US: Biggest threats to citizen data identified

TRAVERSE CITY,USA: E-Government initiatives aimed at modernizing federal information systems are fraught with risk, according to a new study sponsored by CA, Inc. and conducted by the Ponemon Institute, Cyber Security Mega Trends: Study of IT leaders in the U.S. federal government.

Released today at CA's IT Government Expo, the Cyber Security Mega Trends study surveyed 217 senior-level IT executives employed by various U.S. federal agencies to identify significant areas of risk to information security associated with government efforts to adopt new technologies such as cloud computing, virtualization, mobile devices, and Web 2.0 tools such as collaboration and social networking applications, blogs and wikis.

According to government IT executives, the most significant threats to confidential data, proprietary government systems, and the nation's critical infrastructure are as follows:

•79 percent of respondents see the rise in the use of collaboration tools as significantly increasing the storage of unstructured data sources that contain confidential or sensitive information that is not adequately protected or secured.

•71 percent of respondents believe that cyber terrorism is on the rise and this trend poses a very serious threat to the protection of proprietary systems as well as our nation's critical infrastructure.

•63 percent see the mobility of the government workforce as contributing significantly to endpoint security risks as a result of a plethora of insecure mobile data-bearing devices that are susceptible to malware infections and botnet attacks.

•52 percent of respondents say that Web 2.0 applications such as social networking, social messaging, blogging and wikis contribute to the leakage of confidential or sensitive information as well as the susceptibility to malware and botnet attacks.

Other mega trends that exacerbate security risks in the U.S. federal government according to government IT executives include: a continued rash of data breach incidents (40 percent), virtualization technologies (44 percent), rise in the usage of cloud computing resources and applications (39 percent), outsourcing to third-parties (34 percent), and use of open source applications (18 percent).

Thirty-five percent of respondents said their department's networks had been victimized by an unauthorized infiltrator one or more times over the past 12 months. Another 38 percent of respondents were unsure about possible unauthorized intrusions.

In addition to the above, respondents to the survey reported that the targets representing the most serious threats to data security were wireless devices (57 percent), endpoints (35 percent), networks (29 percent), databases (25 percent), applications (12 percent), paper documents (11 percent), and off-line devices (6 percent).

"Many federal agencies are moving to take advantage of the efficiencies made possible by today's technological innovations in order to save time and money, but those improvements must not be made without consideration to the threats to information security," said Larry Ponemon, chairman and founder, Ponemon Institute. "Federal systems and networks are already being targeted by cyber criminals who recognize that government agencies can be treasure troves for valuable personally identifiable information. In order to maintain the public trust, information security must be integral to any updates, and not an afterthought."

"With the increased awareness and recognition of cyber security threats to our country, agencies at all levels of government are making security a top priority as they engage in initiatives to streamline processes and provide more efficient and convenient constituent services," said Dave Hansen, corporate senior vice president and general manager, CA Security Management. "CA is working closely with our government customers and partners as we help them improve service to citizens, reduce cost of operations, and enhance the security of our critical infrastructure."