Threats to Government Networks go Undetected Average of 16 Days
Government IT security professionals estimate that cyber threats exist on critical networks for an average of sixteen days before they are detected, according to the Go Big Security report (gated) published by MeriTalk, a public-private partnership focused on improving government IT.
The study examines the state of IT security at Federal, state, and local government agencies, and is intended to identify necessary efforts to encourage the public sector to continue the shift from mere compliance to proactive risk management to produce better IT security outcomes, with the use of big data analytics being high on the agenda.
“The good news is that 86 percent say big data analytics will improve cyber security efforts. But, just 28 percent are fully leveraging big data for security purposes today,” the researchers noted.
“Government cyber security professionals say big data can help make cyber security risk management more effective and proactive. Today, nine out of 10 respondents say they cannot tell a complete story with the cyber security data they receive.”
The study found that 76% of the security professionals surveyed said that their security team most often operates reactively rather than proactively, and that by leveraging big data analytics, they could better detect a breach that is in process (61%), monitor threat data in real time (51%), and conduct root-cause analysis following a network breach (49%). Despite the recognized need for big data analytics for proactive risk management, only one in three IT security professionals queried say their organization is prioritizing big data analytics for security security efforts.
“Government organizations have access to a wealth of cyber threat information. The challenge is managing that data and connecting the dots in real time,” said Kevin Davis of Splunk, which sponsored the report.
“That’s how we get immediate insight into threats. Agencies need to detect threats faster and start to predict when and how they will occur.”
One of the biggest problems the study identified is that organizations are literally drowning in data, with 68% saying their departments are overwhelmed by the sheer volume of security data that needs to be analyzed. Nearly half of Federal IT managers (45%) said effectively processing the huge amounts of security data generated is the biggest challenge when it comes to proactive security efforts, while just over half of state and local government IT managers (54%) say that the lack of resources, specifically skilled personnel, is a major obstacle. More than three-quarters (78%) of all the government IT security professionals said a significant portion of available security data goes completely unanalyzed due to the lack of time or the necessary skillsets of their personnel.
“Moving from compliance to risk management is a mindset shift,” says Steve O’Keeffe of MeriTalk. “Agencies need to think about ‘big security’ alongside big data. CDOs need to be on the court. Data is the MVP.”
Management support, funding, and training were identified as also being among the biggest challenges towards implementing proactive security strategies, with 65% investing in upgrading existing security technologies, 51% deploying network analysis and visibility solutions, and 50% investing in training.