A survey from cybersecurity firm Netwrix revealed that the public sector is extremely concerned about a variety of cyberattacks. Nearly 88% of government enterprises said that cloud misconfiguration is a top security threat, while only 25% said it was critical before the pandemic. It is found that 11% of security incidents reported during the first three months of the pandemic were caused due to cloud misconfigurations.
When asked about other attack vectors, 98% of respondents said they are concerned about supply chain compromise at present; 95% named VPN exploitation as a major threat, and 82% cited credential stuffing attacks. In addition, most incidents during this time include the human factor (53%) and 18% of respondents reported insecure sharing of sensitive data. Improper data sharing becomes a challenge for most government organizations, with organizations taking days (42%), weeks (32%), or even months (21%) to detect it.
- 29% of government agencies feel that they are at greater security risk now than they were before the pandemic. 86% of them are worried about stronger or more frequent cyberattacks, which is the highest percentage among all the verticals studied in the report.
- Concern about VPN exploitation grew from 10% pre-pandemic to 95% now.
- 26% of government agencies reported experiencing ransomware or other malware.
- 6% experienced data theft by employees. None were able to spot it in minutes and only 5% were able to flag the incident in hours. The rest (95%) required days, weeks, or months.
“Government agencies should focus their cybersecurity efforts on mitigating the insider threat, especially when many employees and contractors are accessing the networks remotely. Organizations must ensure that every user understands basic cybersecurity rules and completes security training on a regular schedule. IT teams should look for solutions to speed threat detection and streamline incident investigation. In addition, they should follow proven security best practices like network segmentation, privilege attestation, continuous auditing for malicious activity across data repositories, and alerting on suspicious activity and changes,” said Ilia Sotnikov, VP of Product Management at Netwrix.
Complete the Endpoint Security Survey and win lots of amazing goodies!