About half of government IT professionals think that regulations make it more difficult to achieve an optimal cybersecurity posture, according to a study released Sept. 18 by SolarWinds.
Fifty-two percent of respondents said that regulations and mandates posed more of a challenge to managing risk. Respondents were twice as likely to feel that the Risk Management Framework posed a challenge to managing risk than to contributing to success. Respondents noted the benefits of other security regulations such as FISMA, NIST Framework for Improving Critical Infrastructure Cybersecurity, DISA STIG, and HIPAA. However, many still think that the regulations add to risk management problems, according to the study.
Fifty-five percent of IT professionals said that NIST’s Cybersecurity Framework has been successful in creating awareness about managing risk. However, 38 percent said that Federal IT professionals don’t fully understand the Framework.
Although 60 percent said that compliance has helped their agency improve its cybersecurity posture, 70 percent said that being compliant with the cybersecurity regulations does not necessarily equate to being secure.
Sixty-six percent of respondents said that IT modernization efforts have created an increase in IT security challenges. Forty-three percent of respondents said that IT modernization efforts have contributed to successful risk management practices, but 34 percent indicate that these efforts have posed more of a challenge. The other 19 percent noted no change. Twenty percent of IT professionals said cloud computing has improved risk management, while 68 percent said that cloud computing is creating a greater challenge or having no effect on an agency’s risk management posture.
Agencies that successfully manage cyber risks within their organizations with IT controls were more likely to say that IT modernization has successfully contributed to their ability to manage risk as part of its overall security posture compared to agencies that rate their IT controls as fair or poor.
“An important message in this year’s report is that government agencies need to develop strong IT controls,” said Joe Kim, executive vice president of engineering and global chief technology officer for SolarWinds. “Agencies that have adopted these practices see more benefits from their technology investments, are better prepared for security threats, and more successful managing risk during modernization projects.”