105 senior IT professionals working for federal agencies were asked about their computing infrastructure, security, breaches and IT modernisation. The findings revealed that an overwhelming majority of Federal IT managers (81 percent) say aging IT infrastructures have a somewhat to extremely large impact on their cyber security risk. Further, three of five (61 percent) say aging infrastructure is a roadblock to achieving federal cyber security mandate compliance.

Beyondtrust say that they found various examples of aging infrastructure in their survey. For example, a surprising 47 percent of Federal agencies still use Windows XP, driving a third of respondents (35 percent) to report that this kind of aging infrastructure had a somewhat to large impact on their ability to affect vulnerability patching.

However, the impacts of an aging federal infrastructure do not stop there, the survey showed that amongst others the biggest impacts include inefficiency, increased cyber risk and problems with compliance.  And specific to cyber-security, the top impacts of an aging infrastructure are difficulty with patching, password management and privileged account management (PAM).

An aging infrastructure is not just a problem in theory; aging infrastructure makes federal systems more vulnerable to attack, which has led to an environment that could be rife for breaches.  For example Beyondtrust found that 42 percent of their respondents had experienced a data breach within the past 6 months, and a staggering one in eight has experienced a data breach within the past 30 days, with the cost of a typical data breach being around $91,000.

The Beyondtrust 2017 US federal government study points to four best practices that any agency can implement.  Firstly, manage privileged credentials with greater discipline, eliminate administrator rights and enforce least privilege.  Thirty percent of respondents believed that insider threats pose a significant threat and 35 percent believe their users have more privileges than are required. 

Secondly isolate legacy systems to reduce attack surfaces. The modernisation of federal IT infrastructure was a priority for most survey respondents, but realistically this will not happen quickly and so reducing the attack surface would help to reduce attacks in the meantime.  Improve the maturity of vulnerability management through automated patching. Even in today’s sophisticated threat landscape, the majority of attacks target known vulnerabilities that can be easily patched. Effective patch management goes a long way in reducing a network’s overall attack surface. 

And finally, unite threat intelligence from multiple sources to better prioritise risks across the environment.  Since the asset risk-to-user privilege risk pattern is a common attack vector, deploy solutions that correlate asset-based risk with user-based activity to gain a more complete picture of risks, gaining needed prioritization of the most impactful risks.

“The federal government is moving to modernise its aging infrastructure,” said Kevin Hickey, President and CEO at Beyondtrust. “But that takes time, and in the meantime, federal systems face a real risk. These are simple steps IT can take today to help mitigate that risk.”