A culture of non-accountability, poor cyber hygiene, and limited staff training are creating a storm of cyber risk in governments around the world, leaving many workers worried about the potential for a serious data breach. If not, Ivanti warns.
Security vendor surveyed 800 public sector workers worldwide to find new Government Cybersecurity Status Report.
We found that the “it’s not my job” attitude exposes governments to undue cyber risk. Only one-third of his employees (34%) are aware that their behavior impacts their organization’s security posture. Nearly two-fifths (36%) said they had never reported a phishing email in the past, and one-fifth (21%) said they wouldn’t mind if their organization was hacked.
Ivanti also found that poor security practices are pervasive. 40% said he used the same password for more than a year, a third (34%) said he used the same password on multiple devices, and 12% accessed sensitive information he didn’t need to do his job. I admit that
Younger (Gen Z and Millennial) respondents tended to have poor password hygiene.
Given that an estimated 70% of civil servants work remotely, this is becoming increasingly important.
The government has also failed security tests. According to Ivanti, on average, only 39% of respondents say their employer provides mandatory training, and nearly a third (29%) say their partners or vendors do. No need to complete training.
In addition, 17% of employees say they don’t feel comfortable reporting mistakes they’ve made to security teams.
This is already having an impact, with 5% of respondents saying they’ve fallen victim to a phishing attack by clicking a link or sending money.
Ivanti’s chief product officer, Srinivas Mukkamala, described the situation as an “emergency” given the sensitive data that government officials have access to.
“Government leaders around the world recognize this urgency and are taking steps to combat ransomware and misinformation and protect critical assets and infrastructure,” he added.
“Security teams and governments will continue to face an uphill battle if they fail to focus cybersecurity as a team effort and provide proactive security measures that enable a better employee experience.”
