Data shows that the perceived threat of foreign governments has nearly doubled since 2014
SolarWinds (NYSE:SWI), a leading provider of simple, powerful, and secure observability and IT management software, today announced the findings of its eighth annual Public Sector Cybersecurity Survey Report. This year’s survey includes responses from 400 public sector IT operations and security decision-makers, including 200 federal, 100 state and local, and 100 education respondents.
“The threat foreign governments pose to the security of government IT systems has steadily increased throughout the years,'' said Brandon Shopp, Group Vice President, Product Strategy at SolarWinds. “However, it is reassuring to see this year’s data showing public sector organizations continue to recognize top security threats, adopt zero-trust strategies, and seek vendor attestations and SBOMs to better secure the software supply chain – all of which are crucial to maintaining a high standard of security across federal and state government, as well as in the education and defense sectors.”
2023 Key Findings:
IT Security Threats
Public sector respondents now see foreign governments (60%) as the greatest source of IT security threats to their organizations, surpassing both careless/untrained insiders (58%) and the general hacking community (52%). In 2021, the general hacking community ranked first.
- For federal respondents, foreign governments have become a significantly greater source of IT security threats over time, with reports nearly doubling from 2014 (34%) to 2023 (63%).
- The top three sources of security threats have remained the same for federal IT professionals (since 2014) and the state, local, and education (SLED) audience (since 2019), which are foreign governments, careless/untrained insiders, and the general hacking community.
Public sector respondents reported trojans, spam, and ransomware as the three biggest IT security threats to their organizations.
- Spam (58%) is the most common threat impacting public sector organizations over the last 12 months.
- Among all public sector respondents, state and local government respondents (41%) see ransomware as a threat more than other public sector organizations (federal 32%; education 26%).
- 15% of state and local respondents, 13% of education respondents, and 10% of federal respondents reported that their organization had been impacted by ransomware in the last 12 months.
For the first time, IT complexity (27%) surpasses budget constraints as the most significant obstacle public sector respondents say they face in hardening their cybersecurity posture.
- 66% of respondents say their IT environment is extremely/very complex to manage, yet only 5% of respondents say they feel extremely confident in their ability to manage these environments.
- IT complexity has increased across all public sector organization types, with state and local government respondents (25% in 2023 versus 12% in 2021) and education respondents (33% in 2023 versus 12% in 2021) reporting the largest jumps.
Survey respondents say the top three barriers to managing complex IT environments are an insufficient number of IT staff (41%), followed by time constraints (39%) and budget issues (35%).
- Federal respondents (41%) reported significantly more concerns with budget constraints than state/local respondents (29%).
Software Supply Chain Security
Most public sector respondents express concern with their organization’s software supply chain security and feel vendor attestations and SBOMs are important.
- Over half of respondents are moderately concerned with their software supply chain security. However, only two in 10 respondents are very or extremely concerned.
- Two-thirds of respondents indicate vendor attestations are extremely/very important, and seven in 10 want them provided within 12 months.
- Two-thirds of respondents have either begun requesting or are planning to request SBOMs from vendors. They say it is extremely/very important for vendors to provide information on how they develop and secure their software.
The adoption and perceived importance of zero-trust approaches continue to increase.
- 89% of public sector respondents (an all-time high) see the importance of implementing a zero-trust approach. Up significantly from 2021, 85% of public sector organizations now use a formal or informal zero-trust approach to IT security.
Of the zero-trust approaches, the Office of Management and Budget (OMB) and Department of Defense (DoD) frameworks are relied on most, with each being cited by 33% of respondents.
- 15% of respondents follow the National Institute of Standards and Technology (NIST) Zero Trust Architecture, and 10% follow the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model.
“This year’s data highlights the increasing need for continued partnership between the public and private sectors,” said Tim Brown, CISO and Vice President of Security, SolarWinds. “If we continue to work together to assess top threats, secure IT environments, arm IT teams with the appropriate defenses, and implement formal strategies like zero-trust, public sector organizations will be better positioned to continue mission-critical activities without interruption.”
“The daily threats of compromised security are a growing problem, and it’s extremely important to stay ahead of the game and combat any potential attacks.”
- Defense / Military
“Data leaks and cyberattacks are growing alarmingly and need to be checked.”
- Defense / Military
“Staff need to understand more about the global threat landscape.”
- Federal Civilian
“Lack of zero-trust implementation on the part of workers will open a wide space for hackers to compromise the data security and use them for malicious purposes.”
- Education: K-12
*In January 2023, independent market research firm Market Connections, Inc. surveyed 400 IT security professionals in U.S. federal civilian and defense agencies, state and local government, and education. The survey was conducted on behalf of SolarWinds. Full survey results are available upon request.
- SolarWinds 2023 Cybersecurity Survey Report
- SolarWinds Government Solutions
- SolarWinds Transformational Defense Solution
- SolarWinds Federal Compliance Solution
Connect with SolarWinds
SolarWinds (NYSE:SWI) is a leading provider of simple, powerful, secure observability and IT management software built to enable customers to accelerate their digital transformation. Our solutions provide organizations worldwide—regardless of type, size, or complexity—with a comprehensive and unified view of today’s modern, distributed, and hybrid network environments. We continuously engage with IT service and operations professionals, DevOps and SecOps professionals, and database administrators (DBAs) to understand the challenges they face in maintaining high-performing and highly available hybrid IT infrastructures, applications, and environments. The insights we gain from them, in places like our THWACK community, allow us to address customers’ needs now and in the future. Our focus on the user and our commitment to excellence in end-to-end hybrid IT management have established SolarWinds as a worldwide leader in solutions for observability, IT service management, application performance, and database management. Learn more today at www.solarwinds.com.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks of) their respective companies.
© 2023 SolarWinds Worldwide, LLC. All rights reserved.