9 May 2017

Report: Feds more likely to use new tech without considering cybersecurity


by Tony Ware

Over a third of federal employees surveyed have experienced a data breach in the last year, says a new report from information systems security provider Thales and analyst firm 451 Research, contributing to 96 percent of respondents considering themselves vulnerable to threats targeting sensitive data.

While the 2017 Thales Data Threat Report says that those surveyed claim cybersecurity spending is up (rising to 61 percent from 58 in 2016), the old systems, tight budgets, lack of staff and migration of resources to the cloud continue to make the federal government and its focus of network defenses a prime target for cyber crimes.

Nearly three-fourths of U.S. federal survey respondents said their offices had deployed new technologies (involving cloud, big data, internet of things, containers, etc.) without having adequate specialized security measures in place.

Most felt encryption with the option for local key control and tokenization were emerging as prime means to secure sensitive data in these new environments, including SaaS, IaaS and even blockchain. The U.S. federal sector seems more likely to store sensitive data in advanced technologies than the global average except for internet of things, which is seen as less of a focus.

Executive directive seemed to be the top driver of security spending, taking the top spot above compliance, which is starting to be seen as less effective.

A main takeaway from the report is that security remains the main adoption barrier for technologies, but the U.S. public sector is too often found to roll security out in a reactionary fashion following the adoption of technologies.

The report’s recommendations include implementing security during initial development rather than relying on endpoint and network security and move beyond the mere compliance mandates. In addition, adopt encryption and access controls appropriate for all environments beyond laptops and desktops.

The preceding data came from a survey of over 1,100 senior security executives from across the globe conducted during October and November of 2016.

The entire report can be viewed at Thales-Esecurity.com

No comments: