Survey: Foreign States Considered Bigger IT Security Threat Than Ever

• By Kristal Kuykendall
• 05/09/23

A new survey of public sector IT professionals conducted in January by independent research firm Market Connections found that careless or untrained insiders remains the top-ranked threat to higher education institutions’ network security, while the threat of malicious attacks by foreign governments is considered a bigger threat than in years past, according to the survey results.

The eighth edition of the Public Sector Cybersecurity Survey Report released today details the results of the survey, conducted on behalf of IT security provider SolarWinds; the survey polled 400 IT operations and security decision-makers, including 100 education practitioners, according to a news release.

“The threat foreign governments pose to the security of government IT systems has steadily increased throughout the years,'' said SolarWinds’ Brandon Shopp. “However, it is reassuring to see this year’s data showing public sector organizations continue to recognize top security threats, adopt zero trust strategies, and seek vendor attestations and SBOMs to better secure the software supply chain — all of which are crucial to maintaining a high standard of security across federal and state government, as well as in the education and defense sectors.”

Key Findings: Current Security Threats 

• Careless/untrained insiders were ranked as the top threat by 58% of respondents; close behind were foreign governments (56%) and the general hacking community (52%). In 2021 — the last year this survey was conducted — the general hacking community ranked first.

• 13% of higher education respondents said their organization has been impacted by ransomware in the last 12 months.

• Education respondents were the least concerned about the threat of a ransomware attack when compared to other public sector respondents, with 26% of education respondents ranking ransomware as a top concern while 32% of federal government respondents ranked ransomware as a top threat and 42% of state and local government respondents saying the same.

• Education respondents were significantly more likely to rank worm (23%) and mobile trojans (21%) as a threat than state and local and federal government respondents.

• 65% of higher education respondents reported that their organizations were impacted by spam in the past 12 months.

Key Findings: IT Complexity

• IT complexity (27%) surpassed budget constraints as the “most significant obstacle” in hardening their cybersecurity posture as identified by respondents.

• 66% of respondents said their IT environment is “extremely/very complex to manage,” and only 5% of respondents reported that they feel “extremely confident” in their ability to manage their environments.

• 58% of higher education respondents said they are “moderately confident” in their organization’s ability to manage its IT environment; 33% said they are “very confident.”

• The education sector showed the largest increase in IT complexity, with 33% of education respondents reporting increasingly complex IT environments — about three times more than education respondents in the 2021 survey.

• Education respondents were the least likely to be confident in their ability to manage their IT environment at 42%.

• 52% of education respondents said they “lack visibility across their IT environments” and 53% of education respondents said they lack visibility across teams.

Key Findings: Zero Trust

• 92% of education respondents said it’s “very or somewhat important” to implement a zero-trust approach, an increase of 10% over 2021 and the highest among all public sector groups.

• 33% of higher education respondents shared that their organization is following the DoD zero trust strategy and roadmap — which was the leading response for higher education respondents, SolarWinds’ report said.

“This year’s data highlights the increasing need for continued partnership between the public and private sectors,” said SolarWinds CISO and Vice President Tim Brown. “If we continue to work together to assess top threats, secure IT environments, arm IT teams with the appropriate defenses, and implement formal strategies like zero trust, public sector organizations will be better positioned to continue mission-critical activities without interruption.”

Learn more at SolarWinds.com or download the full survey results.