Government IT Struggles to Pinpoint Cyber-Threats

Government organizations are collecting more cyber-security data than ever before, and many struggle to manage and analyze it all.

it security and meritalk

Government cyber-security professionals estimate that cyber-threats exist on their networks for an average of 16 days before they are detected—hiding in plain sight, according to results of a MeriTalk survey of 302 government cyber-security professionals from federal, state and local agencies.

The silver lining from the survey was the revelation that 86 percent of respondents feel big data analytics will improve cyber-security—but just 28 percent are currently fully leveraging big data for security purposes.

Nine out of 10 respondents say they cannot tell a "complete story" with the cyber-security data they receive. As a result, more than three-quarters (76 percent) of cyber-security professionals say their security team often reacts rather than act proactively.

Government organizations are collecting more cyber-security data than ever before and many struggle to manage and analyze it all. Sixty-eight percent say their organizations are overwhelmed by the volume of security data they’re collecting.

A whopping 78 percent say at least some of their security data goes unanalyzed due to a lack of time or skill. While 70 percent of cyber-security pros say their organization can monitor streams of cyber-security data in real time, fewer can analyze the data.

A little more than half (53 percent) of agencies surveyed said their security data analytics capabilities include statistical analysis; 47 percent had user activity context analysis, and 46 percent had the ability to watch for illogical data patterns.

Forty-four percent could complete personal activity comparative analysis, and just one-third of respondents had the ability to apply logic to data collected. While 76 percent said they believe their cyber-security team is often reactive instead of proactive, 92 percent are working to improve cyber-security, with nearly two-thirds (65 percent) investing in or upgrading their existing security technologies.

Just over half (51 percent) said they are deploying network analysis and visibility solutions; exactly half said they are investing in advanced skills training for current security personnel, and 31 percent are hiring additional security personnel.

Although 70 percent of agencies said they are able to conduct a root-cause analysis to better understand why a cyber-security incident occurs, the root-cause analysis is successful only 49 percent of the time. This indicates that IT workers are not confident in their abilities to respond quickly and effectively to threats once they are identified.

The report encouraged government IT leaders to rethink data management and push for a proactive approach by leveraging predictive analytics. The study also encouraged IT leaders to promote big data analytics benefits to management for support, training, and funding.