Cybersecurity Study. [REPORT]
September 24, 2012
Less than one quarter (24 percent)2 of chief information security officers (CISOs) are very confident in their states’ ability to guard data against external threats, according to the just-released 2012 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study.
Moreover, while some threats to state information technology (IT) security diminished since 2010, the increasing sophistication of cyber-attacks presented a new set of challenges to state officials tasked with safeguarding citizens’ personally identifiable information (PII). The second biennial Deloitte-NASCIO Cybersecurity survey assessed the security of all state digital data and cyber assets administered by CISOs.
“Through the programs and services they deliver states have become enormous repositories of citizen data. As such, the privacy of individual citizens is contingent on adequate IT safeguards,” said Srini Subramanian, principal, Deloitte & Touche LLP and leader of its security and privacy practice to state governments. “Citizen trust in government is severely impacted when the data is compromised and hence it is not just an information technology issue, but an issue that could adversely impact elected officials and the credibility of governments.”
The survey results call for a greater collaboration among state CIOs/CISOs and business/program leadership of the executive branch agencies and elected officials.
“The biennial Deloitte-NASCIO CISO Cybersecurity survey has become a key element in NASCIO’s advocacy focused on improving states IT security programs,” said Doug Robinson, NASCIO Executive Director. “Particularly in a time of aggressive threats, tight budgets and gaps in compliance, it’s critical that CIOs and CISOs work collaboratively with state policy-makers and agency leadership in an effort to reduce risks and better protect citizen data.”
Key findings of the 2012 Deloitte-NASCIO Cybersecurity Study included:
Budget a continued problem: More than four out of five (86 percent) CISOs reported that insufficient funding posed the most significant barrier to addressing cyber security issues at the state level.
Shortage of IT talent: The inadequate availability of cyber security professionals ranked among the top five barriers to addressing cyber security.
New officials, same challenges: Despite the significant rate of turnover since the initial survey (31 new state CIOs and 22 new state CISOs since 2010), the challenges reported in the survey are remarkably similar, highlighting ongoing issues within state offices of information technology.
State officials value a security agenda: A parallel survey targeting a limited cross-section of state business and elected officials shows that cyber security is indeed on their radar – 92 percent of respondents ranked cyber security as “most important” or “very important.”
Budget hurdles demand business partnerships
Elaborate and sophisticated threats receive the headlines and keep CISOs up at night – more than half (52 percent) listed increasingly sophisticated threats as a barrier to addressing cybersecurity – but a lack of resources remains the primary concern cited by respondents.
Based on the findings, one of the recommendations provided by Deloitte and NASCIO is for CISOs to develop a network of business stakeholder advocates across state government offices and agencies. When CISOs communicate strategies and report on risks, progress and results to business stakeholders within government, there is a potential for an increased rate of budget support for cyber security initiatives.
“There’s never been a better opportunity for CISOs to partner with business stakeholders—and advocate jointly for increases in cybersecurity budgets through well-articulated strategies, measures, and outcomes,” Subramanian added.
Mobile devices rank among top threats
Fast-forwarding to 2013, the top four threats anticipated by CISOs to have the greatest impact on state governments include: (1) phishing, pharming and other related variants; (2) social engineering; (3) increasing sophistication and proliferation of threats, such as viruses and worms; and (4) mobile devices.
“In this report, we propose a set of strategic action items for states, in addition to helping build a compelling business case based on survey findings,” said Subramanian. “CIOs and CISOs are encouraged to use these recommendations to build greater awareness and support at each level of state government. We hope this document is a catalyst for CIOs/CISOs and their state official partners to drive their mutual cybersecurity initiatives to even greater success.”
To download report CLICK on link below;
http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/AERS/us_aers_nascio%20Cybersecurity%20Study_10192012.pdf>
