Nearly half of infosec specialists working in the public sector believe cyber attackers will breach their networks “each and every time that they try”, according to new research.
A global survey carried out on behalf of CyberArk – an Israeli cyber security company which has its origins in the nation’s famed military cyber ops Unit 8200 – has revealed that 43% of cyber security professionals working in public sector organisations think attackers can easily penetrate their networks.
The research – carried out among 1,000 IT security decision makers and C-level executives in the US, UK, France, Germany, Israel, Singapore and Australia – reveals that 69% admit that their organisation is susceptible to a carefully-crafted attack, like a tailored phishing email to a senior individual.
Among the findings of the survey, conducted on the organisation’s behalf by Vanson Bourne, was that 47% of respondents reported to having had experienced a cyber attack ‘which impacted the business in the past three years’.
And 78% of public sector respondents said that their organisation ‘prioritised’ cyber security as an important investment for the business.
The top threat actors identified by the respondents in the survey were as follows (comparative data in brackets):
- Hackers – 73% (UK 74% / Global 78%)
- Organised crime – 47% (UK 57% / Global 46%)
- Hacktivists – 47% (UK 46% / Global 46%)
- Privileged insiders – 46% (UK 42% / Global 38%)
Privileged access security was highlighted in the report as a key area for the safe and secure management of all data, with 81% of respondents stating that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured. In terms of those protective measures, relatively few organisations had a privileged access strategy in place for areas like business critical applications (45%), Cloud infrastructure (43%), DevOps (28%) and IoT (32%).
“Organizations are showing increasing understanding of the importance of mitigation along the cyber kill chain and why preventing credential creep and lateral movement is critical to security,” said Adam Bosnian, executive vice president, global business development, CyberArk.
“But this awareness must extend to consistently implementing proactive cybersecurity strategies across all modern infrastructure and applications, specifically reducing privilege-related risk in order to recognize tangible business value from digital transformation initiatives.”
In terms of compliance, 42% of public sector organisations haven’t always fully informed customers when their sensitive data has been compromised as a result of a cyber attack.
Furthermore, 43% of public sector organisations would be willing to pay fines for non-compliance with major regulations, but would not change security policies even after experiencing a successful cyber attack.
The report found that the public sector is the least prepared for data breach notification compliance of all sectors and in terms of GDPR, 43% say they are completely prepared for breach notification and investigation within the mandated 72-hour period.
To register for a copy of the report visit here.