Public sector organisations vulnerable to cyber attacks
Nearly half of security professionals at public sector organisations across seven markets including Australia say attackers will breach their network every time they try, new research from CyberArk indicates.
A survey of security professionals in Australia, the UK, the US, France, Germany, Israel and Singapore found that 47% of public sector respondents have experienced at least one cyber attack that impacted operations during the past three years.
More than two-thirds (68%) of respondents from the sector admit that their organisation is susceptible to a carefully targeted attack.
The greatest public sector security risks are considered to be ransomware or malware (60%), phishing or other external attacks (57%), cloud security risks (42%), excess administrative privileges (41%), insider threats (41%), shadow IT practices (38%) and unmanaged privileged access (37%).
But while 81% of respondents agree that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured, only 45% have a privileged access security strategy in place for protecting business-critical applications, and only 41% have such a strategy for cloud infrastructure.
The report did find that public sector organisations are increasingly aware of cyber risks, with 78% of respondents stating that their organisation has prioritised cybersecurity as an important investment for the business.
But despite this, the public sector was the least prepared for complying with data breach notification regulations of all sectors covered in the report. For example, only 36% reported being prepared to issue a data breach notification within the 72-hour window mandated by the EU’s General Data Protection Regulation (GDPR).
In addition, 36% of public sector organisations would be willing to pay fines for non-compliance with major regulations but would not change security policies even after experiencing a successful cyber attack.
Frameworks for data sharing, as opposed to data release, need to be developed to preserve...
The US Government Accountability Office (GAO) has uncovered major issues during an audit of 23...
The merger between or reshuffling of functions of two public sector organisations provides a...