A new SolarWinds report shows that 52 percent of information technology security professionals from public sector organizations say they consider untrained and careless insiders as the top threat to their agencies.
SolarWinds said Tuesday it commissioned research firm Market Connections to survey 400 IT security leaders from U.S. federal civilian, defense agencies, state and local government and education institutions between December and January for the sixth annual Public Sector Cybersecurity Survey Report and found that insiders have been a leading source of security threats for five consecutive years.
The report showed that respondents consider budget constraints and the complexity of the internal environment as the top two obstacles to improving or maintaining operational IT security.
More than half of public sector respondents said their cybersecurity capabilities are most mature in continuity of operations, endpoint protection and identity and access management areas.
Eighty-six percent of IT security and operations leaders indicated that they depend on in-house personnel as their primary security team, while 75 percent of respondents said compliance mandates have had a significant impact on IT security practices and policies within their organizations.
The survey also found that 61 percent of respondents said they segment users by risk level. IT security professionals said they consider the segmentation a challenging process due to the increasing number of users and devices.
“While it's heartening to see that almost two-thirds of respondents are formally segmenting users“”a helpful step in managing risk“”the data finds careless and untrained users to still be the weakest link,“ said Tim Brown, vice president of security at SolarWinds. “Additionally, we're seeing a widespread lack of organizational maturity“”even in technologies like endpoint protection that have been around forever. It's therefore no surprise that only four in ten respondents feel very confident their security team can keep up with the evolving threats.“
SolarWinds noted that 30 percent of respondents said their organizations have formal strategy on zero trust.