As the budget belts get tightened, CISOs across the country who are charged with protecting vital state-operated networks are expressing a lack of confidence regarding their ability to safeguard data repositories in the face of ever more sophisticated external threats, a new study reveals.
According to the 2012 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study, less than one-in-four state CISOs believe they are prepared to adequately protect citizens’ personally identifiable information (PII).
The survey included respondents from 48 states and two US territories, and reveals that budgetary constraints topped the list of concerns, with 86% of CISOs indicating that they do not have access to enough resources to securely administer systems, and a serious shortage of information security professionals in the workforce was cited as one of the top five barriers to improving cybersecurity efforts.
States are known to store vast amounts of sensitive personal data on citizens ranging from tax and health-related information to voter registration details, making them high value targets for hackers. CISOs are increasingly wary of the evolution of advanced cyber attack methodologies, and maintaining the trust of citizens in the face of these threats is cited as a major concern for CISOs surveyed in the study.
“Through the programs and services they deliver states have become enormous repositories of citizen data. As such, the privacy of individual citizens is contingent on adequate IT safeguards Citizen trust in government is severely impacted when the data is compromised and hence it is not just an information technology issue, but an issue that could adversely impact elected officials and the credibility of governments," said Deloitte Srini Subramanian in a press release for the study.
The study also looked to measure the respondents' forecasts for top level threats to be addressed in 2013 which are expected to have the biggest effect on cybersecurity, which include:
- phishing, pharming and other related variants
- social engineering
- increasing sophistication and proliferation of threats, such as viruses and worms
- mobile devices
The findings in the study led the researchers to recommend state CISOs work on building "a network of business stakeholder advocates across state government offices and agencies" in an effort to obtain "an increased rate of budget support for cyber security initiatives," according to the report.
“Particularly in a time of aggressive threats, tight budgets and gaps in compliance, it’s critical that CIOs and CISOs work collaboratively with state policy-makers and agency leadership in an effort to reduce risks and better protect citizen data," said NASCIO's Executive Director Doug Robinson.
The complete finding for the study can be found in PDF format here.