CEOs Use of Smart Devices Increase Risk of Cyberattack

  • New research finds CEOs are disengaged from cybersecurity policies — 30% are unaware of the volume of attacks on their business and 54% don’t adhere to security teams’ ‘out of office’ security protocol
  • Smart technology puts sensitive information at risk, as CEOs become a major target for hackers and cybercriminals  

SAN JOSE, Calif. – RedSeal, the leader in network cyber risk modeling for hybrid environments, released the results of research that found the lack of CEO-specific security plans, their failure to comply with plans in place and the growing prevalence of unsecure smart devices mean CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks.

The RedSeal research*, which polled senior IT teams up to CIO level, unearthed a number of gaps in cybersecurity protocols and awareness in the C-Suite. Although the research demonstrated that many senior IT professionals have tried to implement CEO-specific cybersecurity plans, more than half (54%) believe their CEO exposes their organization to potential compromise by not following procedure. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

The proliferation of smart devices is a danger to business

With data showing one in five smart devices** have been breached or compromised, along with senior executives who don’t follow cybersecurity measures outside the office, there’s significant risk, or opportunity.

“C-suite executives are ideal targets. They have broad access to their organizations’ network resources yet frequently see themselves as exempt from the inconvenient rules applied to others,” said Dr. Mike Lloyd, CTO of RedSeal. “Combine this with the security lapses prevalent while traveling and in the home, and you have a great opportunity to exploit for commercial or national advantage.”

The risk of cyberattacks is high and business leaders know it. According to the recent Cyber Risk Index (CRI) survey by the Ponemon Institute, “80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year.” It also highlighted a critical gap between data risk and the protection measures businesses have in place noting, “…the ability to securely implement disruptive technologies like mobile, cloud, and IoT devices was a great concern.”

There is global confusion as to how many cyberattacks businesses have experienced in the last 12 months. For example, the UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas RedSeal’s research reports 81% of senior IT professionals in the UK admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organization.

The research also revealed that 42% of companies don’t have a cyber-response plan in place to inform customers of a security breach, and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. The concept of a perfect defense is illusory; in a complex and interdependent world, some attacks are bound to succeed. Organizations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place from June 19 – 27, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

** Atomik Research conducted an online survey on behalf of RedSeal among 2,004 UK consumers aged 18+ between June 19 – 25, 2019. To read a summary, please click here.

CEOs’ Lack of Cyber Awareness Is Exposing UK Business To Major Risk

London, UK – Tuesday 16th July 2019 – The lack of CEO-specific security plans, failure to comply with plans in place and the growing number of unsecure smart devices in the home and places of travel (such as hotels) means that CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks, a new piece of research has revealed today.

The latest survey*, conducted by RedSeal amongst senior IT teams up to CIO level within UK businesses, unearthed a number of gaps in cybersecurity protocols and awareness amongst a CEO audience. Although the research demonstrated that many senior IT professionals have aimed to put CEO-specific cybersecurity plans in place, over half (54%) don’t believe that their CEO follows procedure and are exposing their organisation to potential compromise. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

  • New research reveals that CEOs are disengaged from cybersecurity challenges and are unaware of many of the attacks on their business
  • Many CEOs still aren’t adhering to ‘out of office’ security measures put in place by their security teams
  • Smart technology is putting sensitive company information at risk, as CEOs become a major target for hackers and cybercriminals

The proliferation of smart devices is a danger to UK business

With the ever-changing digital working habits and behaviours of CEOs made possible by innovative mobile and smart technology the research found that cybersecurity measures aren’t being followed outside the traditional workplace — an enormous potential security oversight given 1 in 5 smart devices in the home** have been breached or compromised.

“Smart devices are important because they are new, unproven, and not built with security as a primary goal” said Dr. Mike Lloyd, CTO of RedSeal. “Smart devices compete on convenience and price. Security is usually an after-thought, if it’s addressed at all. Some popular smart devices, like smart speakers, compromise privacy even when working as intended — which is scary when you think about the opportunity this presents to people who want to spy on CEOs for commercial or national advantage. CEOs have wide access to their organisation’s network resources, the authority to look into most areas, and frequently see themselves as exempt from the inconvenient rules applied to others. This makes them ideal targets.”

UK business is also under attack but are we trying to hide it?

There is industry-wide confusion as to how many attacks there have been on UK business in the last 12 months. The UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas this most recent research from RedSeal is showing that, in fact, 81% of senior IT professionals admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organisation.

The research also revealed that 42% of UK companies don’t have a cyber-response plan in place to inform customers of a security breach and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. Perfect defence is illusory; in a complex and interdependent world, some attacks are bound to succeed.  Organisations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

ENDS

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place on 19th-27th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

**A second online survey was conducted by Atomik Research among 2,004 UK consumers aged 18+. The research fieldwork took place on 19th-25th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

RedSeal Launches New Suite of Professional Services to Accelerate Hybrid Network Modeling and Enhance Risk Management

Cybersecurity services increase productivity for resource-constrained security teams

SAN JOSE, Calif. — RedSeal, the leader in network cyber risk modeling for hybrid environments, today introduced a new portfolio of professional services to help customers reduce cyber risk and improve the productivity of their security teams. Organizations in both public and private sectors use the RedSeal platform – which acts as a force multiplier for every security device within a network – to gain critical cyber and business insights. These services expedite deployment, accelerate time-to-value and expand the impact of RedSeal’s platform while offloading burdensome tasks from already overloaded teams.

“Every organization faces either a chronic shortage of skilled cybersecurity personnel or is challenged by managing dozens of security products, or both. This makes it difficult to effectively use the products they have, which ultimately impacts their security posture,” said Ray Rothrock, chairman and CEO of RedSeal. “To address this, our tiered set of services helps customers with everything from speeding the implementation of our platform, to transforming their approach to risk management through managed services.”

The RedSeal platform automates critical cyber risk management functions so organizations can be confident in their approach to managing risk, even within a resource-constrained environment. RedSeal’s services guide customers through the process of leveraging the deep insights contained within the platform, beginning with network discovery and understanding.

“Once you know what you have and can see how everything is connected – across complex cloud and physical environments – then you can use those insights to prioritize and fix areas of risk,” continued Rothrock.

Recognizing that risk management is a continuous process, RedSeal created a professional services portfolio with three main service offerings: Build Project, Run Subscriptions and Managed Subscriptions.

RedSeal Build Project:  This offering accelerates implementation of the RedSeal platform and establishes a baseline network model and associated metrics. Specific deliverables include network device configuration assessment, network access assessment, vulnerability risk prioritization, a built and validated network model, security segmentation and a briefing for the in-house team.

RedSeal Run Subscriptions:  Nearly all RedSeal customers find additional uses for their RedSeal platform as their networks continue to evolve. To help extend the value and further operationalize the platform, RedSeal offers three levels of Run Subscription Services. With each service level, a RedSeal security engineer will work with the organization’s cybersecurity team to deliver assessments and prioritized risk mitigation recommendations.

  • Run Operate Level: The RedSeal security engineer will focus on secure configuration assessments, network model assessments and network access assessments, and transfer that knowledge to the in-house team.
  • Run Accelerate Level: This includes all activities in the Operate level, plus the security engineer addresses security segmentation and compliance monitoring, vulnerability risk prioritization and security change reviews.
  • Run Transform Level: In addition to the Operate and Accelerate activities, the RedSeal security engineer will perform incident investigation, security posture monitoring and strategic security program management.

Managed Subscription Services: For organizations that require additional support, RedSeal’s Managed Subscription Services expand on the selected Run subscription level. In addition to the outcomes customers can expect with Operate, Accelerate or Transform, a RedSeal platform administrator will optimize, upgrade and maintain the platform for the customer.

To meet a customer’s specific needs, RedSeal will also offer customized services, such as integrating the RedSeal platform with existing business process systems or implementing a specific set of best practices.

RedSeal Honored with Eight Awards Across Financial, Government and Cyber Sectors

Accolades include five consecutive years as one of JMP Securities’ “hottest privately-held cybersecurity companies”

SAN JOSE, Calif. — April 24, 2019 — RedSeal today announced that it has won eight awards over the past six months. Its cyber risk modeling and scoring platform is trusted by more than 220 Global 2000 corporations and mission-critical government agencies, including all branches of the U.S. military, as well as power grid companies and the world’s leading financial institutions.

The RedSeal platform provides users with a deep understanding of their complete enterprise data centers, including public cloud, private cloud and physical network environments. This in turn improves an enterprise’s resilience to cyber events.

The following organizations honored RedSeal’s business strategy and the technical excellence of its platform – across the government, cybersecurity and financial sectors.

  • The “2019 Elite 80,” marks RedSeal’s fifth consecutive year on JMP Securities’ “hottest companies” list, which recognizes the most interesting and strategically positioned private companies that have the capability to dominate their respective markets within the cybersecurity, data management and IT infrastructure industries.
  • The Govies: 2019 Government Security Awards honored RedSeal with the gold designation in Network Security, for its excellence in features, innovation, market opportunity, and impact in the security industry.
  • For the third consecutive year, Government Security News’ Homeland Security Awards honored RedSeal’s platform.
    • Platinum for “Best Cyber Operational Risk Intelligence”
    • Platinum for “Best Compliance/Vulnerability Assessment”
  • 2019 InfoSec Awards, hosted by Cyber Defense Magazine, selected RedSeal as the one of the best Infosec solutions in two separate categories:
    • Network Security and Management, for the second year in a row
    • Compliance, a new category in 2019
  • For the second year in a row, RedSeal received TMC’s 2018 Cloud Computing Security Excellence Award for providing exceptional security for cloud applications.
  • American Security Today’s 2018 ASTORS Award, which is considered  one of the preeminent U.S. homeland security awards programs, recognized RedSeal as the “Best Network Security Solution,” for its cutting-edge and forward-thinking approach. This builds on the company’s two ASTOR wins in 2017.

“Our cyber risk modeling platform plays a critical role in helping organizations validate their security posture and accelerate investigation, as well as improve the productivity of their network and security teams,” said Ray Rothrock, chairman and CEO at RedSeal. “Maintaining digital resilience is critical for every organization, regardless of its size. These awards are a direct reflection of our team’s dedication and ingenuity.”

RedSeal Announces Equity Investment from STG Partners

STG expands into cybersecurity space with majority stake in RedSeal, the leader in cyber risk modeling for hybrid environments

SAN JOSE, Calif. – April 10, 2019 – RedSeal, the leader in cyber risk modeling for hybrid environments announced today a growth equity investment from Symphony Technology Group (STG). Funding from the investment will support and accelerate RedSeal’s strong growth and market momentum.

More than 220 Global 2000 corporations and mission-critical government agencies, including all branches of the U.S. military, as well as power grid companies and the world’s most trusted financial institutions, depend on RedSeal. Its award-winning cyber risk modeling platform helps validate an organization’s security posture, accelerate investigation and improve productivity of network and security teams.

STG selected RedSeal because of the company’s innovative approach, proven track record, experienced leadership team, and passionate customer and employee base. Globally, organizations’ cyber terrain is increasingly complex, and they need end-to-end visibility across their network infrastructures to be resilient. Only RedSeal models the entire hybrid data center – including public cloud, private cloud, and physical networks. Its powerful analytics help security teams better prepare for and contain cyber risks within minutes and not days.

“The RedSeal platform is a truly differentiated offering and a must-have for all enterprises, public or private,” said STG Managing Director J.T. Treadwell. “The scale and depth of RedSeal’s modeling and analytic capabilities are unique in the market, and they create meaningful insights to inform and empower today’s overmatched security teams. The force multiplying that customers experience with RedSeal is the definition of using insights and understanding to optimize effort for impact, a vision that STG has pursued in many of our most successful investments. Given this shared mission of using real-time insights at scale to drive impact, RedSeal was a strategic choice for our firm’s first investment into cybersecurity, and we are thrilled to partner with Ray Rothrock and the leadership team to help them accelerate their growth.”

“We have found a growth partner in STG,” said Ray Rothrock, chairman and CEO of RedSeal. “They are aligned with our digital resilience strategy, and the enormous value that understanding your cyber terrain has on driving down your cybersecurity risks and exposure. STG’s collaboration and investment will help us further strengthen our position in the industry, expand and pursue growth opportunities, and drive increasing value to our customers.”

Atlas Technology Group acted as financial advisor and Paul Hastings acted as legal advisor to STG. Wilson, Sonsini Goodrich and Rosati (WSGR) acted as legal advisor to RedSeal.

About RedSeal

RedSeal’s cyber risk modeling platform for hybrid environments is the foundation for enabling enterprises to be resilient to cyber events across public cloud, private cloud and physical network environments. RedSeal helps customers understand their network from the inside out – providing actionable intelligence, situational awareness and a Digital Resilience Score to help enterprises measure and improve their resilience. Government agencies and Global 2000 companies around the world rely on RedSeal to help them validate their overall security posture, accelerate investigation and improve the productivity of their security and network teams. RedSeal is headquartered in San Jose, California. Follow RedSeal on Twitter and LinkedIn.

About STG
STG is the private equity partner for market-leading data, software and analytics companies. The firm brings expertise, flexibility, and resources to build strategic value and unlock the potential of innovative companies. Partnering to build customer-centric, market-winning portfolio companies, STG creates sustainable foundations for growth that bring value to all existing and future stakeholders. The firm is dedicated to transforming and building outstanding technology companies in partnership with world-class management teams. STG’s expansive portfolio has consisted of more than 30 global companies. For more information, please visit www.stgpartners.com.

Business Feel Let Down By UK Government on Cybersecurity

UK Businesses Are Asking the Government to Provide More Support Around Cybersecurity Issues in 2019

LONDON, UK – Monday 10th December, 2018 – Has a sensitive political and business environment in 2018 deflected attention away from security and left UK businesses less prepared for cyberattack? New research* has revealed that UK businesses are looking for greater support from the Government in the ever-growing battle against cybercrime.

According to the latest insights from RedSeal, nearly seven in ten (68%) IT bosses say their business has suffered at least one cyberattack in the past year. Almost a third (31%) also said the government does not offer businesses enough guidance or support on cybersecurity. The data also revealed that one in five (19%) of the UK businesses surveyed had no plan in place to deal with a cyberattack and that 65% of IT teams believe that their senior management needs to pay more attention to cybersecurity in 2019.

This latest research comes just two months after the National Cyber Security Centre’s second annual review where the Chancellor of the Duchy of Lancaster, David Lidington, gave a speech at the National Cyber Security Centre on why cyber security matters. He highlighted that the Government’s latest annual Cyber Security Breaches Survey had also revealed that more needed to be done. It flagged that only 30% of UK businesses have a board member with responsibility for cybersecurity and a small 10% require their suppliers to adhere to any cyber standards. Lidington also said that the Government’s next announcement on their cybersecurity strategy for UK business is planned for some time this month.

Ray Rothrock, CEO of RedSeal and author of the book Digital Resilience commented, “We commissioned this research to explore how prepared businesses are to continue operating during an attack. The number of high profile breaches has meant that 2018 has become the year where businesses are left wondering what more they can do to protect themselves, how to remain resilient, to keep operating and minimise customer damage. Our research highlights the fact that that senior IT bosses want the UK government direct more attention, money and resource to supporting their businesses in the face of cyberattacks.”

RedSeal’s research today, along with high-profile breaches such as the Marriott and British Airways in recent weeks and months, has only highlighted the ever-growing need for more to be done in the fight against cybercrime. Two-thirds (67%) of those that had been attacked in the last year stated that this had resulted in a financial loss, 37% in a loss of customers and nearly half (43%) suffered damage to their reputation.

* An online survey was conducted by Atomik Research among 501 UK IT professionals, Director Level and above. The research fieldwork took place between the 13th and 19th November 2018 Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code.

RedSeal Bolsters Digital Resilience Platform to Deliver Most Comprehensive Model of Enterprise Data Centers

Exclusive new features give enterprises ability to strengthen security posture with greater visibility into and across their cyber terrain

SUNNYVALE, Calif. – November 13, 2018 – RedSeal today announced the latest upgrade to its award-winning network modeling and risk scoring platform, trusted by more than 50 U.S. government agencies and hundreds of Global 2000 companies worldwide. To create the most complete network model possible, RedSeal’s platform now validates policies at the application and networking levels, as well as provides endpoint modeling. These exclusive new capabilities bolster users’ understanding of their complete enterprise data centers, including public cloud, private cloud and physical network environments, which in turn extends an enterprise’s foundation for being resilient to cyber events.

Unprecedented Network Context with Application-Based Policies: Layer 7 Application ID

Large enterprises with Next Generation Firewalls (NGFWs) can now use RedSeal to visualize access and validate policies at the application level (Layer 7), as well as at the networking level (Layers 2, 3 and 4). No other security, network modeling or cyber risk scoring product provides this level of visibility, understanding and validation for an organization’s security posture.

With this kind of visibility within and between their network environments, users can understand and prioritize incidents and vulnerabilities wherever they are. This is a significant new capability because traditional firewall policies are based on the networking level—defined by source, destination, port, and protocol. NGFWs, however, are becoming more prevalent in networks and users can create policies, to be implemented by the firewalls, based on the identities of specific applications or Application IDs. For example, RedSeal can validate a “Deny Skype” policy that has been applied to specific addresses, or across all ports and protocols, further strengthening the user’s security posture.

Expand Picture of Cyber Terrain with Endpoint Information from All Sources

With its capabilities expanding to include endpoint modeling, RedSeal is the only resource that models and consolidates endpoint information from any source. This feature gives RedSeal users the ability to import and store information about their endpoints from multiple sources, including vulnerability scanners, Endpoint Protection and Endpoint Detection Response (EDR) solutions, as well as other applications such as Active Directory.

“A comprehensive understanding of network assets and paths is the foundation of a digital resilience strategy,” said Kurt Van Etten, chief product officer at RedSeal. “With its latest enhancements, RedSeal’s platform is the only product on the market that models Layer 2, 3, 4, and 7 policies and consolidates endpoint information from any source. As a result, RedSeal builds the most complete model available, including public and private clouds, physical assets and endpoint sources. The important new features introduced in our latest product ensure users can confidently validate their security posture, accelerate investigation and improve productivity of network and security teams.

RedSeal Launches Remote Administrator Managed Service to Augment Customers’ Security Teams and Make Network Situational Awareness More Widely Available

SUNNYVALE, Calif., Sept. 10, 2018 — RedSeal, the leader in network modeling and cyber risk scoring, today introduced RedSeal Remote Administrator, a new managed service to augment customers’ security teams, make network situational awareness more widely available, and help customers increase their digital resilience.

Most enterprises have dozens of disparate security products in their environment, each requiring administration and maintenance. At the same time, they face a cybersecurity skills gap: there are not enough qualified people to operate even the products they have.

RedSeal Remote Administrator addresses these issues by becoming an essential part of an organization’s security team.  As part of the service, a dedicated network security engineer will maintain and administer RedSeal’s network modeling and risk scoring platform. Customers will always have a single, up-to-date model of all their network environments – including public cloud, private cloud and physical assets – to validate their security, accelerate their investigation, and improve their productivity.

Specifically, RedSeal will provide Remote Administrator customers with the necessary resources to maintain their deployment, keeping it current and in exceptional working order. This includes a daily cadence of reviewing the network model, ensuring that data collection tasks are working, maintaining the topology map to see that new devices are properly placed, providing scheduled reports, and making certain that the platform is performing as expected.

“Security practitioners need to understand how everything is connected in their networks in order to defend them.  It’s essential for our customers to have an updated and working model so they can continuously improve their security,” said Kurt Van Etten, chief product officer at RedSeal.  “RedSeal Remote Administrator augments an organization’s security team to continuously deliver an accurate model.  The service allows customers to benefit from RedSeal situational awareness—without the need for additional headcount or in-house expertise. They can quickly get the information they need.”

Organizations simply need network access (VPN and Jumpbox) to get started with RedSeal Remote Administrator. The service is available internationally and RedSeal Remote Administrator representatives are on call Monday to Friday during U.S. business hours.

Download our data sheet here.

U.S. Department of Defense Information Network (DoDIN) Supports Digital Resilience by Adding RedSeal Platform to its Approved Products List (APL)

Thorough testing from Joint Interoperability Test Command (JTIC) and DoD Interoperability (IO) certifies RedSeal is secure, trusted and approved to model and monitor U.S. Army, Navy, Air Force, Marine Corps and DISA networks

SUNNYVALE, Calif., June 18, 2018 – RedSeal (www.redseal.net), the leader in network modeling and cyber risk scoring, today announced that the Defense Information Systems Agency (DISA) added its RedSeal platform to the Department of Defense (DoD) Unified Capabilities (UC) Approved Products List (APL). RedSeal is now certified to model and monitor any network within the DoD infrastructure, including those of the U.S. Army, Navy, Air Force, Marine Corps and DISA.

RedSeal’s patented platform models and continuously monitors network infrastructure, providing visibility into network segmentation, as well as a measure of overall resiliency, to deliver risk-based situational awareness. The Joint Interoperability Test Command (JTIC) and the DoD Interoperability (IO) certifying authority issued its approval, confirming RedSeal meets all Common Criteria and FIPS 140-2 certification to achieve its place on the UC APL, the DoD’s master list of secure and approved products for deployment within the DoD’s infrastructure.

Due to the DoD’s extensive criteria – which also includes IA and STIG testing – federal agencies and Global 2000 companies often look to the DoDIN APL for the best technology. Currently, RedSeal is the only certified product that creates a network model from the inside out, including physical assets, as well as those in public and private cloud environments.

This certification stems from a $33.8 million multi-year contract DISA awarded to RedSeal in January 2017, to model and continuously monitor the infrastructure of the Joint Regional Security Stacks (JRSS). This DoD program creates a single, standardized, security architecture, which will eventually support more than 95 percent of the DoD’s network.

“The UC-APC achievement will expedite network, cybersecurity and risk management teams’ efforts to build, operate and verify resilient networks,” said Kimberly Baker, Public Sector SVP and GM for RedSeal. “The UC-APL provides for reciprocity between the services and provides authority to operate (ATO) without continually recertifying, which will accelerate RedSeal’s already significant growth into DoD networks. Our partner community is excited about this achievement, which gives them an unmatched differentiator for their cyber solutions for DoD as well as accelerates procurements.”

The DoDIN APL approval of RedSeal platform as a Cybersecurity Tool is posted on the DoDIN APL site.

More than half of federal IT officials in a new survey say their agencies aren’t keeping pace with evolving cybersecurity threats

A new survey of IT leaders at civilian, defense and intelligence agencies explores how prepared agencies are to continue operating during an attack.

WASHINGTON, D.C.  — Two-thirds of federal IT executives in a new survey say their agencies are moderately-to-highly prepared to withstand a cyberattack and continue to function. But a number of gaps in cybersecurity resilience remain.

Nearly 7 in 10 federal civilian agency IT leaders — and more than half (55 percent) of their defense and intelligence agency counterparts — say their agencies aren’t keeping pace with evolving threats, according to the study.

Though 2 in 3 respondents report their agency “has sufficient tools to identify cyberthreats,” well over half still say their agencies “don’t have all the tools and resources they need in place to respond to cyberthreats,” according to the new study, released by CyberScoop and FedScoop, and underwritten by RedSeal.

The study found about roughly two-thirds of IT officials surveyed say their agency can detect — and more than half say they can respond to — cybersecurity incidents within 12 hours. But tracking “incidents” may belie deeper threats lurking in networks, observed Wayne Lloyd, federal chief technology officer at RedSeal.

The study explored how resilient federal agencies are at withstanding cyberattacks, what tools and activities they rely on most to respond to identify and respond to attacks, and the top investment priorities and concerns of agency officials.

Executives are investing most heavily now in data and network protection tools and threat intelligence, but “they still need help overcoming a talent shortage of cybersecurity professionals,” said Wyatt Kash, SVP of Content Strategy at Scoop News Group, which publishes CyberScoop and FedScoop.

The findings are based on responses from more than 100 prequalified federal agency government IT, cybersecurity and mission, business or program executives. All respondents are involved either in identifying IT and network security requirements, evaluating or deciding on solutions and contractors, allocating budgets, or implementing or maintaining cybersecurity solutions. The study was completed in the first quarter of 2018.

Download the report, Closing the gaps in cybersecurity resilience at U.S. Government agencies,for detailed findings and guidance on how prepared agencies are to continue operating during an attack.

CyberScoop is the leading media brand in the cybersecurity market with more than 350,000 unique monthly visitors and 240,000 daily newsletter subscribers, reporting on news and events impacting technology and top cybersecurity leaders across the U.S.

FedScoop is the leading tech media brand in the federal government market with more than 210,000 unique monthly visitors and 120,000 daily newsletter subscribers, reporting on how top leaders from the White House, federal agencies and the tech industry are using technology to improve government.