Ivanti
announced the results of its Government Cybersecurity Status Report.
Ivanti worked with cybersecurity experts and surveyed more than 800
government workers globally to understand the attitudes and actions of
government workers when it comes to cybersecurity.
The report revealed that hybrid work has opened up yet another frontier
of vulnerability, with 70% of government workers reporting they work
virtually at least some of the time. The proliferation of devices,
users, and locations adds complexity and new vulnerabilities for
government security teams to tackle - while also combatting increasingly
sophisticated threat actors.
With generative AI making phishing emails increasingly more realistic,
the human-sized gaps in cybersecurity are placing government agencies
and organizations at increasing risk of a successful ransomware attack.
The report found that 5% of government workers have fallen victim to a
phishing attempt - either by clicking a link or sending money.
According to the report, a "not my job" attitude is contributing to the security risk for the public sector:
-
34% of government employees do not believe their actions impact their organization's ability to stay safe
-
17% don't feel safe reporting security mistakes they've made to the cybersecurity team
-
36% did not report a phishing email they received at work
-
Alarmingly, 21% don't care if their organization gets hacked
"We are in a state of urgency when it comes to securing critical
infrastructure, along with public sector employees and the extremely
sensitive data they have access to," said Srinivas Mukkamala, Chief
Product Officer at Ivanti. "Government leaders around the world have
recognized this urgency and are taking steps to combat ransomware,
misinformation, and to protect their critical assets and infrastructure.
If we don't focus on cybersecurity as a team effort and provide
proactive security measures that enable a better employee experience,
security teams and governments will continue to face an uphill battle."
The report also revealed that Gen Z and Millennials are not savvier than
Gen X or Baby Boomers when it comes to password security and
mismanagement. In fact, Gen Z and Millennial government workers are more
than twice as likely to reuse passwords between home and use the same
password across multiple devices and logins. Employees in all industries
and generations continue to use sticky notes, pet names, birthdays, and
the favorite unbreakable code: ‘12345.'
Cybersecurity and automation provide powerful frontline protection for
government organizations - but security teams need to evaluate new
policies or technologies through the lens of digital employee
experience, to ensure that employees don't seek ways around the
so-called solution. With just 27% of government workers saying they feel
"very prepared" to recognize and report threats like malware at work,
it is vital for organizations to focus on improving the digital employee
experience so that they don't have to rely on an employee's ability to
recognize a threat.
Misinformation and ransomware can wreak havoc on public safety, global
commerce and diplomacy - and even cost lives. Government organizations
are particularly vulnerable, because they hold the keys to systems and
messages that threat actors want to disrupt and exploit. It's critical
to futureproof our governments and agencies in comparative "peacetime"
as many organizations take critical steps after a catastrophic attack.
You can read more of the takeaways from this report here.