[BreachExchange] CIOs fear employees, outdated systems

Audrey McNeil audrey at riskbasedsecurity.com
Mon Sep 25 20:51:55 EDT 2017


https://washingtontechnology.com/articles/2017/09/25/cio-
survey-psc-johnson.aspx?admgarea=TC_Contracts

Nearly half of government federal IT believe they are better positioned
today to defend their IT systems against cyberattacks than they were a year
ago, according to a survey by the Professional Services Council and Grant
Thornton released Sept. 25.

Cybersecurity was the highest priority listed by the 313 survey
respondents, mostly made up of federal CIOs, chief technology officers,
chief information security officers and other high-level IT executives. The
survey notes that the federal CIO community is currently undergoing
turmoil, with no permanent federal CIO, no federal CISO and 13 of 27
federal CIO positions unfilled or filled on an acting basis.

There's been a debate in the federal IT community about whether
modernization may lead to new security holes even as it closes others.
However, there is little debate about the threat posed by aging IT systems
and architecture. Outdated applications and technologies was listed as the
top concern.

Following that, CIOs seem to be most worried about their employees.

Human error, malware and phishing attacks all rate high on the worry list
-- all threats that are less about technology and more about mistakes or
poor cyber hygiene on the part of end users. Despite a steady stream of
high-level leaks emanating out of government and the recent WannaCry and
Petya attacks, concerns about insider threats and ransomware ranked
relatively low at sixth and seventh.

While adoption of cloud computing continues at a steady pace, there are
signs that the technology is becoming more deeply embedded into the
government's IT infrastructure. While just five percent of CIO's in 2016
rated their cloud capabilities as "mature," 19 percent said the same this
time around, and overall half of all CIO's reported having "mature" or
"somewhat mature" cloud capabilities.

However, one of the original selling points of moving to the cloud– cost
savings – does not appear to be taking hold. Just 24 percent of CIO's
agreed with the statement: "cloud services have provided savings and
efficiency for my agency." A majority (51 percent) either disagreed with
the statement or said the impact has been neutral, with another 25 percent
saying they didn't know.

Meanwhile, FedRAMP, the GSA's cloud security authorization program, has
seen its reputation improve markedly since last year, when complaints about
the sluggish pace of authorization (applicants waited an average of 104
weeks to see their cloud projects authorized) were widespread. FedRAMP
officials now say that authorization timelines are down to an average of 14
weeks, citing an embrace of agile development and increased transparency
mechanisms throughout the process.

Agile development is fast becoming the new norm, with 56 percent of
respondents rating the practice as the default approach to more than half
of their IT projects. Just 26 percent said the same a year ago. Respondents
typically cited better software quality, faster delivery times and a belief
that the process helps to better manage changing priorities.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170925/d90f6871/attachment.html>


More information about the BreachExchange mailing list