Cyberattacks are biggest fear, survey shows

A survey of more than 250 government and industry IT professionals found that the majority of respondents believe cyberattacks are the top threat to U.S. national security. The findings differ from similar surveys of government and private-sector experts

A survey of more than 250 government and industry IT professionals found that the majority of respondents – 70 percent – believe  cyberattacks are the top threat to U.S. national security.

The study, which security information and service provider USIS conducted at the 1105 Media’s GovSec conference in Washington, DC in March and released this week, was based on a survey of individuals in safety, security and law sectors. The findings differ from similar surveys of government and private-sector experts, possibly reflecting the makeup of the GovSec audience.

See the full survey results here.

Other top concerns for government IT professionals at GovSec include terrorist activity (35 percent), insider threats (31 percent) and information security breaches (25 percent).

Nearly 65 percent of respondents indicated that their organizations monitor security either “very well” or “perfectly” and 40 percent felt that their organization responded to risk either perfectly or very well. Almost the same number of individuals felt their agencies were inconsistent in their risk response. Almost half, 47 percent, said their risk management activities were integrated with new and changing initiatives.

In relation to mission strategy, cybersecurity ranked at the top, with 84 percent of respondents listing it as an important part of their organization’s security plan. Seventy-four percent of government IT professionals listed physical security and infrastructure protection as their most important business tasks, followed closely by risk management planning, at 73 percent.

Sixty-four percent of respondents were involved in integrating physical and IT security, and an additional 20 percent said they were “somewhat” involved. There was a high correlation between convergence strategy and an IT professional’s confidence in an organization’s cybersecurity. Of those respondents who said their organizations monitor security “perfectly,” nearly 77 percent are also focused on convergence. Eighty percent of the respondents who indicated that their organizations respond to risk “perfectly” also said they were engaged in convergence.

Organizations that use one vendor, rather than multiple vendors, to manage, install, maintain, and monitor security were more confident of their threat management. The majority (74 percent) of those with a single vendor said that they monitored security either “very well” or “perfectly.” However, only 16 percent of respondents indicated that they used only one vendor.

Other surveys have yielded very different finindgs. A survey by Forrester Consulting, commissioned by Microsoft and RSA and which GCN reported earlier, found internal employee activity to be the top concern, with network breaches listed at the top of those activities. Other concerns reported by GCN have included social media and cloud computing.

Another survey, taken at GCN’s FOSE conference, also found employee-related concerns (specifically, inappropriate employee activity and network use; lost passwords and educating end-users) to be the respondents' top security concerns.

And in direct contrast to the USIS study, 47 percent of those polled by CDW-G in November 2009 believed their organization does not have the funding it needs to meet its security requirements, and a further 27 percent were unsure whether they had the funding needed to support their cybersecurity efforts – which would indicate that these organizations were not engaging in risk management “perfectly.” These results were released at FOSE.

A third survey commissioned by Lumension Security, and reported on by GCN in April found agencies ill-prepared to respond to cyberattacks.

NEXT STORY: Transitioning Out of NSPS