Nearly half of public sector infosec specialists say hackers will get into their networks ‘each and every time they try’
Nearly half of infosec specialists working in the public sector believe cyber attackers will breach their networks “each and every time that they try”, according to new research.
A global survey carried out on behalf of CyberArk – an Israeli cyber security company which has its origins in the nation’s famed military cyber ops Unit 8200 – has revealed that 43% of cyber security professionals working in public sector organisations think attackers can easily penetrate their networks.
The research – carried out among 1,000 IT security decision makers and C-level executives in the US, UK, France, Germany, Israel, Singapore and Australia – reveals that 69% admit that their organisation is susceptible to a carefully-crafted attack, like a tailored phishing email to a senior individual.
Among the findings of the survey, conducted on the organisation’s behalf by Vanson Bourne, was that 47% of respondents reported to having had experienced a cyber attack ‘which impacted the business in the past three years’.
And 78% of public sector respondents said that their organisation ‘prioritised’ cyber security as an important investment for the business.
The top threat actors identified by the respondents in the survey were as follows (comparative data in brackets):
-Hackers – 73% (UK 74% / Global 78%)
-Organised crime – 47% (UK 57% / Global 46%)
-Hacktivists – 47% (UK 46% / Global 46%)
-Privileged insiders – 46% (UK 42% / Global 38%)
Privileged access security was highlighted in the report as a key area for the safe and secure management of all data, with 81% of respondents stating that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured. In terms of those protective measures, relatively few organisations had a privileged access strategy in place for areas like business critical applications (45%), Cloud infrastructure (43%), DevOps (28%) and IoT (32%).
“Organizations are showing increasing understanding of the importance of mitigation along the cyber kill chain and why preventing credential creep and lateral movement is critical to security,” said Adam Bosnian, executive vice president, global business development, CyberArk.
“But this awareness must extend to consistently implementing proactive cybersecurity strategies across all modern infrastructure and applications, specifically reducing privilege-related risk in order to recognize tangible business value from digital transformation initiatives.”
In terms of compliance, 42% of public sector organisations haven’t always fully informed customers when their sensitive data has been compromised as a result of a cyber attack.
Furthermore, 43% of public sector organisations would be willing to pay fines for non-compliance with major regulations, but would not change security policies even after experiencing a successful cyber attack.
The report found that the public sector is the least prepared for data breach notification compliance of all sectors and in terms of GDPR, 43% say they are completely prepared for breach notification and investigation within the mandated 72-hour period.
To register for a copy of the report visit here.
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…
Look anywhere – the future is ‘aged tech’. But Scotland needs to be more adventurous
Scottish Care, as the representative body of independent social care providers of care home, care at home and housing support services, has been working over several years with colleagues in…
Women Lead: Engineer turned entrepreneur
We are always fascinated by other people’s stories. It’s how we connect, grow and learn from each other. Until very recently I always felt like I didn’t have a story to tell. Who…
‘Women – together we will change the dynamic in tech’
I was inspired to start a career in technology when personal computers were in their infancy and the internet decades away. My childhood dream of becoming a scientist was shaped by…
It’s time to change the future of tech apprenticeships – and we need your help
In his latest exclusive column for Futurescot, Ross Tuffee, chair of the Skills Development Scotland (SDS) Digital Economy Skills Group, calls on tech employers to get involved in shaping the…
What AI difference a year makes
Amazingly, it’s been one year since the publication of Scotland’s AI Strategy. And what a year it has been. Demanding but rewarding, with good progress made and great foundations laid…
International Women’s Day: It’s time to harness power of women in technology
As we celebrate International Women’s Day, I hope to be part of a future where barriers that prevent women from competing on a level playing field in the work environment…