The government appears to be lagging behind the private sector in preparing for cybersecurity threats.
Recently released results from a January survey from the cybersecurity firm Netwrix help to illustrate just how wide the gap is. The survey, conducted annually with respondents around the world, found an increasing number of businesses, organizations and governments of all sizes are putting more resources toward cybersecurity.
The responses from government IT workers were significantly different from the results as a whole*:
100 percent of government respondents said employees were the biggest cyber-risk, compared with 66 percent of all respondents. 75 percent of government respondents said their organizations lacked dedicated information security personnel versus 65 percent overall. 14 percent of government respondents consider themselves “well prepared” for IT risks compared with 26 percent overall. In recent years, cybersecurity has jumped to the forefront of state and local government IT conversations. Ransomware, data breaches and denial of service attacks have all stirred up concerns for public systems that carry sensitive information. The most recent surveys from the Center for Digital Government* show that cybersecurity is the No. 1 priority for state and county CIOs. In one survey, 93 percent of state CIOs said they needed more cybersecurity workers.
The emphasis on employees as a cybersecurity risk is telling. Phishing and spearphishing, which typically takes the form of hackers gaining access to protected systems by fooling an organization’s employees into clicking on a link or opening an email attachment, is a large attack vector for government. It’s been implicated in numerous hacks at the federal level and lower, and it’s particularly hard to address because it can happen with any employee — and government entities have plenty of employees. Recent research from the cybersecurity company Symantec suggests that phishing attacks are growing in popularity.
When it comes to dedicated security personnel, many times security is “baked in” when government IT offices buy a solution or outsource. And increasingly, government technology vendors are offering their products on a software-as-a-service basis, meaning it’s hosted in the cloud. And some of the biggest cloud infrastructure providers on the market are certified for FedRAMP, a stringent set of security protocols that clears a cloud vendor to offer services to federal agencies.
*The survey's "overall" statistics reflect responses from all survey participants, which includes government. Government respondents made up 10 percent of the survey's participants. And the Center for Digital Government is part of e.Republic, Government Technology's parent company.