Thales released in conjunction with analyst firm 451 Research its second annual data security research brief 2017 Thales Data Threat Report, Federal Edition. The report indicated that ninety six percent of federal workers consider themselves “very” or “extremely” vulnerable to data breaches. This number is higher than any other sector polled by the report.
Despite their high feeling of vulnerability, U.S. federal respondents are spending less on security than other sectors, although their spending is up three percent from last year. Fifty three percent of federal respondents cited tight budgets, lack of cyber expertise, and limited staff as the top reasons for data insecurity.
The need to adopt advanced technology like the cloud, Big Data, and loT has Federal workers feeling insecure, as 71 percent of federal respondents believe these technologies are being adopted without proper security in place.
“This ‘perfect storm’ of very old systems, tight budgets and being a prime cyber-crime target has created a stressful environment,” said Garrett Bekker, principal analyst for Information Security at 451 Research, who noted that these odds are generally not faced in the private sector.
“A major challenge in securing the far-flung systems in the U.S. federal government is the plethora of aging legacy systems still in place, with one example being a 53 year-old Strategic Automated Command and Control System at the Department of Defense that coordinates U.S. nuclear forces and uses 8-inch floppy disks,” said Bekker.
Encryption is cited in the report as the top data security control, with 60 percent of federal workers reporting that they’re using this to ensure data privacy. In general, given their high threat level, federal workers may have an overly rosy view of their security protocol compliance.
The Thales report offers the following recommendations to federal agencies that are looking to update to advanced technologies:
• They should deploy “security tool sets that offer services-based deployments, platforms and automation,”
• Discover and classify “the location of sensitive data within cloud, SaaS, big data, IoT and container environments,”
• Leverage “encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies.”
In an interview with GovConWire, Wayne Lewandowski, Vice President of US Federal at Thales e-Security, likened data security to that of banks. Given the number of cyber-criminals and their constant targeting, it’s safe to say that there will be breaches — but the most important thing is to keep the criminals from the vault, or the most valuable data, by maintaining practices that keep data and information secure. The most sensitive data should be restricted to only those people that really need it, not open to all users, and in particular privileged users such as sysadmin or Root Users.
“The Thales Data Threat Report for US Public Sector demonstrates once again that federal agencies continue to be the largest target of any sector for criminal exploits. We are excited to partner with our government constituents to bring the recognized need for encryption, key management and policy controls to defend critical data,” Lewandowski told GovConWire.