Nearly half of public sector infosec specialists say hackers will get into their networks ‘each and every time they try’
Nearly half of infosec specialists working in the public sector believe cyber attackers will breach their networks “each and every time that they try”, according to new research.
A global survey carried out on behalf of CyberArk – an Israeli cyber security company which has its origins in the nation’s famed military cyber ops Unit 8200 – has revealed that 43% of cyber security professionals working in public sector organisations think attackers can easily penetrate their networks.
The research – carried out among 1,000 IT security decision makers and C-level executives in the US, UK, France, Germany, Israel, Singapore and Australia – reveals that 69% admit that their organisation is susceptible to a carefully-crafted attack, like a tailored phishing email to a senior individual.
Among the findings of the survey, conducted on the organisation’s behalf by Vanson Bourne, was that 47% of respondents reported to having had experienced a cyber attack ‘which impacted the business in the past three years’.
And 78% of public sector respondents said that their organisation ‘prioritised’ cyber security as an important investment for the business.
The top threat actors identified by the respondents in the survey were as follows (comparative data in brackets):
-Hackers – 73% (UK 74% / Global 78%)
-Organised crime – 47% (UK 57% / Global 46%)
-Hacktivists – 47% (UK 46% / Global 46%)
-Privileged insiders – 46% (UK 42% / Global 38%)
Privileged access security was highlighted in the report as a key area for the safe and secure management of all data, with 81% of respondents stating that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured. In terms of those protective measures, relatively few organisations had a privileged access strategy in place for areas like business critical applications (45%), Cloud infrastructure (43%), DevOps (28%) and IoT (32%).
“Organizations are showing increasing understanding of the importance of mitigation along the cyber kill chain and why preventing credential creep and lateral movement is critical to security,” said Adam Bosnian, executive vice president, global business development, CyberArk.
“But this awareness must extend to consistently implementing proactive cybersecurity strategies across all modern infrastructure and applications, specifically reducing privilege-related risk in order to recognize tangible business value from digital transformation initiatives.”
In terms of compliance, 42% of public sector organisations haven’t always fully informed customers when their sensitive data has been compromised as a result of a cyber attack.
Furthermore, 43% of public sector organisations would be willing to pay fines for non-compliance with major regulations, but would not change security policies even after experiencing a successful cyber attack.
The report found that the public sector is the least prepared for data breach notification compliance of all sectors and in terms of GDPR, 43% say they are completely prepared for breach notification and investigation within the mandated 72-hour period.
To register for a copy of the report visit here.
Not a drop wasted: digital cask filling can save the whisky industry millions
Scotland’s food and drink sector is central to the country’s economy. Bringing in around £14 billion every year, it employs more than 115,000 people and accounts for one in five manufacturing…
The value of engineering in the curriculum
If you were to look back at the greatest discoveries in science and technology over the past 30 years, you would soon notice that engineering is a key catalyst for…
Glasgow Council leads the way in digital learning
In 2017, we at Glasgow City Council took the opportunity to overhaul our digital approach to education and redefine learning, keeping in mind the core aim of reducing the impact…
Why data is the new oil
In 2006, British mathematician Clive Humby coined the phrase, “Data is the new oil”. This analogy has been proven correct as data now powers entire industries and holds tremendous value…
Global Entrepreneurship Week offers chance to reset aspirations amid new innovation landscape
With the advent of Global Entrepreneurship Week, it is an opportunity for us to celebrate the innovators, the grassroots risk takers who drive the economy, and those who invest in…
Aberdeenshire leads the way in work-based learning
There has long been debate about the distinction to be drawn between vocational and academic learning. However, in Aberdeenshire Council the focus is on what is best for our learners;…
5G connectivity can ’empower people to restore our planet’
Six years on from the Paris Climate Accords and the world is still getting warmer. We are now seeing first-hand the impact of climate change – the floods and fires…
Cracking the code to offline computational thinking
In our digitally connected world, it can be argued that coding and especially computational thinking have become essential parts of a new ‘computing literacy’ to support traditional literacy. These computational…