More than half of agency IT officials worry about cyberattacks from endpoint devices. However, many aren’t taking advantage of technology they may already have to reduce their risks, according to a new CyberScoop/FedScoop study launched today, “Closing the Gaps in Federal Endpoint Security.”
Underwritten by Samsung, this study looks at what matters most to federal CIOs and IT leaders when it comes to securing endpoint devices that access their networks — and where the key gaps remain. Some of the most interesting findings that caught my eye reveal:
Top priorities: Preventing breaches via endpoints — and improving the time it takes to identify and recover systems when security incidents occur — top the list of mobile security priorities over the next 12 to 18 months.
Top concerns: Securing government-issued devices, addressing network and endpoint attacks and meeting security mandates are chief concerns over the next 12 to 18 months.
Top needs: Agencies need the ability to centrally manage and configure mobile devices — and remotely lock down devices and recover data if a breach occurs. They also need greater guidance on emerging security threats, meeting federal mandates and technical support for securing devices.
We hope this data will shed new light on the endpoint challenges and opportunities that persist in both civilian and defense agencies. We also want to show agencies that there is a viable path that balances IT leaders’ needs to protect mission-critical data, without sacrificing user experience and the vast benefits of mobility.
The report also revives concerns about the need to equip agencies so they can handle the evolving nature of endpoint security, especially in the face of newer threats introduced by the Internet of Things (IoT). Emerging endpoints in the form of tanks, fighter jets and other sensor-equipped devices now have the potential to open up backdoor vulnerabilities that could compromise national assets like drones and weapons systems.
Standards and policies — like the Senate’s Internet of Things (IoT) Cybersecurity Improvement Act of 2017 and NIST’s ongoing work with its cybersecurity framework — must continue to evolve alongside technological advancements to ensure agencies can keep pace with change and a growing threat surface area. We hope this data continues to fuel industry dialogue on best practices and approaches for thwarting cyberattacks from sophisticated and relentless adversaries.