While about 2 in 3 federal IT officials claim their agency can detect cybersecurity incidents within 12 hours, they also stress the need for more skilled cybersecurity help to confirm that there aren’t deeper, undiscovered threats lurking in networks, according to a new study.
Federal IT executives are relatively confident that their agencies can absorb a cyberattack and continue to function, but a number of gaps in cybersecurity resilience remain. More than half of IT leaders at civilian agencies — and 6 in 10 at defense or intelligence agencies — say their agencies don’t have the tools and resources needed to meet their security objectives.
Moreover, the majority of IT executives believe the threat landscape is evolving quicker than their agencies can respond, pointing to increasing urgency to automate systems and enhance network visibility, the study found. The findings are part of survey of federal IT leaders, released this week by CyberScoop and FedScoop, and underwritten by RedSeal.
IT executives surveyed say their agencies are investing most heavily in fiscal 2019 into data and network protection tools and threat intelligence. Though 2 in 3 respondents report their agency “has sufficient tools to identify cyberthreats,” well over half still say their agencies “don’t have all the tools and resources they need in place to respond to cyberthreats.”
But they also need help overcoming a talent shortage and conflicting funding priorities.
The study found about roughly two-thirds of IT officials surveyed say their agency can detect — and more than half say they can respond to — cybersecurity incidents within 12 hours.
The study explored how resilient federal agencies are at withstanding cyberattacks, what tools and activities they rely on most to respond to identify and respond to attacks, and the top investment priorities and concerns of agency officials.
The findings are based on responses from more than 100 pre-qualified federal agency government IT, cybersecurity and mission, business or program executives. All respondents are involved either in identifying IT and network security requirements, evaluating or deciding on solutions and contractors, allocating budgets, or implementing or maintaining cybersecurity solutions. The study was completed in the first quarter of 2018.
Download the report, “Closing the gaps in cybersecurity resilience at U.S. government agencies,” for detailed findings and guidance on how prepared agencies are to continue operating during an attack.
This article was written and produced by CyberScoop and underwritten by RedSeal.