Government agencies see misconfigured cloud services as top security threat

Netwrix report states public sector is most concerned about external threats

A cloud connected to electronic devices

Netwrix, a cybersecurity vendor that focuses on data security, released its 2020 Cyber Threats Report. In June 2020, the company did an online survey to determine how the pandemic and employees working from home affected IT risk. 

According to the report, the public sector is most concerned about cyberattacks. This included supply chain compromise (98%), VPN exploitation (95%), and credential stuffing (82%). The vast majority, 88%, of government agencies view cloud misconfiguration as a top security threat, while only 25% of agencies felt this way before the pandemic. Despite the growing concern, only 11% of incidents resulted from cloud misconfiguration during the first three months of the COVID-19 outbreak.

The human element has been the cause of most incidents during the pandemic, as 53% of respondents experienced a phishing attack and 18% suffered insecure sharing of insensitive data. Government agencies had difficulty detecting improper data sharing, as 42% needed days, 32% required weeks, and 21% required months to identify the issue.

According to the report:

  • More than one-quarter (29%) of government agencies feel security risk has increased since the start of the pandemic, while 86% are concerned about more frequent or stronger cyberattacks 
  • Concern about VPN exploitation has increased from 10% before the pandemic to 95% today 
  • About one-quarter (26%) of government agencies experienced ransomware or other malware
  • Employees were involved in data theft for 6% of respondents, and only 5% were able to identify the incident within hours. 

"Government agencies should focus their cybersecurity efforts on mitigating the insider threat, especially when many employees and contractors are accessing the networks remotely,” said Ilia Sotnikov, VP of product management at Netwrix. 

Related Resource

Improving cyber security for remote working

13 recommendations for security from any location

Download now

“Organizations must ensure that every user understands basic cybersecurity rules and completes security training on a regular schedule. IT teams should look for solutions to speed threat detection and streamline incident investigation. In addition, they should follow proven security best practices like network segmentation, privilege attestation, continuous auditing for malicious activity across data repositories, and alerting on suspicious activity and changes.”

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021

Most Popular

Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
I went shopping at Amazon’s till-less supermarket so that you don’t have to
automation

I went shopping at Amazon’s till-less supermarket so that you don’t have to

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021