Employees are the biggest threat to government systems, a new report found.
Knowing that, though, the government still lags behind others in implementing modern cybersecurity defenses, the report said.
This failure to update has led to an increase in breaches: 72 percent of government entities worldwide had their security compromised in 2016, according to the report from Netwrix.
On top of that, only 14 percent of government organizations consider themselves to be well-protected against cyber threats, the report said.
Hackers focus on government agencies because of the sensitive nature of their information, which includes data such as addresses, driver’s license numbers, Social Security numbers, financial data, and healthcare records. They also house information critical to local or national security. Other hackers are interested in gaining access to important infrastructure to damage control systems or disrupt public services, the report said.
The main threat, however, is not quite as elaborate. It is employees.
One hundred percent of IT specialists working for government agencies worldwide said they see employees as the biggest threat to security. In 2016, human error caused security incidents in 57 percent of government entities, and system downtime for 14 percent of them. Additionally, 43 percent of government IT professionals said they investigated security incidents that involved insider misuse.
“All government entities surveyed consider their own employees to pose the biggest threat,” Ryan Brooks, product evangelist at Netwrix, said in a blog post.
Knowing the issues, government organizations have not implemented security governance or risk management within their IT infrastructures, the report found. And 75 percent of respondents said there were no dedicated security personnel in their agencies, leaving compliance and security to be shouldered by IT operations teams alone. As a result, junior and middle IT staff reported a lack of time (57 percent) and lack of budget (54 percent) as the main factors preventing them from taking a stronger security approach. The growing complexity of IT infrastructure (43 percent) and data assets (43 percent) were also factors.
Governments are doing little to modernize cybersecurity practices, the report found: They continue to focus on protecting endpoints (57 percent), corporate mobile devices (50 percent), and on-premises systems (43 percent), even as the threat landscape and modern IT infrastructure has changed. Along those lines, 75 percent of government entities do not have any visibility into BYOD, 67 percent lack insight into shadow IT, and 60 percent have no visibility into their cloud infrastructures, according to the report.