Report: Cyber threats are on the rise while public defense measures lag

Technology is evolving and so are the online threats faced by local governments. But faced with these increased criminal threats, defensive measures aren’t keeping pace. For the first time in five years, an annual report from SolarWinds cites external threats as the public sector’s greatest cybersecurity concern.

“While IT security threats have increased—primarily from the general hacking community and foreign governments—the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable,” said Brandon Shopp, group vice president of product strategy at SolarWinds in a statement. 

The analysis, titled the Public Sector Cybersecurity Survey Report (the seventh of its kind produced by SolarWinds), includes responses from 400 IT decision makers including 200 federal, 100 state or local, and 100 education-sector respondents, according to a press release about the report.

At 56 percent, the report says, “the general hacking community” is behind most of the security threats faced by public sector servers, closely followed by “careless/untrained insiders” (52 percent) and “foreign governments” at 47 percent. This is the first time in five years careless insiders weren’t the top security threat.

For local and state governments, specifically, the highest threat concern by far expressed by respondents was outside hackers (63 percent). 

While defense measures aren’t yet up to par with the threats, the rising concern among decision makers is converting into tangible action. Included in the Biden Administration’s bipartisan infrastructure measure, for example, is the authorization of a new $4 billion (over four years) Department of Homeland Security grant program that’s intended to bolster the cybersecurity defenses of state, local, Tribal and territorial entities.

And last May, President Joe Biden issued an executive order, “Improving the Nation’s Cyber Security,” intended to strengthen the digital defenses of public organizations. This shift is noted in the findings of SolarWinds’ report, which was conducted by Market Connections.

“The data also shows an increased awareness and adoption of zero trust, as well as a commitment to invest in IT solutions and adopt cybersecurity best practices outlined in the administration’s cybersecurity executive order,” Shopp said. “It’s through these steps that public sector organizations can enhance their cybersecurity posture and fight the rising tide of external threats.”

More than 75 percent of those who responded to the survey reported their organizations “rely on a formal or informal zero-trust approach. A majority of public sector respondents are familiar with the principle of least privilege (PoLP), and 70 percent of respondents are either already implementing PoLP or will implement PoLP within the next 12 months.”

When asked about specific types of security breaches, respondents’ expressed concern over ransomware (66 percent), malware (65 percent) and phishing (63 percent) increased the most when compared to last year’s report.

Other notable findings cited by respondents—especially relevant to this pandemic-marked era—include lack of cybersecurity training among public organizations (40 percent highlighted this concern), low budgets and resources (37 percent, although state governments reported this more often than local administrators) and “the expanded perimeter (32 percent) as a result of increased remote work,” which continues to “plague public sector security pros,” the statement says.

Respondents also pointed to insufficient data collection and monitoring as a key impediment to threat detection (31 percent). Respondents in the education sector were most likely to struggle to identify the root cause of security issues, “hampering their ability to both detect and remediate such threats,” the statement notes.

Amid the broader initiative set into motion last year to bring government and public agency cybersecurity up to par with the security threats they face, while defense measures still lag behind, the report highlights an encouraging trend within administrators: “The majority of public sector respondents realize the importance of IT security solutions and prioritize their investments highly in the next 12 months, with network security software (77 percent) being the top priority,” the report says.