IT security provider Netwrix Corp. of Irvine, Calif. recently published its assessment of the top cyber risks in government.
The company found that the main threat comes from within.
All government entities surveyed named their own employees as the biggest cyber risk. “The main reason is bad experiences. In 2016, human errors caused security incidents in 57 percent of government entities,” the authors note.
“In addition, 43 percent of organizations admitted they had to investigate security incidents that involved insider misuse,” the authors found. Fourteen percent of all system downtime was found to have been caused by accidental or incorrect user activity.
This aligns with findings in industry, such as SANS’s recently released 2017 Threat Landscape Survey, which names phishing and ransomware as among the top threats. Both these exploits are commonly triggered by employees opening infected attachments or otherwise mishandling emails.
The employee threat is compounded by a lack of sufficient resources. About three-quarters of respondents said their organizations lack dedicated security personnel. As a result, security compliance falls on the shoulders of IT operational teams, the majority of whom say they have not implemented security governance or risk management within their IT infrastructures.
In fact, a majority of junior and middle IT staff complained about a shortage of resources, with 57 percent saying they lacked the time and 54 percent saying they lacked the budget to take a more serious approach to security.
Given this paucity of time and money, researchers write that they were not surprised to find government security implementations lacking. Rather than focus on an emerging and proactive threat, 57 percent of those surveyed said they still focus on defending endpoints; half have their emphasis on corporate mobile devices; and 43 percent are busy defending on-premise systems, “even as the threat landscape and the modern IT infrastructure has changed.”
This combination of insider threat and insufficient resourcing is worsened by a continued threat from bad actors outside government. “We know that cyberattacks are becoming more sophisticated and intense. We also know that some attackers are very interested in the sensitive data stored by government agencies,” Netwrix notes.
Citizens’ data – including Social Security numbers, financial data, healthcare records and other information – presents a tempting target to some, while others “are more interested in gaining access to critical infrastructures in order to damage control systems or disrupt public services,” the authors note.
As a result of these diverse factors, “[g]overnment entities are lagging behind in understanding what is happening beyond the traditional perimeter. The majority of respondents have zero visibility into BYOD, shadow IT and cloud systems,” the authors warn. They urge senior management in government agencies to become more engaged in IT as a critical first step in improving security.