New research by Tripwire has revealed security professionals working in the federal sector want the government to play a bigger role in securing non-governmental companies.
The research report evaluated actions taken by the federal government to improve cybersecurity in 2021 and was conducted for Tripwire by Dimensional Research. It evaluated the opinions of 306 security professionals, including 103 currently working for a United States federal government agency, with direct responsibility for the security within their organisation.
According to the research, security professionals responsible for critical infrastructure believe that National Institute of Standards and Technology (NIST) standards should not only be improved and strengthened but enforced outside the federal government. This is likely because only 49% of non-governmental organisations surveyed (critical infrastructure and others) have fully adopted NIST standards, yet still identify ransomware as a primary security concern.
Federal security professionals are aligned with this thinking and also believe the government should be doing more to protect its own data and systems (99%). In fact, 24% think they are falling behind when it comes to preparedness to face new threats and breaches, citing lack of both leadership prioritisation and internal expertise and resources as primary reasons.
“It’s clear that organisations – both public and private sector – are seeking further guidance from the federal government,” said Tim Erlin, vice president of strategy at Tripwire. “Generally, long-term enforcement and implementation of cybersecurity policy will take time, but it’s important that agencies lay out a plan and measure execution against that plan to protect our critical infrastructure and beyond.”
When it comes to implementing Zero Trust Architecture, both federal and non-governmental organisations agree this strategy could materially improve cybersecurity outcomes, but only 22% say improvement is highly likely. They also agreed that integrity monitoring is foundational to a successful Zero Trust strategy (50%), or at least somewhat important (43%), but only 22% considered measuring integrity and security posture to be a core tenet of Zero Trust Architecture. Secure communication (44%), limiting individual access (39%), and identifying data sources and computing services as resources (36%) were most commonly identified.
Additionally, the survey examined where organisations track on the path to Zero Trust:
“It’s promising to see progress toward Zero Trust implementation, but lack of focus on integrity is where we fall short,” said Erlin. “Maintaining and understanding the integrity of an organisation’s people, processes and technology is the foundation of strong Zero Trust architecture and should be prioritised as such. Simply put, you can’t have Zero Trust without integrity.”
While hardening systems against ransomware may be a driving force for implementation now, 83% of security pros expect that something worse than ransomware may be coming. Fortunately, both federal and non-governmental organisations have responded to this year’s attacks on critical infrastructure with preventative action – 98% of agencies report progress on executive orders on cybersecurity (half say significant progress), and over 50% of non-government groups have taken specific steps to improve cybersecurity efforts.
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance


You May Also Like

Evil Corp Hacker Group Changes Ransomware Tactics After U.S. Sanctions

The Evil Corp Russian hacker group has reportedly changed its attack tactics…

NPM libraries ‘colors’ and ‘faker’ corrupted

Applications using the open-source libraries ‘colors’ and ‘faker’ have been breaking and…