLOUD

HOW IT INVESTMENT STRATEGIES HELP AND HINDER GOVERNMENT S ADOPTION OF CLOUD & AI

IT Risk & Compliance Federal

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Todd Sander Vice President, Research e.republic Inc.

Cyber Resilience. Think18. Felicity March IBM Corporation

Disaster Unpreparedness June 3, 2013

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

THE POWER OF TECH-SAVVY BOARDS:

The Deloitte-NASCIO Cybersecurity Study Insights from

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Building a Threat Intelligence Program

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Department of Management Services REQUEST FOR INFORMATION

EFFECTIVE INCIDENT RESPONSE

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Tripwire State of Cyber Hygiene Report

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Developing a Model for Cyber Security Maturity Assessment

White Paper. View cyber and mission-critical data in one dashboard

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

Cyber Attacks & Breaches It s not if, it s When

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Skybox Security Vulnerability Management Survey 2012

Automating the Top 20 CIS Critical Security Controls

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Vulnerability Assessments and Penetration Testing

Information Security Continuous Monitoring (ISCM) Program Evaluation

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

THALES DATA THREAT REPORT

IT Security: Managing a New Reality

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Dom Nessi Burns Engineering March 29, 2017 CYBERSECURITY TRENDS 2017 REPORT

Mastering The Endpoint

ALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

INFORMATION ASSURANCE DIRECTORATE

Tripwire State of Container Security Report

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

Cybersecurity 2016 Survey Summary Report of Survey Results

The State of Cybersecurity and Digital Trust 2016

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

U.S. Department of Homeland Security Office of Cybersecurity & Communications

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Security Survey Executive Summary October 2008

IMPROVING NETWORK SECURITY

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Must Have Items for Your Cybersecurity or IT Budget in 2018

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Innovate or die!? Modern IT Workplace Security. Alex Verboon Cyber Security Consultant

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Cyber Resilience - Protecting your Business 1

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Security in Today s Insecure World for SecureTokyo

What It Takes to be a CISO in 2017

Ensuring System Protection throughout the Operational Lifecycle

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

TEL2813/IS2820 Security Management

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Cyber Security Program

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Department of Defense Cybersecurity Requirements: What Businesses Need to Know?

RSA Cybersecurity Poverty Index

Business continuity management and cyber resiliency

Are we breached? Deloitte's Cyber Threat Hunting

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

The Third Annual Study on the Cyber Resilient Organization

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Training and Certifying Security Testers Beyond Penetration Testing

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

SECOND ANNUAL. Small & Medium Business Trends Report Research insights from nearly 500 business owners and leaders

K12 Cybersecurity Roadmap

Continuously Discover and Eliminate Security Risk in Production Apps

Which Side Are You On?

What Does the Future Look Like for Business Continuity Professionals?

Transcription:

CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function, is moderately to highly mature. But a number of gaps in cybersecurity resilience remain, with 6 in 10 defense or intelligence agency IT executives and 5 at civilian agencies saying their agencies don t have all the tools and resources needed to detect and respond to cyberthreats. This new survey of IT leaders at civilian, defense and intelligence agencies explores how prepared agencies are to continue operating during an attack, the tools they re using and their top concerns and priorities. PRESENTED BY UNDERWRITTEN BY

1 In a new survey of federal civilian, defense and intelligence agency IT decision makers, CyberScoop & FedScoop identify: The overall resilience and preparedness of civilian and defense/intelligence agencies to recover from cyber incidents WHO WE SURVEYED FedScoop and CyberScoop conducted an online survey of qualified federal government IT, cybersecurity and mission, business or program executives. A total of 64 IT officials working for civilian agencies and 51 IT officials working for defense or intelligence agencies completed the survey. All respondents are involved either in identifying IT and network security requirements, evaluating or deciding on solutions and contractors, allocating budgets, or implementing or maintaining cybersecurity solutions. The study was completed in the first quarter of 2018. 2 How long it takes their organizations to detect and respond to security incidents GOVERNMENT RESPONDENTS BY JOB ROLE 3 What cybersecurity tools, activities and metrics they rely on most C-suite/executive level IT decision-maker IT/network/security management IT acquisition, implementation or maintenance Mission, business or program management Other (Chief data officer, analyst, IT security strategy) 4 How frequently they conduct Blue Team / Red Team testing 1 2 4 4% 5 Their top cybersecurity investment priorities 2 34% 39% 3

TOP LINE FINDINGS The state of cybersecurity resilience and preparedness in federal agencies: 2 IN 3 9 IN 10 MORE THAN HALF 6 IN 10 HALF OF 7 IN 10... federal IT executives surveyed rate their agency s cybersecurity resilience the ability to withstand a cyber event and continue to function as moderately to highly mature.... IT executives surveyed say they are very or somewhat confident that their agency will continue running as usual in the midst of a cyberattack or IT security incident.... of respondents say their organizations can respond to security incidents within 12 hours after detection.... defense or intelligence executives and half at civilian agencies say their organizations don t have all the tools and resources needed in place to meet their security objectives.... civilian executives and 4 at defense/ intelligence agencies say their agencies lack the network context to prioritize responses to vulnerabilities.... civilian executives and 5 at defense/ intelligence agencies believe the threat landscape is evolving quicker than their agency can respond. 5

KEY FINDINGS: CYBERSECURITY RESILIENCE About 2 in 3 federal IT executives surveyed rated their agency s cybersecurity resilience maturity the ability to absorb, recover or adapt to an attack as moderate to high. Nine in 10 federal IT executives are confident their agencies will continue running as usual in the face of a cyberattack. But a majority are only somewhat confident. CYBER RESILIENCE MATURITY (1=LEAST MATURE 5=MOST MATURE) CONFIDENCE THAT THEIR ORGANIZATION WILL CONTINUE RUNNING AS USUAL UPON THE DISCOVERY OF A CYBERATTACK OR IT SECURITY INCIDENT 1 1 2 2 1 3 1 1 1 13% 19% 27% 23% 13% LEAST MATURE MOST MATURE 5 4 3 2 1 We can adapt and use the knowledge and experience gained from an attack to become more resilient We can recover from an incident and return all functions and services to preattack levels We can absorb an incident, continue to function and repel or isolate an attack We can detect an incident or malfunction and trigger containment procedures We have a plan and are prepared to keep services available and assets functioning in the event of a cybersecurity incident Don t know 6 Very confident Somewhat confident Not confident 73% 7

KEY FINDINGS: CYBERSECURITY RESILIENCE Though 2 in 3 respondents say their agency has sufficient tools and resources to identify cyberthreats, roughly half or more agree that their agencies don t have all the tools or network context they need. MY AGENCY DOESN T HAVE ALL THE TOOLS/RESOURCES NEEDED IN PLACE TO DETECT/RESPOND TO CYBERTHREATS A majority of federal IT respondents believe that their agency isn t keeping pace with evolving threats and could do more to ensure cyber resilience. THE THREAT LANDSCAPE IS EVOLVING QUICKER THAN MY AGENCY CAN RESPOND 61% 2 2 5 1 33% 5 3 13% 6 1 1 Agree Disagree Neither agree nor disagree Agree Disagree Neither agree nor disagree MY AGENCY DOESN T HAVE THE NETWORK CONTEXT TO PRIORITIZE RESPONSES TO VULNERABILITIES/BREACHES MY ORGANIZATION COULD DO MORE IN TERMS OF CYBER RESILIENCE 4 29% 2 7 1 5 34% 1 8 1 9

KEY FINDINGS: CYBERSECURITY PREPAREDNESS Agencies currently rely on various tools and tactics to guard against cyberthreats: Only about 1 in 5 federal IT executives say their agencies conduct Blue Team / Red Team cybersecurity tests on a continuous basis. CYBERSECURITY TOOLS AND ACTIVITIES USED BLUE TEAM VULNERABILITY ASSESSMENTS Data protection Incident response Endpoint protection & asset mgmt Risk scoring/ vulnerability mgmt 4 Network monitoring & protection Patch mgmt Threat intelligence Hunting 2 2 1 3 21% 27% 7 7 63% 57% 57% 53% 49% Continually Once a year 3% Once every two years Less frequently than every two years Don t know 14% RED TEAM PENETRATION TESTS 69% 6 6 4 5 47% 4 2 34% 27% 29% 2 1 1 11

KEY FINDINGS: CYBERSECURITY PREPAREDNESS About 6 in 10 defense / intelligence agency executives and over half at civilian agencies say their organizations have not completed a map or blueprint of their entire network within the last six months. Most respondents say they don t have the time, budget or resources. Agencies use multiple metrics to gauge the security of their networks. Network availability is cited most by defense/ intelligence IT executives; incident response is cited most by civilian agency executives. THE LAST TIME THEIR ORGANIZATION CREATED A COMPLETE BLUEPRINT, MODEL OR MAP OF ITS ENTIRE NETWORK WHAT METRICS ARE CURRENTLY BEING USED TO MEASURE NETWORK SECURITY? 1 1 6 6 Within the last month 21% DEFENSE/ INTELLIGENCE AGENCY 23% 5 4 44% 3 3 4 53% 3 34% 5 Within the last six months Between six months and a year ago 23% Between one and three years ago Between three and five years ago 1 Network availability Never Compliance scoring ie: FISMA, CCRI, DISA STIGS 2 FEDERAL CIVILIAN AGENCY 37% Incident response time Patch management latency Average time to resolve critical vulnerabilities 2 Number of malicious emails blocked 13

KEY FINDINGS: CYBERSECURITY RESPONSIVENESS One-third of federal IT respondents say their agency can detect security incidents in under one hour; and more than two-thirds can do so within 12 hours. But nearly 2 in 3 civilian and nearly 3 in 4 defense/intelligence agency respondents say their agency should detect incidents in under one hour. HOW LONG IT TAKES TO DETECT SECURITY INCIDENTS IN THEIR ORGANIZATION More than half of federal IT respondents say their agency can respond to security incidents within 12 hours. But the majority believe their agency should respond to security incidents in under one hour. HOW LONG IT TAKES TO RESPOND TO SECURITY INCIDENTS IN THEIR ORGANIZATION 39% 33% 29% 33% 2 33% 2 2 1 24% 19% 4% 1 1 1 11% Under an hour Within 12 hours Within 1 day Within 1 week Under an hour Within 12 hours Within 1 day Within 1 week Within 1 month 1 month or more Don t know Within 1 month 1 month or more Don t know HOW LONG THEY THINK IT SHOULD ACTUALLY TAKE HOW LONG THEY THINK IT SHOULD ACTUALLY TAKE 73% 63% 61% 57% 14% 21% 2 27% 4% 11% 1 4% 3% 15

KEY FINDINGS: CYBERSECURITY RESPONSIVENESS 3 in 4 IT executives say their IT security teams focus up to half of their time responding to security incidents. Determining compliance with security polices and taking inventory of network assets also consume a significant shares of the security teams time. PORTION OF IT SECURITY TEAM S TIME FOCUSED ON DETERMINING COMPLIANCE WITH SECURITY POLICIES 51-7 76-10 1 1 2 51-7 76-10 UP TO 2 25-5 PORTION OF IT SECURITY TEAM S TIME FOCUSED ON RESPONDING TO SECURITY INCIDENTS 14% 21% 3 34% 4 4 UP TO 2 25-5 51-7 76-10 UP TO 2 25-5 3% 3 PORTION OF IT SECURITY TEAM S TIME FOCUSED ON TAKING INVENTORY OF NETWORK ASSETS 1 2 23% 27% 3 3 44% 4 47% 17

TOP INVESTMENT PRIORITIES Looking ahead: Data and network protection top the list of investment priorities for civilian and defense/intelligence agency executives. Civilian agency executives are giving threat intelligence and endpoint/asset management investments higher priority than their defense/intelligence counterparts. 59% 57% 4 39% 6 5 5 5 Network monitoring & protection Data protection Incident response Risk scoring/ vulnerability management Data protection Network monitoring & protection Threat intelligence Incident response Patch management Endpoint protection & asset management Threat intelligence Hunting Endpoint protection & asset management Risk scoring/ vulnerability management Patch management Hunting 39% 37% 3 4 34% 31% 19

TOP OBSTACLES Executives rank competing IT priorities, a lack of cross-system visibility, extensive security requirements and inadequate automation among their top obstacles to detecting and responding to cybersecurity incidents. A shortage of skilled cybersecurity professionals, a lack of training or understanding of existing capabilities and insufficient automation continue to hinder cybersecurity efforts. TOP OBSTACLES THAT PREVENT ADEQUATE DETECTION AND RESPONSE TO CYBERSECURITY INCIDENTS IN THEIR ORGANIZATION TOP PERSONNEL OBSTACLES TO CYBERSECURITY IN THEIR ORGANIZATION 5 5 5 5 41% 41% 41% 39% 37% 29% 4 4 39% 3 3 4 4 4 3 44% 44% 2 We have too many IT priorities competing for funding Cybersecurity requirements such as FISMA compliance, NIST guidelines, DOD STIG configuration or commercial security standards take a long time to implement and check Lack of integrated visibility across all IT security systems Incomplete real-time visibility of network configuration and potential risk points Not enough skilled cybersecurity professionals in our organization Staff lack training to use and optimize the cybersecurity tools we have Difficulty retaining skilled cybersecurity professionals Cybersecurity activities are not adequately automated Cybersecurity tools do not prioritize threats to help us focus attention on the areas of highest risk Insufficient automation slows down productivity Staff do not fully understand the capabilities and benefits of the tools we have Other (Lack of staff/trained personnel/understanding app behavior) 21

CONCLUSIONS 1 2 3 4 CYBER INCIDENT RESPONSE CYBERSECURITY RESILIENCE EVOLVING THREAT LANDSCAPE OBSTACLES AND PRIORITIES While about 2 in 3 federal IT officials claim their agency can detect cybersecurity incidents and more than half claim they can respond within 12 hours, officials stress the need for more skilled cybersecurity help to confirm there aren t deeper, undiscovered threats lurking in networks. Federal IT executives are very or somewhat confident that their agencies can absorb a cyberattack and continue to function. But more than half of civilian executives and 6 in 10 at defense/ intelligence agencies say their agencies don t have all the tools and resources needed to meet their security objectives. The majority of IT executives believe the threat landscape is evolving quicker than their agencies can respond. More than 6 in 10 agreed if their agency could automate more monitoring and mitigation activities, it would be more secure. Executives are investing most heavily in fiscal 2019 into data and network protection tools and threat intelligence. But more than 3 in 4 agree there s more that their agency could do to fortify their cyber resilience. 23

CyberScoop is the leading media brand in the cybersecurity market. With more than 350,000 unique monthly visitors and 240,000 daily newsletter subscribers, CyberScoop reports on news and events impacting technology and security. CyberScoop reaches top cybersecurity leaders both online and in-person through our website, newsletter, events, radio and TV to engage a highly targeted audience of cybersecurity decision makers and influencers. FedScoop is the leading tech media brand in the federal government market. With more than 210,000 unique monthly visitors and 120,000 daily newsletter subscribers, FedScoop gathers top leaders from the White House, federal agencies, academia and the tech industry to discuss ways technology can improve government and identify ways to achieve common goals. With our website, newsletter and events, we ve become the community s go-to platform for education and collaboration. Learn more about RedSeal Contact: Wyatt Kash Sr. Vice President, Content Strategy Scoop News Group Wyatt.Kash@FedScoop.com 202.887.8001 PRESENTED BY UNDERWRITTEN BY

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback