State and Federal Government ‘Work From Home’ Rosters Surged 491 Percent During Pandemic, Raising Security Concerns Among Agency Leaders
Osterman Research Survey Further Revealed that Iran Ranked as an Unlikely Election Security Threat; Since Pandemic Started Cyberattacks Increased to an Average of 203 Per Month; Threat Intelligence Emerged as Key Priority; 56 Percent Reported Security Budget Increases
REDWOOD CITY, Calif. — Thursday, Oct. 29 — Anomali, a leader in intelligence-driven cybersecurity solutions, today published the first edition of the Osterman Government Cybersecurity Index. The survey and research report reveals what 297 key security and IT leaders across United States federal and state government agencies are up against as they face the double impact of cybersecurity challenges brought on by the COVID-19 pandemic and the 2020 Election. The index provides information that anyone involved in securing government systems and data can use to improve the efficacy of their security operations as they enter into the days leading into Nov. 3 and continue to face the uncertainty brought on by COVID-19.
Findings showed that since the pandemic began and then leading into election season, there were some considerable shifts among this group’s concerns, working environments and priorities. Among the top findings:
- Prior to the COVID-19, 11 percent of government employees worked from home, since the pandemic started, that percentage jumped to 65 (a 491 percent overall increase). Sixty percent of respondents reported that employees working from home in an insecure manner has become one of their top concerns.
- Sixty-one percent of respondents said that since the pandemic started, not having the right solutions in place to secure data and other assets has become one of their primary worries.
- Misinformation campaigns have skyrocketed as a top concern. Three percent of those surveyed said that prior to the pandemic, these were a serious threat. They are now considered to be a substantial security problem by 17 percent of respondents (a 467 percent overall increase).
- Since the start of the pandemic, concern over some of the most common and damaging threats declined considerably. Worry about phishing dropped 10 percent, concern over insider threats lowered seven percent, fear of hacking went down four percent.
- The number of cyberattacks government agencies are dealing with spiked significantly as have the number of breaches they’re experiencing. In 2019, the average number of threats and attacks government agencies experienced per month was 145. Since the pandemic began, the average jumped to 203, a 40% increase. In 2019, government agencies experienced an average of 112 breaches per month. Since the onset of COVID-19, this number has risen to 180, a 61% increase.
- When asked about the priority level of 13 essential solutions before and after the pandemic started, eight increased in importance by 5 percent or more, including fraud detection and prevention, vulnerability management, application security, threat detection, endpoint protection, secure web gateways, SIEM, and threat intelligence.
- Fifty-six percent of respondents said that since the pandemic started, their security budgets had increased. Thirty-seven percent said they remained the same. Only seven percent said their budgets had decreased.
- Forty-eight percent of respondents said they are “very to extremely” concerned that malicious cyber activities may disrupt state-level election operations next week. When asked which countries were likely to cause trouble, Russia came in at the top (77 percent), China was second (62 percent), followed by Iran (41 percent). It is worth noting that the survey took place prior to the FBI and Office of the DNI announcing that Iran had conducted a malicious, email-based misinformation campaign aimed at voters in Florida.
“Government agencies may be in the middle of the most challenging IT and cyberthreat period they’ve faced. They knew the 2020 Election would test their mettle but never imagined that they’d also be dealing with the pandemic’s long and troublesome tail at the same time,” said Hugh Njemanze, CEO, Anomali. “To help leaders and front-line IT and cybersecurity workers improve their operations while in the midst of this difficult time, we commissioned this research to help them understand the common struggles that they and their peers are up against and how others in the industry are prioritizing security technologies in response.”
“The combination of a pandemic and an election year has significantly heightened the need for better security technologies and protocols in the government space,” noted Michael Osterman, Principal Analyst of Osterman Research. “Nowhere is this more apparent than in the concerns that government decision makers express about potential misinformation campaigns aimed at impacting the election process this year.”
To read the full survey results and analysis, download the Osterman Government Cybersecurity Index
Survey Methodology
Osterman Research polled 297 respondents across federal and state government agencies in the United States. The majority of organizations surveyed are state agencies of various types and sizes. Agencies average 1,130 employees and 1,093 email users, putting them on par with small enterprise organizations. Fifteen percent of respondents are CISOs, 47 percent are IT directors, and 38 percent are security directors.
About Osterman Research
Osterman Research is an industry analysis firm focused on researching and reporting on the technologies and processes that enable communication and collaboration in the workplace. We conduct surveys on a regular basis with decision makers and influencers to understand how organizations manage their cybersecurity, archiving of business information, and protection of information assets. The company was established in 2001 and is based near Bellevue, Washington.
About Anomali
Anomali is the leader in intelligence-driven cybersecurity. More than 1,500 public and private sector organizations rely on Anomali to see and detect threats more quickly, reduce the risk of security breaches, and improve security operations productivity. Anomali solutions serve customers around the world in nearly every major industry vertical, including many of the Global 2000. As an early threat intelligence innovator, Anomali was founded in 2013 and is backed by leading venture firms including GV, Paladin Capital Group, In-Q-Tel, Institutional Venture Partners, and General Catalyst. Learn more at www.anomali.com.