A new cybersecurity report has claimed that the government sector is way behind others in implementing modern cybersecurity protocols and defenses, leading to an increase in data breaches targeting government servers.
According to security firm Netwrix’s new report, the failure to implement and upgrade cybersecurity defenses by the government has seen a staggering 72% of its entities compromised worldwide in 2016. Government agencies are, unsurprisingly, targeted by hackers due to the troves of sensitive information they store. They include citizens’ personal data including addresses, social security numbers, healthcare records, driver’s license numbers and more. Hackers also target critical government infrastructure to disrupt public services and damage control systems.
Despite all of the above threats, government IT specialists and agencies point to their own employees as their greatest threat.
“All government entities surveyed consider their own employees to pose the biggest threat. It is interesting how the loudest headlines (state-sponsored attacks carried out by hackers, for example) don’t always correspond with the respondents’ perceptions and priorities,” the report reveals.
The reason for the distrust is telling. Government employees surveyed revealed that some 57% of security incidents in 2016 were due to human errors. Further, 43% of government organizations admitted that they were forced to investigate security incidents that involved insider misuse.
The report also found that a majority of government entities had not implemented any risk management or security governance within their IT infrastructures. A further 75% of respondents revealed there were no dedicated cybersecurity personnel within their agencies. The compliance and security work was instead taken over by IT operations. Tellingly, both junior and middle-level IT staff reported a lack of time (57%) and a lack of budget (54% of those polled) as the primary factors keeping them from enforcing a better security plan. They also cited the growing complexity of IT infrastructure (43%) and data assets (43%) as factors.
The general conclusion we can draw is that government agencies need to start approaching IT risk from the top down: Senior management must get more deeply involved and fund cyber-security initiatives,” wrote Ryan Brooks, product evangelist at Netwrix. “Otherwise, their IT teams will not have the visibility required to maintain stable IT operations, comply with regulatory requirements and identify ongoing security threats, let alone proactive risk mitigation.”
Image credit: Pexels.