Cyber SecurityGovernance

Netwrix warns that employees are biggest threat to cybersecurity

Only 14% of government organizations consider themselves to be well-protected against cyber threats.

The government sector lags behind others in implementing modern cybersecurity defenses, according to a new report from security firm Netwrix. This failure to update has led to an increase in breaches: 72% of government entities worldwide had their security compromised in 2016, the report found.

In 2016, human error caused security incidents in 57% of government entities, and system downtime for 14% of them. Additionally, 43% of government IT professionals said they investigated security incidents that involved insider misuse

Government agencies become easiest magnets to be targeted by hackers due to the sensitive information they store, including citizens’ data (such as addresses, driver’s license numbers, Social Security numbers, financial data, and healthcare records).

“All government entities surveyed consider their own employees to pose the biggest threat,” wrote Ryan Brooks, product evangelist at Netwrix, in a blog post about the findings. “It is interesting how the loudest headlines (state-sponsored attacks carried out by hackers, for example) don’t always correspond with the respondents’ perceptions and priorities.”

Governments have also been blamed for doing little to modernize cybersecurity practices by the report: They continue to focus on protecting endpoints (57%), corporate mobile devices (50%), and on-premises systems (43%), even as the threat landscape and modern IT infrastructure has changed. For example 75% of government entities do not have any visibility into BYOD, 67% lack insight into shadow IT, and 60% have no visibility into their cloud infrastructures, according to the report.

“The general conclusion we can draw is that government agencies need to start approaching IT risk from the top down: Senior management must get more deeply involved and fund cyber-security initiatives,” Brooks wrote. “Otherwise, their IT teams will not have the visibility required to maintain stable IT operations, comply with regulatory requirements and identify ongoing security threats, let alone proactive risk mitigation.”

Top Takeaways?

  • 72% of government entities worldwide had their security compromised in 2016. -Netwrix, 2017
  • Only 14% of government organizations consider themselves to be well-protected against cyber threats. -Netwrix, 2017
  • 100% of IT specialists working for government agencies worldwide said employees are the biggest threat to security. -Netwrix, 2017

Full Netwrix Report