US Federal Government Overwhelmingly Vulnerable to Breaches

When it comes to data breaches, 34% of US federal government respondents have experienced one in the last year, according to new survey data.

According to the 2017 Thales Data Threat Report, Federal Edition, issued in conjunction with analyst firm 451 Research, 65% of governmental organizations have experienced a data breach at some point. Almost all (96%) consider themselves ‘vulnerable’, with half (48%) stating they are ‘very’ or ‘extremely’ vulnerable.

About 53% of federal respondents cite lack of budget and lack of staff (also 53%) as the top reasons for data insecurity. That’s translating into action: About 61% of US federal respondents also said they’re increasing security spending this year—up from last year’s 58% figure.

But when compared to other industries this number is markedly lower (81% of healthcare respondents, 77% of retail respondents and 78% of financial services respondents claim to have increased spending).  

“The US federal government is racing to boost data security against odds not generally faced in the private sector today,” said Garrett Bekker, principal analyst for Information Security at 451 Research. “A major challenge in securing the far-flung systems in the US federal government is the plethora of aging legacy systems still in place, with one example being a 53-year-old Strategic Automated Command and Control System at the Department of Defense that coordinates US nuclear forces and uses 8-inch floppy disks. In short, this ‘perfect storm’ of very old systems, tight budgets and being a prime cybercrime target has created a stressful environment.”

Pressures to use advanced technologies (cloud, Big Data, internet of things (IoT) and containers) are only making the problem worse. While 92% of federal respondents will use sensitive data in an advanced technology environment this year, 71% of federal respondents believe this will occur without proper security in place.

On a positive note, encryption is cited as the top data security control (60%) for ensuring data privacy and enabling digital transformation through the use of advanced technologies. Additionally, 73% of respondents would increase their cloud service deployments if offered data encryption in the cloud (with federal agencies maintaining control of the keys). Sixty-three percent of respondents also list data encryption as the first choice for enabling further IoT deployments, and 55% cite encryption as the top security control for increasing container adoption.

“US federal agencies are fighting an uphill data security battle. In addition to the issues cited, the federal sector has one of the most hopeful views of compliance, with 64% of respondents viewing it as ‘very’ or ‘extremely’ effective in preventing data breaches,” Peter Galvin, VP of strategy, Thales e-Security. “As the breach count rises, it’s fair to question whether meeting compliance mandates are enough. There is encouraging news, however. Like their private sector peers, public sector IT employees are clearly interested in digital transformation through the use of new technologies. This innovation is admirable, but it must be paired with increased data security.”

What’s Hot on Infosecurity Magazine?