88% of government agencies say misconfiguration of cloud services is a top security threat; pre-pandemic, only 25% considered it critical
Netwrix, a cybersecurity vendor that makes data security easy, today announced government market findings from its 2020 Cyber Threats Report. Netwrix conducted this online survey in June 2020 to understand how the pandemic and ensuing work-from-home initiatives changed the IT risk landscape.
With the pandemic, the public sector has become extremely worried about cyberattacks. Nearly all respondents (98%) are now concerned about supply chain compromise, 95% named VPN exploitation as a top threat and 82% cited credential stuffing.
Another drastic shift is related to the misconfiguration of cloud services: 88% of government agencies now say that cloud misconfiguration is a top security threat, while pre-pandemic, only 25% said it was critical. However, only 11% of incidents reported during the first three months of the pandemic were actually caused by this scenario.
In reality, most incidents during this time period involved the human factor: 53% of respondents said they experienced at least one phishing attack, and 18% reported insecure sharing of sensitive data. What’s particularly troubling is that improper data sharing was especially hard for government agencies to spot: nearly all organizations needed days (42%), weeks (32%) or even months (21%) to detect it.
Other findings discovered by the survey include:
- 29% of government agencies feel that they are at greater security risk now than they were before the pandemic. 86% of them are worried about stronger or more frequent cyberattacks, which is the highest percentage among all the verticals studied in the report.
- Concern about VPN exploitation grew from 10% pre-pandemic to 95% now.
- 26% of government agencies reported experiencing ransomware or other malware.
- 6% experienced data theft by employees. None was able to spot it in minutes and only 5% were able to flag the incident in hours. The rest (95%) required days, weeks or months.
Government agencies should focus their cybersecurity efforts on mitigating the insider threat, especially when many employees and contractors are accessing the networks remotely. Organizations must ensure that every user understands basic cybersecurity rules and completes security training on a regular schedule. IT teams should look for solutions to speed threat detection and streamline incident investigation. In addition, they should follow proven security best practices like network segmentation, privilege attestation, continuous auditing for malicious activity across data repositories, and alerting on suspicious activity and changes.
Ilia Sotnikov, VP of Product Management at Netwrix
To get the complete findings of the Netwrix 2020 Cyber Threats Report, please visit: www.netwrix.com/2020_cyber_threats_report.html
Netwrix makes data security easy thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 11,500 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.
Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.
For more information, visit www.netwrix.com.
Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.
Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170